qobuz-qt

Joren/qobuz-qt

Fork 0

Commit Graph

Author	SHA1	Message	Date
joren	5bda2396d1	fix: security hardening and code quality improvements Build hardening: - Add -fstack-protector-strong, -D_FORTIFY_SOURCE=2, PIE, full RELRO - Enable overflow-checks in Rust release profile Rust backend: - Return null (not panic) if Tokio runtime or QobuzClient init fails - Strip null bytes in FFI JSON callback to prevent CString panics - Document MD5 and password-in-query as Qobuz API constraints C++ frontend: - Validate JSON document before accessing fields in onEvent() - Handle null backend pointer from failed init - Set biography label to PlainText and decode HTML entities to prevent rendering injected content from API responses - Clamp slider position and guard negative durations - Use qint64 for duration formatting to avoid int truncation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 23:19:04 +01:00
joren	9402dca7ed	Initial implementation of qobuz-qt - Rust backend (qobuz-backend static lib): Qobuz API client (reqwest/tokio), Symphonia audio decoder, CPAL audio output, extern "C" FFI bridge - Qt 6 frontend mirroring spotify-qt layout: toolbar with playback controls, left library dock, central track list, right search panel - Auth: email/password login with MD5-signed requests; session token persisted via QSettings - Playback: double-click a track → Rust fetches stream URL → Symphonia decodes → CPAL outputs to default audio device - Dark Fusion palette matching spotify-qt feel Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-23 23:34:23 +01:00

Author

SHA1

Message

Date

joren

5bda2396d1

fix: security hardening and code quality improvements

Build hardening:
- Add -fstack-protector-strong, -D_FORTIFY_SOURCE=2, PIE, full RELRO
- Enable overflow-checks in Rust release profile

Rust backend:
- Return null (not panic) if Tokio runtime or QobuzClient init fails
- Strip null bytes in FFI JSON callback to prevent CString panics
- Document MD5 and password-in-query as Qobuz API constraints

C++ frontend:
- Validate JSON document before accessing fields in onEvent()
- Handle null backend pointer from failed init
- Set biography label to PlainText and decode HTML entities to prevent
  rendering injected content from API responses
- Clamp slider position and guard negative durations
- Use qint64 for duration formatting to avoid int truncation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-24 23:19:04 +01:00

joren

9402dca7ed

Initial implementation of qobuz-qt

- Rust backend (qobuz-backend static lib): Qobuz API client (reqwest/tokio),
  Symphonia audio decoder, CPAL audio output, extern "C" FFI bridge
- Qt 6 frontend mirroring spotify-qt layout: toolbar with playback controls,
  left library dock, central track list, right search panel
- Auth: email/password login with MD5-signed requests; session token persisted
  via QSettings
- Playback: double-click a track → Rust fetches stream URL → Symphonia decodes
  → CPAL outputs to default audio device
- Dark Fusion palette matching spotify-qt feel

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-23 23:34:23 +01:00

2 Commits