auth middleware

Author: Victorthedev

controllers/authController.js

@@ -1,29 +1,37 @@
 const spotifyService = require('../services/spotifyService');
-const createSpotifyApi = require('../utils/spotifyApi');
+const spotifyApi = require('../utils/spotifyApi');
 
 const login = (req, res) => {
-    const spotifyApi = createSpotifyApi();
-    const authUrl = spotifyApi.createAuthorizeURL(scopes, 'state-key');
+    const authUrl = spotifyService.getAuthUrl();
     res.redirect(authUrl);
 };
 
 const callback = async (req, res) => {
-    const spotifyApi = createSpotifyApi();
     try {
         const code = req.query.code || null;
         const data = await spotifyApi.authorizationCodeGrant(code);
         const { access_token, refresh_token } = data.body;
 
-        res.cookie('spotify_access_token', access_token, { httpOnly: true });
-        res.cookie('spotify_refresh_token', refresh_token, { httpOnly: true });
+        res.cookie('spotify_access_token', access_token, { 
+            httpOnly: true,
+            secure: true, 
+            sameSite: 'lax'
+        });
 
+        res.cookie('spotify_refresh_token', refresh_token, {
+            httpOnly: true,
+            secure: true, 
+            sameSite: 'lax'
+        });
+
         res.redirect('https://main.d1n7z7zw3v28b1.amplifyapp.com/home');
     } catch (error) {
+        console.error('Auth callback error:', error);
         res.redirect('https://main.d1n7z7zw3v28b1.amplifyapp.com/login?error=auth_failed');
     }
 };
 
 module.exports = {
     login,
     callback,
-};
+};

middleware/authMiddleware.js

@@ -1,12 +1,15 @@
+const spotifyApi = require('../utils/spotifyApi');
+
 const auth = (req, res, next) => {
     const token = req.cookies.spotify_access_token;
 
     if (!token) {
-      return res.status(401).json({ error: 'Authentication required' });
+        return res.status(401).json({ error: 'Authentication required' });
     }
-  
+
+    spotifyApi.setAccessToken(token);
     req.spotifyToken = token;
     next();
-  };
-  
-  module.exports = auth;
+};
+
+module.exports = auth;

routes/playlistRoutes.js

@@ -4,11 +4,12 @@ const playlistController = require('../controllers/playlistController');
 const auth = require('../middleware/authMiddleware');
 
 const router = express.Router();
+router.use(auth);
 
 router.get('/liked-songs', playlistController.getLikedSongs); 
 router.get('/', playlistController.getPlaylists);
 router.get('/:playlistId', playlistController.getPlaylistSongs);
-router.post('/create', auth, playlistController.createPlaylist);
+router.post('/create', playlistController.createPlaylist);
 
 
 

services/spotifyService.js

@@ -1,4 +1,4 @@
-const createSpotifyApi = require('../utils/spotifyApi');
+const spotifyApi = require('../utils/spotifyApi');
 
 const path = require('path');
 const playlistImages = [
@@ -18,18 +18,16 @@ const convertImageToBase64 = async (imagePath) => {
 
 const getAuthUrl = () => {
     const scopes = ['user-library-read', 'playlist-modify-private', 'playlist-modify-public'];
-    return createSpotifyApi.createAuthorizeURL(scopes, 'state-key');
+    return spotifyApi.createAuthorizeURL(scopes, 'state-key');
 };
 
 const setAccessToken = (accessToken) => {
-    createSpotifyApi.setAccessToken(accessToken);
+    spotifyApi.setAccessToken(accessToken);
 };
 
-const getUserPlaylists = async (token, offset = 0) => {
-    const spotifyApi = createSpotifyApi();
-    spotifyApi.setAccessToken(token);
-    
+const getUserPlaylists = async (offset = 0) => {
     const playlistResponse = await spotifyApi.getUserPlaylists({ offset });
+    
     const likedSongsResponse = await spotifyApi.getMySavedTracks();
 
     return {
@@ -40,7 +38,7 @@ const getUserPlaylists = async (token, offset = 0) => {
 
 const getLikedSongs = async () => {
     try {
-        const response = await createSpotifyApi.getMySavedTracks({
+        const response = await spotifyApi.getMySavedTracks({
             limit: 50,
             offset: 0  
         });
@@ -56,19 +54,19 @@ const getLikedSongs = async () => {
 
 
 const getPlaylist = async (playlistId) => {
-    const response = await createSpotifyApi.getPlaylist(playlistId);
+    const response = await spotifyApi.getPlaylist(playlistId);
     return response.body;
 };
 
 const getPlaylistTracks = async (playlistId) => {
-    const response = await createSpotifyApi.getPlaylistTracks(playlistId);
+    const response = await spotifyApi.getPlaylistTracks(playlistId);
     return response.body;
 };
 
 const getTrackRecommendations = async (seedTrackId) => {
-    const seedTrackFeatures = await createSpotifyApi.getAudioFeaturesForTrack(seedTrackId);
+    const seedTrackFeatures = await spotifyApi.getAudioFeaturesForTrack(seedTrackId);
 
-    const response = await createSpotifyApi.getRecommendations({
+    const response = await spotifyApi.getRecommendations({
         seed_tracks: [seedTrackId],
         limit: 100,
         target_instrumentalness: seedTrackFeatures.body.instrumentalness,
@@ -102,25 +100,25 @@ const getTrackRecommendations = async (seedTrackId) => {
 };
 
 const createPlaylist = async (userId, name, description, trackUris) => {
-    const playlistResponse = await createSpotifyApi.createPlaylist(userId, {
+    const playlistResponse = await spotifyApi.createPlaylist(userId, {
         name,
         description,
     });
 
     const playlistId = playlistResponse.body.id;
-    await createSpotifyApi.addTracksToPlaylist(playlistId, trackUris);
+    await spotifyApi.addTracksToPlaylist(playlistId, trackUris);
 
     const randomImageIndex = Math.floor(Math.random() * playlistImages.length);
     const imagePath = playlistImages[randomImageIndex];
 
     const imageData = await convertImageToBase64(imagePath);
-    await createSpotifyApi.uploadCustomPlaylistCoverImage(playlistId, imageData);
+    await spotifyApi.uploadCustomPlaylistCoverImage(playlistId, imageData);
 
     return playlistId;
 };
 
 const createPlaylistFromSeedTrack = async (userId, seedTrackId) => {
-    const seedTrack = await createSpotifyApi.getTrack(seedTrackId);
+    const seedTrack = await spotifyApi.getTrack(seedTrackId);
     const seedTrackName = seedTrack.body.name;
 
     const recommendations = await getTrackRecommendations(seedTrackId);

utils/spotifyApi.js

@@ -1,11 +1,9 @@
 const SpotifyWebApi = require('spotify-web-api-node');
 
-const createSpotifyApi = () => {
-    return new SpotifyWebApi({
-        clientId: '5e3eef3570b74a37af3438268b820e32',
-        clientSecret: 'ecda63e51490449d9c94b26f9fd9571a',
-        redirectUri: 'https://groovz-backend-js.onrender.com/auth/callback',
-    });
-};
+const spotifyApi = new SpotifyWebApi({
+    clientId: '5e3eef3570b74a37af3438268b820e32',
+    clientSecret: 'ecda63e51490449d9c94b26f9fd9571a',
+    redirectUri: 'https://groovz-backend-js.onrender.com/auth/callback',
+});
 
-module.exports = createSpotifyApi;
+module.exports = spotifyApi;