harden qobuz and downloader reliability edge cases

2026-06-17 15:05:39 +02:00 · 2026-04-21 18:54:10 +02:00
parent 0161c01a4c
commit de4e561377
8 changed files with 424 additions and 35 deletions
--- a/internal/provider/qobuz/client.go
+++ b/internal/provider/qobuz/client.go
@@ -35,6 +35,7 @@ type Client struct {
 	http     *http.Client
 	limiter  *ratelimit.Limiter
 	baseURL  string
+	fetchCfg func(ctx context.Context) (string, []string, error)
 	loggedIn bool
 	secret   string
 	uat      string
@@ -42,10 +43,11 @@ type Client struct {

 func New(cfg *config.Config) *Client {
 	return &Client{
-		cfg:     cfg,
-		http:    netutil.NewHTTPClient(30*time.Second, cfg.Session.Downloads.VerifySSL),
-		limiter: ratelimit.New(cfg.Session.Downloads.RequestsPerMinute),
-		baseURL: baseURL,
+		cfg:      cfg,
+		http:     netutil.NewHTTPClient(30*time.Second, cfg.Session.Downloads.VerifySSL),
+		limiter:  ratelimit.New(cfg.Session.Downloads.RequestsPerMinute),
+		baseURL:  baseURL,
+		fetchCfg: nil,
 	}
 }

@@ -59,37 +61,44 @@ func (c *Client) LoggedIn() bool {

 func (c *Client) Login(ctx context.Context) error {
 	q := &c.cfg.Session.Qobuz
+	q.EmailOrUserID = strings.TrimSpace(q.EmailOrUserID)
+	q.PasswordOrToken = strings.TrimSpace(q.PasswordOrToken)
 	if q.EmailOrUserID == "" || q.PasswordOrToken == "" {
 		return errMissingCredentials
 	}

-	if q.AppID == "" || len(q.Secrets) == 0 {
-		appID, secrets, err := c.fetchAppIDAndSecrets(ctx)
-		if err != nil {
-			return err
+	refreshed := false
+	if err := c.ensureAppCredentials(ctx, q); err != nil {
+		return err
+	}
+
+	loginOnce := func() (map[string]any, int, error) {
+		headers := map[string]string{"X-App-Id": q.AppID}
+		params := url.Values{}
+		params.Set("app_id", q.AppID)
+		if q.UseAuthToken {
+			params.Set("user_id", q.EmailOrUserID)
+			params.Set("user_auth_token", q.PasswordOrToken)
+		} else {
+			params.Set("email", q.EmailOrUserID)
+			params.Set("password", q.PasswordOrToken)
 		}
-		q.AppID = appID
-		q.Secrets = secrets
-		c.cfg.File.Qobuz.AppID = appID
-		c.cfg.File.Qobuz.Secrets = append([]string(nil), secrets...)
-		_ = c.cfg.SaveFile()
+		return c.apiRequest(ctx, "user/login", params, headers)
 	}

-	headers := map[string]string{"X-App-Id": q.AppID}
-	params := url.Values{}
-	params.Set("app_id", q.AppID)
-	if q.UseAuthToken {
-		params.Set("user_id", q.EmailOrUserID)
-		params.Set("user_auth_token", q.PasswordOrToken)
-	} else {
-		params.Set("email", q.EmailOrUserID)
-		params.Set("password", q.PasswordOrToken)
-	}
-
-	resp, status, err := c.apiRequest(ctx, "user/login", params, headers)
+	resp, status, err := loginOnce()
 	if err != nil {
 		return err
 	}
+	if status != http.StatusOK && !refreshed {
+		if refreshErr := c.refreshAppCredentials(ctx, q); refreshErr == nil {
+			refreshed = true
+			resp, status, err = loginOnce()
+			if err != nil {
+				return err
+			}
+		}
+	}
 	if status != http.StatusOK {
 		return fmt.Errorf("qobuz login failed: status=%d body=%v", status, resp)
 	}
@@ -99,8 +108,15 @@ func (c *Client) Login(ctx context.Context) error {
 		return fmt.Errorf("qobuz login missing user_auth_token")
 	}

-	headers["X-User-Auth-Token"] = uat
+	headers := map[string]string{"X-App-Id": q.AppID, "X-User-Auth-Token": uat}
 	validSecret, err := c.getValidSecret(ctx, q.Secrets, headers)
+	if err != nil && !refreshed {
+		if refreshErr := c.refreshAppCredentials(ctx, q); refreshErr == nil {
+			refreshed = true
+			headers["X-App-Id"] = q.AppID
+			validSecret, err = c.getValidSecret(ctx, q.Secrets, headers)
+		}
+	}
 	if err != nil {
 		return err
 	}
@@ -112,6 +128,31 @@ func (c *Client) Login(ctx context.Context) error {
 	return nil
 }

+func (c *Client) ensureAppCredentials(ctx context.Context, q *config.QobuzConfig) error {
+	q.AppID = strings.TrimSpace(q.AppID)
+	if q.AppID != "" && len(q.Secrets) > 0 {
+		return nil
+	}
+	return c.refreshAppCredentials(ctx, q)
+}
+
+func (c *Client) refreshAppCredentials(ctx context.Context, q *config.QobuzConfig) error {
+	fetch := c.fetchCfg
+	if fetch == nil {
+		fetch = c.fetchAppIDAndSecrets
+	}
+	appID, secrets, err := fetch(ctx)
+	if err != nil {
+		return err
+	}
+	q.AppID = strings.TrimSpace(appID)
+	q.Secrets = append([]string(nil), secrets...)
+	c.cfg.File.Qobuz.AppID = q.AppID
+	c.cfg.File.Qobuz.Secrets = append([]string(nil), secrets...)
+	_ = c.cfg.SaveFile()
+	return nil
+}
+
 func (c *Client) GetMetadata(ctx context.Context, item, mediaType string) (map[string]any, error) {
 	if !c.loggedIn {
 		return nil, errNotLoggedIn
@@ -215,14 +256,12 @@ func (c *Client) GetDownloadable(ctx context.Context, item string, quality int)
 	}

 	streamURL, _ := resp["url"].(string)
+	streamURL = strings.TrimSpace(streamURL)
 	if streamURL == "" {
 		return nil, fmt.Errorf("track is not streamable")
 	}

-	ext := "mp3"
-	if quality > 1 {
-		ext = "flac"
-	}
+	ext := qobuzDownloadExtension(resp, quality, streamURL)

 	return &provider.Downloadable{
 		URL:       streamURL,
@@ -231,6 +270,41 @@ func (c *Client) GetDownloadable(ctx context.Context, item string, quality int)
 	}, nil
 }

+func qobuzDownloadExtension(resp map[string]any, quality int, streamURL string) string {
+	if parsed, err := url.Parse(strings.TrimSpace(streamURL)); err == nil {
+		p := strings.ToLower(parsed.Path)
+		if strings.HasSuffix(p, ".flac") {
+			return "flac"
+		}
+		if strings.HasSuffix(p, ".mp3") {
+			return "mp3"
+		}
+	}
+
+	mimeType, _ := resp["mime_type"].(string)
+	mimeType = strings.ToLower(strings.TrimSpace(mimeType))
+	if strings.Contains(mimeType, "flac") {
+		return "flac"
+	}
+	if strings.Contains(mimeType, "mpeg") || strings.Contains(mimeType, "mp3") {
+		return "mp3"
+	}
+
+	if formatID, ok := intValue(resp["format_id"]); ok {
+		if formatID == 5 {
+			return "mp3"
+		}
+		if formatID > 5 {
+			return "flac"
+		}
+	}
+
+	if quality > 1 {
+		return "flac"
+	}
+	return "mp3"
+}
+
 func (c *Client) Close() error {
 	return nil
 }
--- a/internal/provider/qobuz/client_test.go
+++ b/internal/provider/qobuz/client_test.go
@@ -2,6 +2,8 @@ package qobuz

 import (
 	"context"
+	"crypto/md5"
+	"encoding/hex"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
@@ -219,3 +221,155 @@ func makeItems(start, end int) []map[string]any {
 	}
 	return items
 }
+
+func TestLoginRefreshesAppCredentialsWhenSecretInvalid(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/user/login":
+			_ = json.NewEncoder(w).Encode(map[string]any{"user_auth_token": "uat-token"})
+		case "/track/getFileUrl":
+			if r.Header.Get("X-App-Id") != "new-app" {
+				w.WriteHeader(http.StatusBadRequest)
+				_ = json.NewEncoder(w).Encode(map[string]any{"message": "bad app"})
+				return
+			}
+			tsValue := r.URL.Query().Get("request_ts")
+			sig := r.URL.Query().Get("request_sig")
+			if sig != qobuzSecretSig(tsValue, "good-secret") {
+				w.WriteHeader(http.StatusBadRequest)
+				_ = json.NewEncoder(w).Encode(map[string]any{"message": "bad secret"})
+				return
+			}
+			w.WriteHeader(http.StatusUnauthorized)
+			_ = json.NewEncoder(w).Encode(map[string]any{"message": "ok secret"})
+		default:
+			w.WriteHeader(http.StatusNotFound)
+		}
+	}))
+	defer ts.Close()
+
+	d := config.DefaultConfigData()
+	d.Qobuz.EmailOrUserID = "user@example.com"
+	d.Qobuz.PasswordOrToken = "hash"
+	d.Qobuz.AppID = "old-app"
+	d.Qobuz.Secrets = []string{"bad-secret"}
+	cfg := &config.Config{File: d, Session: d}
+	c := New(cfg)
+	c.baseURL = ts.URL
+	c.fetchCfg = func(context.Context) (string, []string, error) {
+		return "new-app", []string{"good-secret"}, nil
+	}
+
+	if err := c.Login(context.Background()); err != nil {
+		t.Fatalf("Login() error = %v", err)
+	}
+	if !c.loggedIn {
+		t.Fatalf("expected logged-in client")
+	}
+	if c.secret != "good-secret" {
+		t.Fatalf("secret = %q, want good-secret", c.secret)
+	}
+	if c.cfg.Session.Qobuz.AppID != "new-app" {
+		t.Fatalf("session app id = %q", c.cfg.Session.Qobuz.AppID)
+	}
+}
+
+func TestLoginRetriesAfterRefreshingAppCredentials(t *testing.T) {
+	loginCalls := 0
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/user/login":
+			loginCalls++
+			if r.URL.Query().Get("app_id") != "new-app" {
+				w.WriteHeader(http.StatusUnauthorized)
+				_ = json.NewEncoder(w).Encode(map[string]any{"message": "expired app id"})
+				return
+			}
+			_ = json.NewEncoder(w).Encode(map[string]any{"user_auth_token": "uat-token"})
+		case "/track/getFileUrl":
+			tsValue := r.URL.Query().Get("request_ts")
+			sig := r.URL.Query().Get("request_sig")
+			if r.Header.Get("X-App-Id") == "new-app" && sig == qobuzSecretSig(tsValue, "good-secret") {
+				w.WriteHeader(http.StatusUnauthorized)
+				_ = json.NewEncoder(w).Encode(map[string]any{"message": "ok secret"})
+				return
+			}
+			w.WriteHeader(http.StatusBadRequest)
+			_ = json.NewEncoder(w).Encode(map[string]any{"message": "bad secret"})
+		default:
+			w.WriteHeader(http.StatusNotFound)
+		}
+	}))
+	defer ts.Close()
+
+	d := config.DefaultConfigData()
+	d.Qobuz.EmailOrUserID = "user@example.com"
+	d.Qobuz.PasswordOrToken = "hash"
+	d.Qobuz.AppID = "old-app"
+	d.Qobuz.Secrets = []string{"old-secret"}
+	cfg := &config.Config{File: d, Session: d}
+	c := New(cfg)
+	c.baseURL = ts.URL
+	c.fetchCfg = func(context.Context) (string, []string, error) {
+		return "new-app", []string{"good-secret"}, nil
+	}
+
+	if err := c.Login(context.Background()); err != nil {
+		t.Fatalf("Login() error = %v", err)
+	}
+	if loginCalls < 2 {
+		t.Fatalf("expected login retry after refresh, calls=%d", loginCalls)
+	}
+}
+
+func TestQobuzDownloadExtension(t *testing.T) {
+	tests := []struct {
+		name    string
+		resp    map[string]any
+		quality int
+		url     string
+		want    string
+	}{
+		{name: "from url flac", resp: map[string]any{}, quality: 1, url: "https://cdn.example/a.flac?token=1", want: "flac"},
+		{name: "from url mp3", resp: map[string]any{}, quality: 4, url: "https://cdn.example/a.mp3", want: "mp3"},
+		{name: "from mime type", resp: map[string]any{"mime_type": "audio/flac"}, quality: 1, url: "https://cdn.example/stream", want: "flac"},
+		{name: "from format id", resp: map[string]any{"format_id": float64(5)}, quality: 4, url: "https://cdn.example/stream", want: "mp3"},
+		{name: "fallback quality", resp: map[string]any{}, quality: 3, url: "https://cdn.example/stream", want: "flac"},
+	}
+
+	for _, tt := range tests {
+		if got := qobuzDownloadExtension(tt.resp, tt.quality, tt.url); got != tt.want {
+			t.Fatalf("%s: qobuzDownloadExtension()=%q want %q", tt.name, got, tt.want)
+		}
+	}
+}
+
+func TestGetDownloadableUsesReturnedURLExtension(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/track/getFileUrl" {
+			w.WriteHeader(http.StatusNotFound)
+			return
+		}
+		_ = json.NewEncoder(w).Encode(map[string]any{"url": "https://cdn.example/track.mp3?token=abc"})
+	}))
+	defer ts.Close()
+
+	c := newTestClient(t)
+	c.loggedIn = true
+	c.secret = "secret"
+	c.baseURL = ts.URL
+
+	d, err := c.GetDownloadable(context.Background(), "19512574", 4)
+	if err != nil {
+		t.Fatalf("GetDownloadable() error = %v", err)
+	}
+	if d.Extension != "mp3" {
+		t.Fatalf("extension = %q, want mp3", d.Extension)
+	}
+}
+
+func qobuzSecretSig(requestTS, secret string) string {
+	raw := "trackgetFileUrlformat_id27intentstreamtrack_id19512574" + requestTS + secret
+	hash := md5.Sum([]byte(raw))
+	return hex.EncodeToString(hash[:])
+}