[PR #3] [MERGED] feat: implement dynamic TOTP secret fetching and fallback mechanism #5

New issue

Closed

opened 2026-02-27 20:21:32 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 20:21:32 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/Paxsenix0/Spotify-Canvas-API/pull/3
Author: @Inzaniity
Created: 7/25/2025
Status: ✅ Merged
Merged: 7/26/2025
Merged by: @Paxsenix0

Base: main ← Head: TOTP-Token-Fetch

📝 Commits (1)

d1bb9d9 feat: implement dynamic TOTP secret fetching and fallback mechanism

📊 Changes

1 file changed (+115 additions, -13 deletions)

View changed files

📝 services/spotifyAuthService.js (+115 -13)

📄 Description

This PR implements automatic fetching of TOTP secrets from the Spotify secrets repository, replacing the hardcoded secret with a dynamic system that automatically updates to use the newest available tokens. #2

Fetches TOTP secrets from spotify-secrets repository
Automatically fetches latest secrets when the application starts
Checks for new tokens every hour using setInterval
Automatically selects the highest version number from available secrets
"Graceful" Fallback: Falls back to original secret if GitHub fetch fails (for reference only)
TOTP is now generated dynamically based on fetched secrets

The fallback secret is kept for reference but will likely fail as Spotify rotates secrets frequently. The system automatically handles the transition to new secrets without service interruption

I also added dotenv import in spotifyAuthService.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/Paxsenix0/Spotify-Canvas-API/pull/3 **Author:** [@Inzaniity](https://github.com/Inzaniity) **Created:** 7/25/2025 **Status:** ✅ Merged **Merged:** 7/26/2025 **Merged by:** [@Paxsenix0](https://github.com/Paxsenix0) **Base:** `main` ← **Head:** `TOTP-Token-Fetch` --- ### 📝 Commits (1) - [`d1bb9d9`](https://github.com/Paxsenix0/Spotify-Canvas-API/commit/d1bb9d938d2331e19a3bf87549abb6b5536a88c1) feat: implement dynamic TOTP secret fetching and fallback mechanism ### 📊 Changes **1 file changed** (+115 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `services/spotifyAuthService.js` (+115 -13) </details> ### 📄 Description This PR implements automatic fetching of TOTP secrets from the [Spotify secrets repository](https://github.com/Thereallo1026/spotify-secrets/), replacing the hardcoded secret with a dynamic system that automatically updates to use the newest available tokens. #2 - Fetches TOTP secrets from spotify-secrets repository - Automatically fetches latest secrets when the application starts - Checks for new tokens every hour using setInterval - Automatically selects the highest version number from available secrets - "Graceful" Fallback: Falls back to original secret if GitHub fetch fails (for reference only) - TOTP is now generated dynamically based on fetched secrets --- The fallback secret is kept for reference but will likely fail as Spotify rotates secrets frequently. The system automatically handles the transition to new secrets without service interruption I also added dotenv import in spotifyAuthService. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-02-27 20:21:32 +03:00

closed this issue
added the
pull-request
label

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Spotify-Canvas-API#5

No description provided.

Rows
Columns