Spotdl web cannot be selfhosted as localhost part is hardscripted

[rathmerdominik]

System OS

Linux

Python Version

3.10 (CPython)

Install Source

pip / PyPi

Install version / commit hash

v4.0.0rc1

Expected Behavior vs Actual Behavior

Expected Behaviour: The command spotdl web should respect config values and take an endpoint that is not localhost to allow selfhosting

Actual Behaviour: The command spotdl web just 'stupidly' pulls a pre-compiled js file that has BACKEND='localhost' hardscripted into it which does not allow proper selfhosting

Steps to reproduce - Ensure to include actual links!

1. Create a Nginx reverse proxy and put spotdl behind it
2. Visit the site you created
3. Try any search query and see how in the network tab it tries to query localhost

Traceback

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8800/api/songs/search?query=dwa. (Reason: CORS request did not succeed).

Firefox can’t establish a connection to the server at ws://localhost:8800/api/ws?client_id=d708ec76-6883-4fd5-8ece-d05137cf3fa1.

Other details

An easy way to fix this, would be to provide a config option for setting the variables and then build the js file based on these values instead of just plainly getting the files from a dist folder inside another repo

[tobycm]

I'm pretty sure you can create an .env file in the web dir and set the BACKEND value to your address, PORT to your web port and WSPORT to your websocket port

Info here

[rathmerdominik]

I'm pretty sure you can create an .env file in the web dir and set the BACKEND value to your address, PORT to your web port and WSPORT to your websocket port

Info here

As mentioned: The localhost part is hardscripted into the JS files. When you execute spotdl web you will get pre-compiled binaries that have this property hardcoded

You could pull the web-ui repo and use this but it would unnecessarily complicate things

[krohrsb]

Yep needs a configurable bind host and "external" domain for proxies (and cors here) at the very least

[phcreery]

This is correct, I originally had plans for this to be self-hostable but have not gotten around to implementing it yet but would like to see it. The spotdl web command downloads the necessary client file for a localhost only environment. spotdl is not selfhost-able yet and there are no docs on how to do it. Hopefully it will be available in the near future.

Yes, the pre-build fetch is, as you put it, 'stupid', but it works for most users in our audience who do not wish to spin up a proxy or http server.

@rathmerdominik , If you would like to see a selfhost option, do you suggest a solution to solving this or potentially taking some time to open a PR?

[rathmerdominik]

This is correct, I originally had plans for this to be self-hostable but have not gotten around to implementing it yet but would like to see it. The spotdl web command downloads the necessary client file for a localhost only environment. spotdl is not selfhost-able yet and there are no docs on how to do it. Hopefully it will be available in the near future.

Yes, the pre-build fetch is, as you put it, 'stupid', but it works for most users in our audience who do not wish to spin up a proxy or http server.

@rathmerdominik , If you would like to see a selfhost option, do you suggest a solution to solving this or potentially taking some time to open a PR?

Thanks for the reply! I would definitly love to contribute as well. I have two approaches that i could try.

1. We could provide more config options for selfhosting. If these values are anything but the default value then instead of just pulling the compiled js files it would pull the entire repo. Switching out the variables with the given ones in the config and then Compile it with the new variables. This seems to be a bit hacky tho. Another way would be to provide a config.js file that replaces the original file when the custom config.js file has changes.

2. We could use the web-ui repo itself and make this one able to be used properly on a server setup. This would reduce bloat inside the main application as most users, as you already stated, wont use a selfhosting feature.

Could you decide what would be the better approach for this? Or do you have any more ideas that maybe work even better in this case?

[rathmerdominik]

Oh! We could also implement an entire new CLI option for selfhosting

[stale[bot]]

This issue has been automatically marked stale because there hasn't been any activity for the last 30 days.

[stale[bot]]

This issue has been automatically marked stale because there hasn't been any activity for the last 30 days.

[stale[bot]]

This issue has been automatically marked stale because there hasn't been any activity for the last 30 days.

[xnetcat]

Added new options for self-hosting --host, --port, --keep-alive, --allowed-origins.

Now the only thing left to do is web-ui, expect update soon

https://github.com/spotDL/web-ui/issues/4

[xnetcat]

Selfhost is coming in v4.0.2, but you can try it now https://github.com/spotDL/spotify-downloader/tree/dev

[Conradowatz]

Hosting behind a reverse proxy with https is not possible sadly, since the web-ui has the ws: protocol hardcoded. You get an error like this: Mixed Content: The page was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://.../api/ws?client_id=00340b55-a1fc-4b87-8593-2b9f7a5f45d5'. This request has been blocked; this endpoint must be available over WSS This could be fixed by checking if the protocol is https and therfore changing the WS_PROTOCOL to wss: