From b0a7202f323dc6ce610dca0d1f8c33444c248335 Mon Sep 17 00:00:00 2001 From: David Madl Date: Thu, 14 May 2026 01:54:02 +0200 Subject: [PATCH] feat: allow bearer token to be passed through from the app --- api.py | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/api.py b/api.py index c1c98cc..b5b2cce 100644 --- a/api.py +++ b/api.py @@ -624,12 +624,10 @@ def me(): @app.route("/playlists") def playlists(): - spotify_user_id = session.get("spotify_user_id") - if not spotify_user_id: + access_token = get_request_spotify_access_token() + if not access_token: return jsonify({"ok": False, "error": "Not logged in"}), 401 - access_token = get_valid_access_token(spotify_user_id) - """ user_id = "Sara" url = f"https://api.spotify.com/v1/users/{user_id}/playlists" @@ -649,12 +647,10 @@ def playlists(): @app.route("/playlists/") def playlist(playlist_id): - spotify_user_id = session.get("spotify_user_id") - if not spotify_user_id: + access_token = get_request_spotify_access_token() + if not access_token: return jsonify({"ok": False, "error": "Not logged in"}), 401 - access_token = get_valid_access_token(spotify_user_id) - playlist_data = spotify_get( f"https://api.spotify.com/v1/playlists/{playlist_id}", access_token, @@ -686,6 +682,28 @@ def playlist(playlist_id): }) +def get_request_spotify_access_token(): + """ + Prefer ``Authorization: Bearer `` (mobile / jukebox). + Fallback to Flask session + stored refresh flow (browser). + """ + bearer = spotify_access_token_from_authorization_header() + if bearer: + return bearer + spotify_user_id = session.get("spotify_user_id") + if not spotify_user_id: + return None + return get_valid_access_token(spotify_user_id) + + +def spotify_access_token_from_authorization_header(): + auth = request.headers.get("Authorization", "") or "" + if not auth.startswith("Bearer "): + return None + token = auth[7:].strip() + return token or None + + if __name__ == "__main__": init_db() app.run(host="127.0.0.1", port=8000, debug=True)