From 578d29f7745fbe0dd0bb6fd2dfd0f8506d3083f4 Mon Sep 17 00:00:00 2001
From: Broque Thomas <batmanesignal@gmail.com>
Date: Thu, 29 Jan 2026 13:37:22 -0800
Subject: [PATCH] Add Spotify OAuth callback route to Flask app for reverse
 proxy support

Add a /callback Flask route (port 8008) that handles Spotify OAuth token exchange, mirroring the existing HTTPServer handler on port 8888. This allows users behind a reverse proxy to point their Spotify redirect_uri at the  main app.
---
 web_server.py | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/web_server.py b/web_server.py
index 488e4db2..73181d3d 100644
--- a/web_server.py
+++ b/web_server.py
@@ -2863,6 +2863,54 @@ def auth_tidal():
         return f"<h1>❌ Tidal Authentication Error</h1><p>{str(e)}</p>", 500
 
 
+@app.route('/callback')
+def spotify_callback():
+    """
+    Handles Spotify OAuth callback via the main Flask app (port 8008).
+    This allows reverse proxy users to use a redirect_uri pointing at the main app.
+    The dedicated HTTPServer on port 8888 continues to work for direct access.
+    """
+    global spotify_client
+    auth_code = request.args.get('code')
+
+    if not auth_code:
+        error = request.args.get('error', 'Unknown error')
+        if 'error' not in request.args:
+            # Spurious request (e.g., healthcheck) - ignore silently
+            return '', 204
+        return f"<h1>Spotify Authentication Failed</h1><p>OAuth error: {error}</p>", 400
+
+    try:
+        from core.spotify_client import SpotifyClient
+        from spotipy.oauth2 import SpotifyOAuth
+        from config.settings import config_manager
+
+        config = config_manager.get_spotify_config()
+        auth_manager = SpotifyOAuth(
+            client_id=config['client_id'],
+            client_secret=config['client_secret'],
+            redirect_uri=config.get('redirect_uri', "http://127.0.0.1:8888/callback"),
+            scope="user-library-read user-read-private playlist-read-private playlist-read-collaborative user-read-email",
+            cache_path='config/.spotify_cache'
+        )
+
+        token_info = auth_manager.get_access_token(auth_code, as_dict=True)
+
+        if token_info:
+            spotify_client = SpotifyClient()
+            if spotify_client.is_authenticated():
+                add_activity_item("✅", "Spotify Auth Complete", "Successfully authenticated with Spotify", "Now")
+                return "<h1>Spotify Authentication Successful!</h1><p>You can close this window.</p>"
+            else:
+                raise Exception("Token exchange succeeded but authentication validation failed")
+        else:
+            raise Exception("Failed to exchange authorization code for access token")
+    except Exception as e:
+        print(f"🔴 Spotify OAuth callback error: {e}")
+        add_activity_item("❌", "Spotify Auth Failed", f"Token processing failed: {str(e)}", "Now")
+        return f"<h1>Spotify Authentication Failed</h1><p>{str(e)}</p>", 400
+
+
 @app.route('/tidal/callback')
 def tidal_callback():
     """