fix(Spotify): Add Spoof client patch to fix various issues by using a web platform access token (#5173)

Co-authored-by: Nuckyz <[email protected]>
Co-authored-by: brosssh <[email protected]>
Co-authored-by: Dawid Krajcarz <[email protected]>
Co-authored-by: LisoUseInAIKyrios <[email protected]>

Author: 5 people

build.gradle.kts

@@ -0,0 +1,3 @@
+plugins {
+    alias(libs.plugins.android.library) apply false
+}

extensions/boostforreddit/stub/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id(libs.plugins.android.library.get().pluginId)
+    alias(libs.plugins.android.library)
 }
 
 android {

extensions/nunl/stub/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id(libs.plugins.android.library.get().pluginId)
+    alias(libs.plugins.android.library)
 }
 
 android {

extensions/primevideo/stub/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id(libs.plugins.android.library.get().pluginId)
+    alias(libs.plugins.android.library)
 }
 
 android {

extensions/reddit/stub/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id(libs.plugins.android.library.get().pluginId)
+    alias(libs.plugins.android.library)
 }
 
 android {

extensions/shared/library/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id("com.android.library")
+    alias(libs.plugins.android.library) 
 }
 
 android {

extensions/spotify/build.gradle.kts

@@ -1,7 +1,15 @@
+plugins {
+    alias(libs.plugins.protobuf)
+}
+
 dependencies {
     compileOnly(project(":extensions:shared:library"))
     compileOnly(project(":extensions:spotify:stub"))
     compileOnly(libs.annotation)
+
+    implementation(project(":extensions:spotify:utils"))
+    implementation(libs.nanohttpd)
+    implementation(libs.protobuf.javalite)
 }
 
 android {
@@ -14,3 +22,19 @@ android {
         targetCompatibility = JavaVersion.VERSION_1_8
     }
 }
+
+protobuf {
+    protoc {
+        artifact = libs.protobuf.protoc.get().toString()
+    }
+
+    generateProtoTasks {
+        all().forEach { task ->
+            task.builtins {
+                create("java") {
+                    option("lite")
+                }
+            }
+        }
+    }
+}

extensions/spotify/src/main/java/app/revanced/extension/spotify/misc/fix/LoginRequestListener.java

@@ -0,0 +1,153 @@
+package app.revanced.extension.spotify.misc.fix;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import app.revanced.extension.shared.Logger;
+import app.revanced.extension.spotify.login5.v4.proto.Login5.*;
+import com.google.protobuf.ByteString;
+import com.google.protobuf.MessageLite;
+import fi.iki.elonen.NanoHTTPD;
+
+import java.io.ByteArrayInputStream;
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Objects;
+
+import static fi.iki.elonen.NanoHTTPD.Response.Status.INTERNAL_ERROR;
+
+class LoginRequestListener extends NanoHTTPD {
+    LoginRequestListener(int port) {
+        super(port);
+    }
+
+    @NonNull
+    @Override
+    public Response serve(IHTTPSession request) {
+        Logger.printInfo(() -> "Serving request for URI: " + request.getUri());
+
+        InputStream requestBodyInputStream = getRequestBodyInputStream(request);
+
+        LoginRequest loginRequest;
+        try {
+            loginRequest = LoginRequest.parseFrom(requestBodyInputStream);
+        } catch (IOException e) {
+            Logger.printException(() -> "Failed to parse LoginRequest", e);
+            return newResponse(INTERNAL_ERROR);
+        }
+
+        MessageLite loginResponse;
+
+        // A request may be made concurrently by Spotify,
+        // however a webview can only handle one request at a time due to singleton cookie manager.
+        // Therefore, synchronize to ensure that only one webview handles the request at a time.
+        synchronized (this) {
+            loginResponse = getLoginResponse(loginRequest);
+        }
+
+        if (loginResponse != null) {
+            return newResponse(Response.Status.OK, loginResponse);
+        }
+
+        return newResponse(INTERNAL_ERROR);
+    }
+
+
+    @Nullable
+    private static LoginResponse getLoginResponse(@NonNull LoginRequest loginRequest) {
+        Session session;
+
+        boolean isInitialLogin = !loginRequest.hasStoredCredential();
+        if (isInitialLogin) {
+            Logger.printInfo(() -> "Received request for initial login");
+            session = WebApp.currentSession; // Session obtained from WebApp.login.
+        } else {
+            Logger.printInfo(() -> "Received request to restore saved session");
+            session = Session.read(loginRequest.getStoredCredential().getUsername());
+        }
+
+        return toLoginResponse(session, isInitialLogin);
+    }
+
+
+    private static LoginResponse toLoginResponse(Session session, boolean isInitialLogin) {
+        LoginResponse.Builder builder = LoginResponse.newBuilder();
+
+        if (session == null) {
+            if (isInitialLogin) {
+                Logger.printInfo(() -> "Session is null, returning try again later error for initial login");
+                builder.setError(LoginError.TRY_AGAIN_LATER);
+            } else {
+                Logger.printInfo(() -> "Session is null, returning invalid credentials error for stored credential login");
+                builder.setError(LoginError.INVALID_CREDENTIALS);
+            }
+        } else if (session.username == null) {
+            Logger.printInfo(() -> "Session username is null, returning invalid credentials error");
+            builder.setError(LoginError.INVALID_CREDENTIALS);
+        } else if (session.accessTokenExpired()) {
+            Logger.printInfo(() -> "Access token has expired, renewing session");
+            WebApp.renewSession(session.cookies);
+            return toLoginResponse(WebApp.currentSession, isInitialLogin);
+        } else {
+            session.save();
+            Logger.printInfo(() -> "Returning session for username: " + session.username);
+            builder.setOk(LoginOk.newBuilder()
+                    .setUsername(session.username)
+                    .setAccessToken(session.accessToken)
+                    .setStoredCredential(ByteString.fromHex("00")) // Placeholder, as it cannot be null or empty.
+                    .setAccessTokenExpiresIn(session.accessTokenExpiresInSeconds())
+                    .build());
+        }
+
+        return builder.build();
+    }
+
+    @NonNull
+    private static InputStream limitedInputStream(InputStream inputStream, long contentLength) {
+        return new FilterInputStream(inputStream) {
+            private long remaining = contentLength;
+
+            @Override
+            public int read() throws IOException {
+                if (remaining <= 0) return -1;
+                int result = super.read();
+                if (result != -1) remaining--;
+                return result;
+            }
+
+            @Override
+            public int read(byte[] b, int off, int len) throws IOException {
+                if (remaining <= 0) return -1;
+                len = (int) Math.min(len, remaining);
+                int result = super.read(b, off, len);
+                if (result != -1) remaining -= result;
+                return result;
+            }
+        };
+    }
+
+    @NonNull
+    private static InputStream getRequestBodyInputStream(@NonNull IHTTPSession request) {
+        long requestContentLength =
+                Long.parseLong(Objects.requireNonNull(request.getHeaders().get("content-length")));
+        return limitedInputStream(request.getInputStream(), requestContentLength);
+    }
+
+
+    @SuppressWarnings("SameParameterValue")
+    @NonNull
+    private static Response newResponse(Response.Status status) {
+        return newResponse(status, null);
+    }
+
+    @NonNull
+    private static Response newResponse(Response.IStatus status, MessageLite messageLite) {
+        if (messageLite == null) {
+            return newFixedLengthResponse(status, "application/x-protobuf", null);
+        }
+
+        byte[] messageBytes = messageLite.toByteArray();
+        InputStream stream = new ByteArrayInputStream(messageBytes);
+        return newFixedLengthResponse(status, "application/x-protobuf", stream, messageBytes.length);
+    }
+}

extensions/spotify/src/main/java/app/revanced/extension/spotify/misc/fix/Session.java

@@ -0,0 +1,124 @@
+package app.revanced.extension.spotify.misc.fix;
+
+import android.content.SharedPreferences;
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import app.revanced.extension.shared.Logger;
+import app.revanced.extension.shared.Utils;
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import static android.content.Context.MODE_PRIVATE;
+
+class Session {
+    /**
+     * Username of the account. Null if this session does not have an authenticated user.
+     */
+    @Nullable
+    final String username;
+    /**
+     * Access token for this session.
+     */
+    final String accessToken;
+    /**
+     * Session expiration timestamp in milliseconds.
+     */
+    final Long expirationTime;
+    /**
+     * Authentication cookies for this session.
+     */
+    final String cookies;
+
+    /**
+     * @param username    Username of the account. Empty if this session does not have an authenticated user.
+     * @param accessToken Access token for this session.
+     * @param cookies     Authentication cookies for this session.
+     */
+    Session(@Nullable String username, String accessToken, String cookies) {
+        this(username, accessToken, System.currentTimeMillis() + 60 * 60 * 1000, cookies);
+    }
+
+    private Session(@Nullable String username, String accessToken, long expirationTime, String cookies) {
+        this.username = username;
+        this.accessToken = accessToken;
+        this.expirationTime = expirationTime;
+        this.cookies = cookies;
+    }
+
+    /**
+     * @return The number of milliseconds until the access token expires.
+     */
+    long accessTokenExpiresInMillis() {
+        long currentTime = System.currentTimeMillis();
+        return expirationTime - currentTime;
+    }
+
+    /**
+     * @return The number of seconds until the access token expires.
+     */
+    int accessTokenExpiresInSeconds() {
+        return (int) accessTokenExpiresInMillis() / 1000;
+    }
+
+    /**
+     * @return True if the access token has expired, false otherwise.
+     */
+    boolean accessTokenExpired() {
+        return accessTokenExpiresInMillis() <= 0;
+    }
+
+    void save() {
+        Logger.printInfo(() -> "Saving session: " + this);
+
+        SharedPreferences.Editor editor = Utils.getContext().getSharedPreferences("revanced", MODE_PRIVATE).edit();
+
+        String json;
+        try {
+            json = new JSONObject()
+                    .put("accessToken", accessToken)
+                    .put("expirationTime", expirationTime)
+                    .put("cookies", cookies).toString();
+        } catch (JSONException ex) {
+            Logger.printException(() -> "Failed to convert session to stored credential", ex);
+            return;
+        }
+
+        editor.putString("session_" + username, json);
+        editor.apply();
+    }
+
+    @Nullable
+    static Session read(String username) {
+        Logger.printInfo(() -> "Reading saved session for username: " + username);
+
+        SharedPreferences sharedPreferences = Utils.getContext().getSharedPreferences("revanced", MODE_PRIVATE);
+        String savedJson = sharedPreferences.getString("session_" + username, null);
+        if (savedJson == null) {
+            Logger.printInfo(() -> "No session found in shared preferences");
+            return null;
+        }
+
+        try {
+            JSONObject json = new JSONObject(savedJson);
+            String accessToken = json.getString("accessToken");
+            long expirationTime = json.getLong("expirationTime");
+            String cookies = json.getString("cookies");
+
+            return new Session(username, accessToken, expirationTime, cookies);
+        } catch (JSONException ex) {
+            Logger.printException(() -> "Failed to read session from shared preferences", ex);
+            return null;
+        }
+    }
+
+    @NonNull
+    @Override
+    public String toString() {
+        return "Session(" +
+                "username=" + username +
+                ", accessToken=" + accessToken +
+                ", expirationTime=" + expirationTime +
+                ", cookies=" + cookies +
+                ')';
+    }
+}

extensions/spotify/src/main/java/app/revanced/extension/spotify/misc/fix/SpoofClientPatch.java

@@ -0,0 +1,42 @@
+package app.revanced.extension.spotify.misc.fix;
+
+import android.view.LayoutInflater;
+import app.revanced.extension.shared.Logger;
+
+@SuppressWarnings("unused")
+public class SpoofClientPatch {
+    private static LoginRequestListener listener;
+
+    /**
+     * Injection point.
+     * <br>
+     * Start login server.
+     */
+    public static void listen(int port) {
+        if (listener != null) {
+            Logger.printInfo(() -> "Listener already running on port " + port);
+            return;
+        }
+
+        try {
+            listener = new LoginRequestListener(port);
+            listener.start();
+            Logger.printInfo(() -> "Listener running on port " + port);
+        } catch (Exception ex) {
+            Logger.printException(() -> "listen failure", ex);
+        }
+    }
+
+    /**
+     * Injection point.
+     * <br>
+     * Launch login web view.
+     */
+    public static void login(LayoutInflater inflater) {
+        try {
+            WebApp.login(inflater.getContext());
+        } catch (Exception ex) {
+            Logger.printException(() -> "login failure", ex);
+        }
+    }
+}