Add support for custom anonymous & account token endpoint in Spotify integration (#286)

Author: topi314

README.md

@@ -129,7 +129,8 @@ plugins:
       albumLoadLimit: 6 # The number of pages at 50 tracks each
       resolveArtistsInSearch: true # Whether to resolve artists in track search results (can be slow)
       localFiles: false # Enable local files support with Spotify playlists. Please note `uri` & `isrc` will be `null` & `identifier` will be `"local"`
-      preferAnonymousToken: true # Whether to use the anonymous token for resolving tracks, artists and albums. Playlists are always resolved with the anonymous token to support autogenerated playlists.
+      preferAnonymousToken: false # Whether to use the anonymous token for resolving tracks, artists and albums. Spotify generated playlists are always resolved with the anonymous tokens since they do not work otherwise. This requires the customTokenEndpoint to be set.
+      customTokenEndpoint: "http://localhost:8080/api/token" # Optional custom endpoint for getting the anonymous token. If not set, spotify's default endpoint will be used which might not work. The response must match spotify's anonymous token response format.
     applemusic:
       countryCode: "US" # the country code you want to use for filtering the artists top tracks and language. See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
       mediaAPIToken: "your apple music api token" # apple music api token
@@ -289,11 +290,13 @@ PATCH /v4/lavasrc/config
 
 ##### Spotify Config Object
 
-| Field         | Type   | Description              |
-|---------------|--------|--------------------------|
-| ?clientId     | string | The Spotify clientId     |
-| ?clientSecret | string | The Spotify clientSecret |
-| ?spDc         | string | The Spotify spDc cookie  |
+| Field                 | Type    | Description                                                                 |
+|-----------------------|---------|-----------------------------------------------------------------------------|
+| ?clientId             | string  | The Spotify clientId                                                        |
+| ?clientSecret         | string  | The Spotify clientSecret                                                    |
+| ?spDc                 | string  | The Spotify spDc cookie                                                     |
+| ?preferAnonymousToken | boolean | Whether to use the anonymous token for resolving tracks, artists and albums |
+| ?customTokenEndpoint  | string  | The custom endpoint for getting the anonymous token                         |
 
 ##### Apple Music Config Object
 
@@ -347,7 +350,9 @@ PATCH /v4/lavasrc/config
   "spotify": {
     "clientId": "your client id",
     "clientSecret": "your client secret",
-    "spDc": "your sp dc cookie"
+    "spDc": "your sp dc cookie", 
+    "preferAnonymousToken": false,
+    "customTokenEndpoint": "http://localhost/api/token"
   },
   "applemusic": {
     "mediaAPIToken": "your apple music api token"
@@ -466,6 +471,12 @@ var spotify = new SpotifySourceManager(clientId, clientSecret, spDc, countryCode
 playerManager.registerSourceManager(spotify);
 ```
 
+#### Access Tokens
+
+Getting anonymous & account access tokens is generally optional but required if you want to resolve spotify generated playlists or lyrics.
+
+You can use a service such as [Spotify Tokener](https://github.com/topi314/spotify-tokener) via the `customTokenEndpoint` option to support those.
+
 #### LavaLyrics
 
 <details>

application.example.yml

@@ -33,7 +33,8 @@ plugins:
       albumLoadLimit: 6 # The number of pages at 50 tracks each
       resolveArtistsInSearch: true # Whether to resolve artists in track search results (can be slow)
       localFiles: false # Enable local files support with Spotify playlists. Please note `uri` & `isrc` will be `null` & `identifier` will be `"local"`
-      preferAnonymousToken: true # Whether to use the anonymous token for resolving tracks, artists and albums. Playlists are always resolved with the anonymous token to support autogenerated playlists.
+      preferAnonymousToken: false # Whether to use the anonymous token for resolving tracks, artists and albums. Spotify generated playlists are always resolved with the anonymous tokens since they do not work otherwise. This requires the customTokenEndpoint to be set.
+      customTokenEndpoint: "http://localhost:8080/api/token" # Optional custom endpoint for getting the anonymous token. If not set, spotify's default endpoint will be used which might not work. The response must match spotify's anonymous token response format.
     applemusic:
       countryCode: "US" # the country code you want to use for filtering the artists top tracks and language. See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
       mediaAPIToken: "your apple music api token" # apple music api token

main/src/main/java/com/github/topi314/lavasrc/spotify/SpotifySourceManager.java

@@ -1,3 +1,4 @@
+
 package com.github.topi314.lavasrc.spotify;
 
 import com.github.topi314.lavalyrics.AudioLyricsManager;
@@ -86,9 +87,13 @@ public SpotifySourceManager(String clientId, String clientSecret, String spDc, S
 	}
 
 	public SpotifySourceManager(String clientId, String clientSecret, boolean preferAnonymousToken, String spDc, String countryCode, Function<Void, AudioPlayerManager> audioPlayerManager, MirroringAudioTrackResolver mirroringAudioTrackResolver) {
+		this(clientId, clientSecret, preferAnonymousToken, null, spDc, countryCode, audioPlayerManager, mirroringAudioTrackResolver);
+	}
+
+	public SpotifySourceManager(String clientId, String clientSecret, boolean preferAnonymousToken, String customTokenEndpoint, String spDc, String countryCode, Function<Void, AudioPlayerManager> audioPlayerManager, MirroringAudioTrackResolver mirroringAudioTrackResolver) {
 		super(audioPlayerManager, mirroringAudioTrackResolver);
 
-		this.tokenTracker = new SpotifyTokenTracker(this, clientId, clientSecret, spDc);
+		this.tokenTracker = new SpotifyTokenTracker(this, clientId, clientSecret, spDc, customTokenEndpoint);
 
 		if (countryCode == null || countryCode.isEmpty()) {
 			countryCode = "US";
@@ -125,6 +130,10 @@ public void setPreferAnonymousToken(boolean preferAnonymousToken) {
 		this.preferAnonymousToken = preferAnonymousToken;
 	}
 
+	public void setCustomTokenEndpoint(String customTokenEndpoint) {
+		this.tokenTracker.setCustomTokenEndpoint(customTokenEndpoint);
+	}
+
 	@NotNull
 	@Override
 	public String getSourceName() {
@@ -180,7 +189,7 @@ public AudioLyrics getLyrics(String id) throws IOException {
 		var request = new HttpGet(CLIENT_API_BASE + "color-lyrics/v2/track/" + id + "?format=json&vocalRemoval=false");
 		request.setHeader("User-Agent", USER_AGENT);
 		request.setHeader("App-Platform", "WebPlayer");
-		request.setHeader("Authorization", "Bearer " + this.tokenTracker.getAccountToken());
+		request.setHeader("Authorization", "Bearer " + this.tokenTracker.getAccountAccessToken());
 		var json = LavaSrcTools.fetchResponseAsJson(this.httpInterfaceManager.getInterface(), request);
 		if (json == null) {
 			return null;
@@ -420,7 +429,10 @@ public AudioItem getAlbum(String id, boolean preview) throws IOException {
 	}
 
 	public AudioItem getPlaylist(String id, boolean preview) throws IOException {
-		var json = this.getJson(API_BASE + "playlists/" + id, true, false);
+		// autogenerated playlists seem to start with "37i9dQZ" and are not accessible without an anonymous token lol
+		var anonymous = id.startsWith("37i9dQZ");
+
+		var json = this.getJson(API_BASE + "playlists/" + id, anonymous, this.preferAnonymousToken);
 		if (json == null) {
 			return AudioReference.NO_TRACK;
 		}
@@ -430,7 +442,7 @@ public AudioItem getPlaylist(String id, boolean preview) throws IOException {
 		var offset = 0;
 		var pages = 0;
 		do {
-			page = this.getJson(API_BASE + "playlists/" + id + "/tracks?limit=" + PLAYLIST_MAX_PAGE_ITEMS + "&offset=" + offset, true, false);
+			page = this.getJson(API_BASE + "playlists/" + id + "/tracks?limit=" + PLAYLIST_MAX_PAGE_ITEMS + "&offset=" + offset, anonymous, this.preferAnonymousToken);
 			offset += PLAYLIST_MAX_PAGE_ITEMS;
 
 			for (var value : page.get("items").values()) {

main/src/main/java/com/github/topi314/lavasrc/spotify/SpotifyTokenTracker.java

@@ -27,7 +27,6 @@
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.List;
-import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 public class SpotifyTokenTracker {
@@ -42,17 +41,23 @@ public class SpotifyTokenTracker {
 	private String accessToken;
 	private Instant expires;
 
+	private String customTokenEndpoint;
 	private String anonymousAccessToken;
 	private Instant anonymousExpires;
 
 	private String spDc;
-	private String accountToken;
-	private Instant accountTokenExpire;
+	private String accountAccessToken;
+	private Instant accountAccessTokenExpire;
 
 	public SpotifyTokenTracker(SpotifySourceManager source, String clientId, String clientSecret, String spDc) {
+		this(source, clientId, clientSecret, spDc, null);
+	}
+
+	public SpotifyTokenTracker(SpotifySourceManager source, String clientId, String clientSecret, String spDc, String customTokenEndpoint) {
 		this.sourceManager = source;
 		this.clientId = clientId;
 		this.clientSecret = clientSecret;
+		this.customTokenEndpoint = customTokenEndpoint;
 
 		if (!hasValidCredentials()) {
 			log.debug("Missing/invalid credentials, falling back to public token.");
@@ -72,6 +77,14 @@ public void setClientIDS(String clientId, String clientSecret) {
 		this.expires = null;
 	}
 
+	public void setCustomTokenEndpoint(String customTokenEndpoint) {
+		this.customTokenEndpoint = customTokenEndpoint;
+		this.anonymousAccessToken = null;
+		this.anonymousExpires = null;
+		this.accountAccessToken = null;
+		this.accountAccessTokenExpire = null;
+	}
+
 	private boolean hasValidCredentials() {
 		return clientId != null && !clientId.isEmpty() && clientSecret != null && !clientSecret.isEmpty();
 	}
@@ -125,11 +138,11 @@ private void refreshAnonymousAccessToken() throws IOException {
 
 		var json = LavaSrcTools.fetchResponseAsJson(sourceManager.getHttpInterface(), request);
 		if (json == null) {
-			throw new RuntimeException("No response from Spotify API");
+			throw new RuntimeException("No response from Spotify API while fetching anonymous access token.");
 		}
 		if (!json.get("error").isNull()) {
 			var error = json.get("error").text();
-			throw new RuntimeException("Error while fetching access token: " + error);
+			throw new RuntimeException("Error while fetching anonymous access token: " + error);
 		}
 
 		anonymousAccessToken = json.get("accessToken").text();
@@ -138,36 +151,39 @@ private void refreshAnonymousAccessToken() throws IOException {
 
 	public void setSpDc(String spDc) {
 		this.spDc = spDc;
-		this.accountToken = null;
-		this.accountTokenExpire = null;
+		this.accountAccessToken = null;
+		this.accountAccessTokenExpire = null;
 	}
 
-	public String getAccountToken() throws IOException {
-		if (this.accountToken == null || this.accountTokenExpire == null || this.accountTokenExpire.isBefore(Instant.now())) {
+	public String getAccountAccessToken() throws IOException {
+		if (this.accountAccessToken == null || this.accountAccessTokenExpire == null || this.accountAccessTokenExpire.isBefore(Instant.now())) {
 			synchronized (this) {
-				if (this.accountToken == null || this.accountTokenExpire == null || this.accountTokenExpire.isBefore(Instant.now())) {
+				if (this.accountAccessToken == null || this.accountAccessTokenExpire == null || this.accountAccessTokenExpire.isBefore(Instant.now())) {
 					log.debug("Account token is invalid or expired, refreshing token...");
-					this.refreshAccountToken();
+					this.refreshAccountAccessToken();
 				}
 			}
 		}
-		return this.accountToken;
+		return this.accountAccessToken;
 	}
 
-	public void refreshAccountToken() throws IOException {
+	public void refreshAccountAccessToken() throws IOException {
 		var request = new HttpGet(generateGetAccessTokenURL());
 		request.addHeader("App-Platform", "WebPlayer");
 		request.addHeader("Cookie", "sp_dc=" + this.spDc);
 
 		try {
 			var json = LavaSrcTools.fetchResponseAsJson(this.sourceManager.getHttpInterface(), request);
+			if (json == null) {
+				throw new RuntimeException("No response from Spotify API while fetching account access token.");
+			}
 			if (!json.get("error").isNull()) {
-				String error = json.get("error").text();
+				var error = json.get("error").text();
 				log.error("Error while fetching account token: {}", error);
-				throw new RuntimeException("Error while fetching account token: " + error);
+				throw new RuntimeException("Error while fetching account access token: " + error);
 			}
-			this.accountToken = json.get("accessToken").text();
-			this.accountTokenExpire = Instant.ofEpochMilli(json.get("accessTokenExpirationTimestampMs").asLong(0));
+			this.accountAccessToken = json.get("accessToken").text();
+			this.accountAccessTokenExpire = Instant.ofEpochMilli(json.get("accessTokenExpirationTimestampMs").asLong(0));
 		} catch (IOException e) {
 			log.error("Account token refreshing failed.", e);
 			throw new RuntimeException("Account token refreshing failed", e);
@@ -178,50 +194,23 @@ public boolean hasValidAccountCredentials() {
 		return this.spDc != null && !this.spDc.isEmpty();
 	}
 
-	public static String generateTOTP(String secret, int period, int digits) {
-		long time = System.currentTimeMillis() / 1000 / period;
-		ByteBuffer buffer = ByteBuffer.allocate(8);
-		buffer.putLong(time);
-		byte[] timeBytes = buffer.array();
-
-		try {
-			SecretKeySpec keySpec = new SecretKeySpec(hexStringToByteArray(secret), "HmacSHA1");
-			Mac mac = Mac.getInstance("HmacSHA1");
-			mac.init(keySpec);
-			byte[] hash = mac.doFinal(timeBytes);
-			int offset = hash[hash.length - 1] & 0xF;
-			int binary = ((hash[offset] & 0x7F) << 24) | ((hash[offset + 1] & 0xFF) << 16) |
-				((hash[offset + 2] & 0xFF) << 8) | (hash[offset + 3] & 0xFF);
-			int otp = binary % (int) Math.pow(10, digits);
-			return String.format("%0" + digits + "d", otp);
-		} catch (NoSuchAlgorithmException | InvalidKeyException e) {
-			throw new RuntimeException("Error generating TOTP", e);
+	private String generateGetAccessTokenURL() throws IOException {
+		if (this.customTokenEndpoint != null && !this.customTokenEndpoint.isBlank()) {
+			return this.customTokenEndpoint;
 		}
-	}
 
-	public static byte[] extractSecret(CloseableHttpClient client, String scriptUrl) throws IOException {
-		HttpGet scriptRequest = new HttpGet(scriptUrl);
-		try (CloseableHttpResponse scriptResponse = client.execute(scriptRequest)) {
-			String scriptContent = EntityUtils.toString(scriptResponse.getEntity());
-
-			Matcher matcher = SECRET_PATTERN.matcher(scriptContent);
-			if (matcher.find()) {
-				String secretArrayString = matcher.group(1);
-				String[] secretArray = secretArrayString.split(",");
-				byte[] secretByteArray = new byte[secretArray.length];
-				for (int i = 0; i < secretArray.length; i++) {
-					secretByteArray[i] = (byte) Integer.parseInt(secretArray[i].trim());
-				}
-
-				return secretByteArray;
-			} else {
-				log.error("No secret array found in script: {}", scriptUrl);
-				return null;
-			}
+		var secret = requestSecret();
+		if (secret == null) {
+			throw new IOException("Failed to retrieve secret from Spotify.");
 		}
+		var transformedSecret = convertArrayToTransformedByteArray(secret);
+		var hexSecret = toHexString(transformedSecret);
+		var totp = generateTOTP(hexSecret, 30, 6);
+		var ts = System.currentTimeMillis();
+		return "https://open.spotify.com/api/token?reason=init&productType=web-player&totp=" + totp + "&totpVer=7&ts=" + ts;
 	}
 
-	public static byte[] requestSecret() throws IOException {
+	private byte[] requestSecret() throws IOException {
 		String homepageUrl = "https://open.spotify.com/";
 		String scriptPattern = "mobile-web-player";
 
@@ -263,19 +252,50 @@ public static byte[] requestSecret() throws IOException {
 		return null;
 	}
 
-	public static String generateGetAccessTokenURL() throws IOException {
-		var secret = requestSecret();
-		if (secret == null) {
-			throw new IOException("Failed to retrieve secret from Spotify.");
+	private static String generateTOTP(String secret, int period, int digits) {
+		var time = System.currentTimeMillis() / 1000 / period;
+		var buffer = ByteBuffer.allocate(8);
+		buffer.putLong(time);
+		var timeBytes = buffer.array();
+
+		try {
+			var keySpec = new SecretKeySpec(hexStringToByteArray(secret), "HmacSHA1");
+			var mac = Mac.getInstance("HmacSHA1");
+			mac.init(keySpec);
+			var hash = mac.doFinal(timeBytes);
+			var offset = hash[hash.length - 1] & 0xF;
+			var binary = ((hash[offset] & 0x7F) << 24) | ((hash[offset + 1] & 0xFF) << 16) |
+				((hash[offset + 2] & 0xFF) << 8) | (hash[offset + 3] & 0xFF);
+			var otp = binary % (int) Math.pow(10, digits);
+			return String.format("%0" + digits + "d", otp);
+		} catch (NoSuchAlgorithmException | InvalidKeyException e) {
+			throw new RuntimeException("Error generating TOTP", e);
+		}
+	}
+
+	private static byte[] extractSecret(CloseableHttpClient client, String scriptUrl) throws IOException {
+		var scriptRequest = new HttpGet(scriptUrl);
+		try (var scriptResponse = client.execute(scriptRequest)) {
+			var scriptContent = EntityUtils.toString(scriptResponse.getEntity());
+
+			var matcher = SECRET_PATTERN.matcher(scriptContent);
+			if (matcher.find()) {
+				var secretArrayString = matcher.group(1);
+				var secretArray = secretArrayString.split(",");
+				byte[] secretByteArray = new byte[secretArray.length];
+				for (int i = 0; i < secretArray.length; i++) {
+					secretByteArray[i] = (byte) Integer.parseInt(secretArray[i].trim());
+				}
+
+				return secretByteArray;
+			} else {
+				log.error("No secret array found in script: {}", scriptUrl);
+				return null;
+			}
 		}
-		byte[] transformedSecret = convertArrayToTransformedByteArray(secret);
-		var hexSecret = toHexString(transformedSecret);
-		var totp = generateTOTP(hexSecret, 30, 6);
-		long ts = System.currentTimeMillis();
-		return "https://open.spotify.com/api/token?reason=init&productType=web-player&totp=" + totp + "&totpVer=7&ts=" + ts;
 	}
 
-	public static byte[] convertArrayToTransformedByteArray(byte[] array) {
+	private static byte[] convertArrayToTransformedByteArray(byte[] array) {
 		byte[] transformed = new byte[array.length];
 		for (int i = 0; i < array.length; i++) {
 			// XOR with dat transform
@@ -284,7 +304,7 @@ public static byte[] convertArrayToTransformedByteArray(byte[] array) {
 		return transformed;
 	}
 
-	public static String toHexString(byte[] transformed) {
+	private static String toHexString(byte[] transformed) {
 		StringBuilder joinedString = new StringBuilder();
 		for (byte b : transformed) {
 			joinedString.append(b);

plugin/src/main/java/com/github/topi314/lavasrc/plugin/LavaSrcPlugin.java

@@ -68,7 +68,7 @@ public LavaSrcPlugin(
 		this.lyricsSourcesConfig = lyricsSourcesConfig;
 
 		if (sourcesConfig.isSpotify() || lyricsSourcesConfig.isSpotify()) {
-			this.spotify = new SpotifySourceManager(spotifyConfig.getClientId(), spotifyConfig.getClientSecret(), spotifyConfig.isPreferAnonymousToken(), spotifyConfig.getSpDc(), spotifyConfig.getCountryCode(), unused -> manager, new DefaultMirroringAudioTrackResolver(pluginConfig.getProviders()));
+			this.spotify = new SpotifySourceManager(spotifyConfig.getClientId(), spotifyConfig.getClientSecret(), spotifyConfig.isPreferAnonymousToken(), spotifyConfig.getCustomTokenEndpoint(), spotifyConfig.getSpDc(), spotifyConfig.getCountryCode(), unused -> manager, new DefaultMirroringAudioTrackResolver(pluginConfig.getProviders()));
 			if (spotifyConfig.getPlaylistLoadLimit() > 0) {
 				this.spotify.setPlaylistPageLimit(spotifyConfig.getPlaylistLoadLimit());
 			}
@@ -276,6 +276,9 @@ public void updateConfig(@RequestBody Config config) {
 			if (spotifyConfig.getPreferAnonymousToken() != null) {
 				this.spotify.setPreferAnonymousToken(spotifyConfig.getPreferAnonymousToken());
 			}
+			if (spotifyConfig.getCustomTokenEndpoint() != null) {
+				this.spotify.setCustomTokenEndpoint(spotifyConfig.getCustomTokenEndpoint());
+			}
 		}
 
 		var appleMusicConfig = config.getAppleMusic();