FEAT: added experimental Spotify module for access to Spotify's Web API using OAuth2 authorization mechanism

Author: Oldes

src/boot/version.reb

@@ -1 +1 @@
-3.1.1.3.1
+3.1.2.3.1

src/modules/spotify-test.r3

@@ -0,0 +1,138 @@
+Rebol [
+	Title: "Test Spotify module"
+	Date: 02-Jul-2020
+	Author: "Oldes"
+	File: %test-spotify.r3
+	Version: 0.1.0
+	Require: 3.1.2
+	Note: {
+		Spotify API is still in Beta, and some bugs still happens...
+		like this one: https://github.com/spotify/web-api/issues/1594
+	}
+]
+
+do %spotify.reb
+
+system/options/log/http: 1 ; for verbose output
+try/except [
+spotify: system/modules/spotify/authorize [
+	client-id:     {8a01eb3b22ee4ba3b310e5e4fe10fd68}
+	; optional client-secret may be used for classic "Authorization Code Flow"
+	; if not used, the authentication will use PKCE extension, which is recommended
+	;client-secret: {00000000000000000000000000000000} 
+	scope: [
+	;@@ In real app not all scopes may be required!
+	;@@ https://developer.spotify.com/documentation/general/guides/scopes/
+		;- Images                     
+		;@ugc-image-upload             ; Write access to user-provided images.
+		;- Spotify Connect            
+		@user-read-playback-state     ; Read access to a user’s player state.
+		@user-modify-playback-state   ; Write access to a user’s playback state
+		@user-read-currently-playing  ; Read access to a user’s currently playing content.
+		;- Playback                   
+		@streaming                    ; Control playback of a Spotify track. (Web Playback SDK and Premium only)
+		@app-remote-control           ; Remote control playback of Spotify. (iOS and Android SDK only)
+		;- Users                      
+		@user-read-email              ; Read access to user’s email address.
+		@user-read-private            ; Read access to user’s subscription details (type of user account).
+		;- Playlists                  
+		@playlist-read-collaborative  ; Include collaborative playlists when requesting a user's playlists.
+		@playlist-modify-public       ; Write access to a user's public playlists.
+		@playlist-read-private        ; Read access to user's private playlists.
+		@playlist-modify-private      ; Write access to a user's private playlists.
+		;- Library                    
+		@user-library-modify          ; Write/delete access to a user's "Your Music" library.
+		@user-library-read            ; Read access to a user's "Your Music" library.
+		;- Listening History          
+		@user-top-read                ; Read access to a user's top artists and tracks.
+		@user-read-playback-position  ; Read access to a user’s playback position in a content.
+		@user-read-recently-played    ; Read access to a user’s recently played tracks.
+		;- Follow                     
+		@user-follow-read             ; Read access to the list of artists and other users that the user follows.
+		@user-follow-modify           ; Write/delete access to the list of artists and other users that the user follows.
+	]
+]
+][ probe system/state/last-error ]
+
+unless spotify [
+	print "*** Access to Spotify API failed!"
+	halt
+]
+
+
+spot?: function [
+	"Prints information what is currently playin thru Spotify"
+][
+	log: system/options/log/http
+	system/options/log/http: 0 
+	track: spotify/get %me/player/currently-playing
+	unless track [
+		print "No device!"
+		exit
+	]
+	track: load-json track
+	print ["Song:  " track/item/name]
+	print ["Album: " track/item/album/name]
+	foreach artist track/item/artists [
+		print ["Artist:" artist/name ]
+	]
+	print ["ID:    " track/item/id] 
+	print ["Pop:   " track/item/popularity]
+	system/options/log/http: log
+	()
+]
+
+print {^/Get Current User's Profile:}
+print spotify/get %me
+
+halt
+
+print {^/Get Information About The User's Current Playback:}
+print spotify/get %me/player
+
+print {^/Get a User's Available Devices:}
+print spotify/get %me/player/devices
+
+print {^/Get the User's Currently Playing Track:}
+print spotify/get %me/player/currently-playing
+;@@ https://developer.spotify.com/documentation/web-api/reference/player/get-the-users-currently-playing-track/
+
+print {^/Get a List of Current User's Playlists:}
+print spotify/get %me/playlists
+; optionaly for example with %me/playlists?limit=1&offset=2 to get just second playlist
+;@@ https://developer.spotify.com/documentation/web-api/reference/playlists/get-a-list-of-current-users-playlists/
+
+print {^/Get a List of a User's Playlists:}
+print spotify/get %users/01vv226r3fsej509cp2yuozb8/playlists
+;@@ https://developer.spotify.com/documentation/web-api/reference/playlists/get-list-users-playlists/
+
+print {^/Pause/Play/Seek a User's Playback:}
+print spotify/put %me/player/pause
+print spotify/put %me/player/play
+print spotify/put %me/player/seek?position_ms=0
+;@@ https://github.com/spotify/web-api/issues/1594
+
+print {^/Search for an Item:}
+print spotify/get %search?type=artist&q=ixieindamix
+;@@ https://developer.spotify.com/documentation/web-api/reference/search/search/
+
+print {^/Check if Current User Follows Artists or Users:}
+print spotify/get %me/following/contains?type=artist&ids=2IpvlHMrM6rBvDY7dAAg7D,74ASZWbe4lXaubB36ztrGX
+print {^/Get User's Followed Artists:}
+print spotify/get %me/following?type=artist&limit=2
+print {^/Start following Artists:}
+print spotify/put %me/following?type=artist&ids=74ASZWbe4lXaubB36ztrGX
+print {^/Stop following Artists:}
+print spotify/del %me/following?type=artist&ids=74ASZWbe4lXaubB36ztrGX
+;@@ https://developer.spotify.com/documentation/web-api/reference/follow/
+
+
+print {^/Get Audio Features for a Track:}
+print spotify/get %audio-features/0uq0ibSGT4AwiVLLZGs9Qm
+;@@ https://developer.spotify.com/documentation/web-api/reference/tracks/get-audio-features/
+
+print {^/Save Tracks for Current User:}
+print spotify/put %me/tracks?ids=0uq0ibSGT4AwiVLLZGs9Qm
+;@@ https://developer.spotify.com/documentation/web-api/reference/library/save-tracks-user/
+
+halt

src/modules/spotify.reb

@@ -0,0 +1,195 @@
+Rebol [
+	Title: "Spotify"
+	Purpose: "Spotify Web API access (experiment)"
+	Date: 2-Jul-2020
+	Author: "Oldes"
+	File: %spotify.reb
+	Name: 'spotify
+	Type: 'module
+	Version: 0.1.0
+	Require: 'httpd
+	Note: {
+		Useful info:
+		https://developer.spotify.com/documentation/general/guides/authorization-guide/
+		https://aaronparecki.com/oauth-2-simplified/
+	}
+]
+unless system/modules/httpd [
+	print "Importing HTTPD module"
+	do %httpd.reb
+]
+
+; context template as provided to user as a main access point to API
+spotify: object [
+	client-id:     none
+	client-secret: none
+	scope:         ""
+	port-id:       8989
+	token:         none
+	get: func [what [any-string!]][system/modules/spotify/request self 'GET what none]
+	put: func [what [any-string!] /with data][system/modules/spotify/request self 'PUT what data]
+	del: func [what [any-string!]][system/modules/spotify/request self 'DELETE what none]
+]
+
+authorize: function [
+	"OAuth2 Spotify authorization used to get the main context"
+	ctx [block! object!] "Data used for initialization (at least client-id is needed)"
+][
+	ctx: make spotify ctx
+
+	unless ctx/client-id [ 
+		print ajoin ["*** `" value "` is needed to authorize with Spotify!"]
+		return none
+	]
+	unless string?  ctx/client-id [ ctx/client-id: form ctx/client-id ]
+	unless integer? ctx/port-id   [ ctx/port-id:   8989               ]
+	unless string?  ctx/scope     [ ctx/scope:     form ctx/scope     ]
+
+	; url-encode spaces in scopes 
+	parse ctx/scope [any [change some #[bitset! #{0064000080}] #"+" | skip]]
+
+	redirect-uri: rejoin [
+		"http%3A%2F%2Flocalhost:" ctx/port-id "%2Fspotify-callback%2F"
+	]
+
+	unless ctx/client-secret [
+		code-verifier: form random/secure checksum/method join ctx/client-id now/precise 'sha256
+		code-challenge: enbase/url checksum/method code-verifier 'sha256 64
+		trim/with code-challenge #"="
+	]
+	;-- 1. Have your application request authorization; the user logs in and authorizes access
+	; build request url
+	url: rejoin [
+		https://accounts.spotify.com/authorize?
+		"response_type=code&show_dialog=false"
+		"&client_id="    ctx/client-id
+		"&scope="        ctx/scope
+		"&redirect_uri=" redirect-uri
+	]
+	; if client-secret was not specified, create challenge for PKCE extension
+	if code-challenge [
+		append append url "&state=" state: form random 99999999999
+		append append url "&code_challenge_method=S256&code_challenge=" code-challenge
+	]
+	; and open the url in user's default browser
+	browse url
+
+	; Result from the server is returned as a redirect, so let's start simple server
+	; listening on specified port (limited to accept only local requests, as the redirect is
+	; going from the browser actually.. it automaticaly close itself once data are received
+	result: system/modules/httpd/http-server/config/actor ctx/port-id [
+		root:       #[false] ; we are not serving any content!
+		keep-alive: #[false]
+	] object [
+		
+		;- Server's actor functions
+
+		On-Accept: func [info [object!]][
+			; allow only connections from localhost
+			; TRUE = accepted, FALSE = refuse
+			find [ 127.0.0.1 ] info/remote-ip 
+		]
+		On-Header: func [ctx [object!]][
+			? ctx/inp/target/file
+			switch/default ctx/inp/target/file [
+				%spotify-callback/ [
+					ctx/out/status: 200
+					ctx/out/content: ajoin [
+						"<h1>OAuth2 Callback</h1>"
+						"<br/>Request header:<pre>" mold ctx/inp/header </pre>
+						"<br/>Values:<pre>" mold ctx/inp/target/values </pre>
+						;<pre> mold ctx </pre>
+					]
+					;wake-up ctx/parent make event! [type: 'CLOSE port: port]
+					ctx/done?: ctx/inp/target/values
+				]
+			][
+				ctx/out/status: 405
+			]
+		]
+	]
+
+	?? result
+
+	; validate result from first step
+	if any [
+		not block? result
+		none? result/code
+		state <> result/state
+	][
+		print {*** Unexpected result from Spotify authorization!}
+		return none
+	]
+
+	;-- 2. Have your application request refresh and access tokens; Spotify returns access and refresh tokens
+
+	try/except [
+		time: now
+		ctx/token: load-json write https://accounts.spotify.com/api/token probe compose [
+			POST [
+				Content-Type: "application/x-www-form-urlencoded"
+			] ( rejoin [
+				"grant_type=authorization_code"
+				"&code="          result/code
+				"&scope="         any [result/scope ""]
+				"&redirect_uri="  :redirect-uri
+				"&client_id="     ctx/client-id
+				either code-verifier [
+					; PKCE version
+					join "&code_verifier=" code-verifier
+				][	; original version
+					join "&client_secret=" ctx/client-secret
+				]
+			])
+		]
+		ctx/token/expires_in: time + (to time! ctx/token/expires_in)
+	][
+		print "*** Failed to receive Spotify token!"
+		;probe system/state/last-error
+		return none
+	]
+	; return Spotify context 
+	ctx
+]
+
+refresh: function[
+	ctx [object!]
+][
+	ctx/token: load-json write https://accounts.spotify.com/api/token compose [
+		POST [
+			Content-Type: "application/x-www-form-urlencoded"
+		]( rejoin [
+			"grant_type=refresh_token"
+			"&refresh_token=" ctx/token/refresh_token
+			"&client_id="     ctx/client-id
+			either ctx/client-secret [
+				join "&client_secret=" ctx/client-secret
+			][]
+		])
+	]
+]
+
+request: func [
+	ctx    [object!]
+	method [word!]
+	what   [any-string!]
+	data   [any-type!]
+	/local header
+][
+	try/except [
+		if now >= ctx/token/expires_in [ refresh ctx ]
+		header: compose [
+			Authorization: (join "Bearer " ctx/token/access_token)
+		] 
+		if map? data [
+			append header [Content-Type: "application/json"]
+			data: to-json data
+		]
+		write join https://api.spotify.com/v1/ what reduce [
+			method header any [data ""]
+		]
+	][
+		print ["*** Spotify" method "of" mold what "failed!"]
+		none
+	]
+]