api-test/spotify.php at main · MilanSY/api-test · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php
session_start();

const CLIENT_ID = " "; // Remplacez par votre client ID
const REDIRECT_URI = " "; // Ajustez selon votre URL

// Gestion de la déconnexion
if (isset($_GET['logout'])) {
    session_destroy();
    setcookie('spotify_access_token', '', time() - 3600, '/');
    header('Location: index.php');
    exit();
}

$code = $_GET['code'] ?? null;

// Vérifier si on a déjà un token valide dans les cookies
$accessToken = $_COOKIE['spotify_access_token'] ?? null;

if ($accessToken) {
    // Vérifier si le token fonctionne encore
    $profile = fetchProfile($accessToken);
    if ($profile) {
        $_SESSION['profile'] = $profile;
        exit();
    } else {
        // Token expiré, le supprimer
        setcookie('spotify_access_token', '', time() - 3600, '/');
    }
}

if (!$code) {
    redirectToAuthCodeFlow();
} else {
    $tokenData = getAccessToken($code);
    if ($tokenData) {
        $accessToken = $tokenData['access_token'];
        $expiresIn = $tokenData['expires_in'];

        // Stocker le token dans un cookie avec la durée de vie du token
        setcookie('spotify_access_token', $accessToken, time() + $expiresIn, '/');

        $profile = fetchProfile($accessToken);
        $_SESSION['profile'] = $profile;
        header('Location: index.php');
        exit();
    }
}

function redirectToAuthCodeFlow() {
        $verifier = generateCodeVerifier(128);
        $challenge = generateCodeChallenge($verifier);

        $_SESSION['verifier'] = $verifier;

        $params = http_build_query([
            'client_id' => CLIENT_ID,
            'response_type' => 'code',
            'redirect_uri' => REDIRECT_URI,
            'scope' => 'user-read-private user-read-email user-follow-read user-follow-modify',
            'code_challenge_method' => 'S256',
            'code_challenge' => $challenge
        ]);

        header('Location: https://accounts.spotify.com/authorize?' . $params);
        exit();
}
function generateCodeVerifier($length) {
    $text = '';
    $possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

    for ($i = 0; $i < $length; $i++) {
        $text .= $possible[rand(0, strlen($possible) - 1)];
    }
    return $text;
}

function generateCodeChallenge($codeVerifier) {
    $data = hash('sha256', $codeVerifier, true);
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function getAccessToken($code) {
    $url = "https://accounts.spotify.com/api/token";

    // Récupérer le code_verifier depuis la session (équivalent de localStorage)
    $verifier = $_SESSION['verifier'] ?? null;

    if (!$verifier) {
        return null; // Pas de verifier disponible
    }

    $data = [
        'grant_type' => 'authorization_code',
        'code' => $code,
        'redirect_uri' => REDIRECT_URI,
        'client_id' => CLIENT_ID,
        'code_verifier' => $verifier
    ];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Content-Type: application/x-www-form-urlencoded'
    ]);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if ($httpCode === 200) {
        $data = json_decode($response, true);
        // Retourner toutes les données du token, pas seulement l'access_token
        return [
            'access_token' => $data['access_token'] ?? null,
            'expires_in' => $data['expires_in'] ?? 3600 // Par défaut 1 heure
        ];
    }

    return null;
}

function fetchProfile($token) {
    $url = "https://api.spotify.com/v1/me";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HTTPGET, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Authorization: Bearer ' . $token
    ]);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    if ($httpCode === 200) {
        return json_decode($response, true);
    }

    return null;
}