youtube-music icon indicating copy to clipboard operation
youtube-music copied to clipboard

Published 20 hours ago verified publisher icon th-ch

[DEPRECATED] API Plugin

Open Zo-Bro-23 opened this issue 1 year ago • 4 comments

Adds an API plugin. Plugin provides a REST API to do the following:

  • View all song-info
  • Control the player

API uses keys that are arbitrarily assigned - custom keys can be chosen if desired. The same key can be used on multiple devices and installations. This works very similarly to the SponsorBlock key system.

I have also built an Android remote app that works using this plugin. I will add a link once Google Play approves it.

Documentation

Note The main API endpoint is https://youtube-music-api.zohan.tech/api/ - https://github.com/Zo-Bro-23/youtube-music-api

Current song

GET /status

Query Params:

  • key: Your API key

Song control

POST /control

Request Body:

  • key: Your API key
  • controls: A list (array) of controls to execute; controls can be:
    • play
    • pause
    • playPause
    • previous
    • next
    • like
    • dislike
    • go10sBack
    • go10sForward
    • go1sBack
    • go1sBack
    • shuffle
    • switchRepeat
    • volumeMinus10
    • volumePlus10
    • fullscreen
    • muteUnmute
    • maximizeMinimisePlayer
    • goToHome
    • goToLibrary
    • goToSettings
    • goToExplore
    • search
    • showShortcuts

Android App

Download from Google Play or use the latest APK from the ./android/ folder.

Warning The API key set using the Android App is semi-permenant. To change the key go to Settings > Apps > Remote > Clear Data > Clear All Data.

Screenshots

Zo-Bro-23 avatar Mar 31 '23 01:03 Zo-Bro-23

Good job on the initiative, but I don't understand why is the server not local?

why would all my data go through your server? this doesn't make any sense to me...

where's the security here? I could literally send commands to your pc if I have your api key?

The server should be on a local network only, there's no reason to expose it to the internet. see how YTM does this: https://github.com/ytmdesktop/ytmdesktop/blob/master/src/providers/companionServer.js

in addition:

you are missing the line below, without it you are not guaranteed to get events from ipcMain.on('timeChanged')

    ipcMain.on('apiLoaded', () => win.webContents.send('setupTimeChangedListener'));

and you should use the new synced config provider, examples in https://github.com/th-ch/youtube-music/pull/1064

Araxeus avatar Mar 31 '23 07:03 Araxeus

Good job on the initiative, but I don't understand why is the server not local?

why would all my data go through your server? this doesn't make any sense to me...

where's the security here? I could literally send commands to your pc if I have your api key?

The server should be on a local network only, there's no reason to expose it to the internet. see how YTM does this: https://github.com/ytmdesktop/ytmdesktop/blob/master/src/providers/companionServer.js

in addition:

you are missing the line below, without it you are not guaranteed to get events from ipcMain.on('timeChanged')

    ipcMain.on('apiLoaded', () => win.webContents.send('setupTimeChangedListener'));

and you should use the new synced config provider, examples in #1064

How about having a separate plugin that uses local endpoints? I personally prefer having a server-based approach so that I can control my computer even when I'm on different WiFi networks. We can have a local API plugin for those worried about security concerns.

Zo-Bro-23 avatar Apr 01 '23 07:04 Zo-Bro-23

How about having a separate plugin that uses local endpoints? I personally prefer having a server-based approach so that I can control my computer even when I'm on different WiFi networks. We can have a local API plugin for those worried about security concerns.

I still think it's a privacy and security concern to connect to some random external server. Most users won't even know (or expect) that all their data is going through a 3rd party server. You should ask @th-ch what he thinks, he has the final say here.

But anyways if this goes through, how about using WebSocket instead of REST? (ws or socket.io)

And btw, where is the source for the android app?

Araxeus avatar Apr 01 '23 08:04 Araxeus

One thing that comes to my mind to do both local and wan apis is just make the api endpoint customizable through an input field.(I don't know if you do that already)

And if the api-server code is open, we can run our own servers local or global.

Or better yet, the server could be run on the local machine running youtube-music inside the app itself.

Then if we can access the device running youtube-music locally, we can key in the local address(on android/controller interface). and if it has a global address we can key that in.

for global control with devices with non-static or non global ips, we could add an option(for the user to choose) to tunnel the api server thru a ssh tunnel(we don't have to worry about snooping) using something like serveo.net or self run tunnels.

btw I made an api and a webinterface which fetches data through that api( local api and through an ssh tunnel) to show what I'm listening to on my personal website, and the latency's quite less. the feature set is small (nothing comared to OP's) just fetch song information since that's what I want right now...

image

QuditWolf avatar May 16 '23 01:05 QuditWolf

#1909

JellyBrick avatar Mar 30 '24 18:03 JellyBrick