-
-
Notifications
You must be signed in to change notification settings - Fork 135
/
auth_lastfm.php
executable file
·163 lines (126 loc) · 3.94 KB
/
auth_lastfm.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?php
/**
* LastFM Authentication proxy
*
* To use:
* 1. Create a LastFM App (https://www.last.fm/api/account/create), and paste in your credentials below
* 2. Save this script to a publicly-accessible server
* 3. Set config in mopidy.conf to point to this script
**/
// LastFM app credentials
define('API_URL','http://ws.audioscrobbler.com/2.0/?format=json');
define('API_KEY','YOUR_API_KEY_HERE');
define('API_SECRET','YOUR_API_SECRET_HERE');
define('REDIRECT_URI','YOUR_REDIRECT_URI_HERE');
// Allow cross-domain requests
header("Access-Control-Allow-Origin: *");
// Set our cookies
if (isset($_GET['app'])){
setcookie('mopidy_iris', $_GET['app'], time()+3600);
}
/* ================================================================================= INIT ================ */
/* ======================================================================================================= */
if (isset($_GET['action'])){
switch ($_GET['action']){
case 'authorize':
header('Location: http://www.last.fm/api/auth/?api_key='.API_KEY.'&cb='.REDIRECT_URI);
exit;
case 'start_session':
$session = startSession($_GET['token'], false);
$session['origin'] = "auth_lastfm";
// Pass our error back to the popup opener
?>
<script type="text/javascript">
window.opener.postMessage( '<?php echo json_encode($session) ?>', "*");
window.close();
</script>
<?php
break;
case 'sign_request':
header('Content-Type: text/json');
$data = $_GET;
$signed = signRequest($data);
echo json_encode($signed);
exit;
default:
header('Content-Type: text/json');
echo '{"error": "Invalid action specified"}';
die();
}
} else {
echo "No action specified";
die();
}
/* ================================================================================= GETTERS ============= */
/* ======================================================================================================= */
/**
* Start a session
*
* @param $data = array
* @param $post = boolean (POST request)
**/
function startSession($token){
$ch = curl_init();
if (FALSE === $ch){
throw new Exception('Failed to initialize');
}
$signature = "api_key".API_KEY."methodauth.getSessiontoken".$token.API_SECRET;
$signature = md5($signature);
$data = array(
"api_key" => API_KEY,
"api_sig" => $signature,
"token" => $token
);
curl_setopt($ch, CURLOPT_URL,API_URL."&method=auth.getSession");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_errno($ch)){
echo 'CURL Error: '. curl_error($ch);
}
curl_close($ch);
$response = json_decode($response, true);
// Append our other important values to successful signings
if (!$response['error']){
$response['api_key'] = API_KEY;
}
return $response;
}
/**
* Perform a signed request
*
* @param $data = array
* @param $include_signatore = boolean
**/
function signRequest($data = array(), $include_signature = true){
unset($data['action']);
// Make sure we've got our API key included
$request = array_merge(array("api_key" => API_KEY), $data);
// Drop jQuery callback argument
unset($request["_"]);
// Loop all the values in our request and add to our signature
$signature = "";
$params = "";
ksort($request);
foreach ($request as $key => $value){
$signature.= $key.$value;
if ($params != ""){
$params.= "&";
}
$params.= $key."=".$value;
}
// Finalize the signature
$signature.= API_SECRET;
$signature = md5($signature);
$request["api_sig"] = $signature;
// Add finalised params as a complete string
$params.= "&api_sig=".$signature;
$request["params"] = $params;
return $request;
}