forked from jaedb/spotmop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathspotmop.php
187 lines (132 loc) · 5.27 KB
/
spotmop.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
<?php
// allow cross-domain requests
header("Access-Control-Allow-Origin: *");
$url = 'http://jamesbarnsley.co.nz/spotmop.php';
if( isset($_GET['app']) )
setcookie( 'spotmop_app', $_GET['app'], time()+3600 );
/* ================================================================================= INIT ================ */
/* ======================================================================================================= */
// we've just completed authorization, now create credentials (access_token, etc)
if( isset($_GET['code']) ){
// go get our credentials
$response = getToken( $_GET['code'], $url );
$responseArray = json_decode( $response, true );
// add our code to the array of credentials, etc
$responseArray['authorization_code'] = $_GET['code'];
$response = json_encode($responseArray);
// make sure we have a successful response
if( !isset($responseArray['access_token']) ){
echo 'Error!';
die();
}
// send our data back to Spotmop
?>
<script type="text/javascript">
window.opener.postMessage( '<?php echo $response ?>', "*");
window.close();
</script>
<?php
// refresh existing token
}else if( isset($_GET['action']) && $_GET['action'] == 'refresh' && $_GET['refresh_token'] ){
header('Content-Type: application/json');
$response = refreshToken( $_GET['refresh_token'] );
// parse our response code to our response
header(' ', true, $response['response_code'] );
// create the body of our response
echo $response['exec'];
die();
// fresh authentication, so let's get one
}else if( isset($_GET['action']) && $_GET['action'] == 'authorize' ){
getAuthorizationCode( $url );
}
/* ================================================================================= GETTERS ============= */
/* ======================================================================================================= */
/**
* Acquire an authorization code.
*
* This is what connects an account's authorization for this app to use their account
* for future tokens and queries. Redirects to Spotify.
* @param $url = redirect url (this script)
*/
function getAuthorizationCode( $url ){
$popup = 'https://accounts.spotify.com/authorize?client_id=a87fb4dbed30475b8cec38523dff53e2&redirect_uri='.$url.'&scope=playlist-modify-private%20playlist-modify-public%20playlist-read-private%20playlist-modify-private%20user-library-read%20user-library-modify%20user-follow-modify%20user-follow-read%20user-top-read&response_type=code&show_dialog=true';
?>
<script tye="text/javascript">
// open an authentication request window (to spotify)
var spotmopWindow = window.open("<?php echo $popup ?>","spotmop","height=680,width=400");
// listen for incoming messages from the popup
window.addEventListener('message', function(event){
// only allow incoming data from our authentication proxy site
if( event.origin !== "http://jamesbarnsley.co.nz" )
return false;
// pass the message on to the Angular application
window.parent.postMessage( event.data, '*' );
}, false);
</script>
<?php
}
/*
* Get a new access token
* Creates a request to Spotify, which returns a new access_token, refresh_token and token_expiry object
* @param $code = string
* @param $url = redirect url (this script)
*/
function getToken( $code, $url ){
$ch = curl_init();
if (FALSE === $ch)
throw new Exception('Failed to initialize');
$post_data = array(
'client_id' => 'a87fb4dbed30475b8cec38523dff53e2',
'client_secret' => 'd7c89d0753ef4068bba1678c6cf26ed6',
'grant_type' => 'authorization_code',
'code' => $code,
'redirect_uri' => $url
);
curl_setopt($ch, CURLOPT_URL,"https://accounts.spotify.com/api/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if(curl_errno($ch)){
echo 'CURL Error: '. curl_error($ch);
}
curl_close($ch);
return $response;
}
/*
* Refresh a token
* Creates a request to Spotify, which returns a new access_token, refresh_token and token_expiry object
* @var $refresh_token = string
*/
function refreshToken($refresh_token){
$ch = curl_init();
$post_data = array(
'client_id' => 'a87fb4dbed30475b8cec38523dff53e2',
'client_secret' => 'd7c89d0753ef4068bba1678c6cf26ed6',
'grant_type' => 'refresh_token',
'refresh_token' => $refresh_token
);
curl_setopt($ch, CURLOPT_URL,"https://accounts.spotify.com/api/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$exec = curl_exec($ch);
$info = curl_getinfo($ch);
$response = array(
'exec' => $exec,
'response_code' => $info['http_code']
);
curl_close ($ch);
return $response;
}