Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Source Release for Authorization PHP #978

Open
rmackinnon opened this issue Dec 8, 2024 · 3 comments
Open

Source Release for Authorization PHP #978

rmackinnon opened this issue Dec 8, 2024 · 3 comments

Comments

@rmackinnon
Copy link

Problem to solve

Just installed Mopidy with your Iris extension. While reviewing the install and default configs for Iris I noticed that the auth URLs for spotify, lastfm, and genius all point to resolving PHP scripts on your domain.

[iris]
enabled = true
country = NZ
locale = en_NZ
verify_certificates = true
snapcast_enabled = true
snapcast_host = localhost
snapcast_port = 1780
snapcast_ssl = false
snapcast_stream = Default
spotify_authorization_url = https://jamesbarnsley.co.nz/iris/auth_spotify.php
lastfm_authorization_url = https://jamesbarnsley.co.nz/iris/auth_lastfm.php
genius_authorization_url = https://jamesbarnsley.co.nz/iris/auth_genius.php

Proposed solution

Release this code for public review and users can run this code locally.

Additional info

No response

@kingosticks
Copy link
Contributor

Note that for the Spotify case you'll need your own full (i.e. non-restricted) Spotify API account to do this and maintain feature parity. Most people won't have this level of access after Spotify crippled everything last week.

@rmackinnon
Copy link
Author

That's good to know. As for LastFM or Genius, login for these two services could be leaking credentials outside of a users installation. Hence the ask to release this code. A simple review would show that it wasn't and allow for users to run it locally on their own server without bouncing it through an external source. Regardless that the owner of that domain is the main contributor (and there could be much larger risks assessed), the code for Iris is visible and could be reviewed. Whereas the default active code for these three proxy(?) is unknown.

@jaedb
Copy link
Owner

jaedb commented Dec 12, 2024

The code is already readily available, please check out the Configuration documentation on the Iris Wiki. This provides links to the authentication flow scripts.

The documentation hasn't been updated to include the Genius script, but it is essentially the same as the Spotify one.

Many users are not set up with their own accessible servers to execute these scripts or have the capacity to setup an application in each service's developer platform. Because of this, I provide this service freely using the same scripts as found in this repository to help users get the most out of Iris with minimal effort.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants