aspauldingcode
diff --git a/‎portfolio/flake.nix‎
Lines changed: 9 additions & 1 deletion b/‎portfolio/flake.nix‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎portfolio/package-lock.json‎
Lines changed: 7 additions & 0 deletions b/‎portfolio/package-lock.json‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎portfolio/package.json‎
Lines changed: 2 additions & 0 deletions b/‎portfolio/package.json‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎portfolio/src/app/api/tidal-hls-proxy/route.ts‎
Lines changed: 128 additions & 0 deletions b/‎portfolio/src/app/api/tidal-hls-proxy/route.ts‎
Lines changed: 128 additions & 0 deletions
diff --git a/‎portfolio/src/app/api/tidal-search/route.ts‎
Lines changed: 83 additions & 0 deletions b/‎portfolio/src/app/api/tidal-search/route.ts‎
Lines changed: 83 additions & 0 deletions
diff --git a/‎portfolio/src/app/api/tidal-token/route.ts‎
Lines changed: 40 additions & 0 deletions b/‎portfolio/src/app/api/tidal-token/route.ts‎
Lines changed: 40 additions & 0 deletions
@@ -70,9 +70,17 @@
 
           dev = pkgs.writeShellApplication {
             name = "dev";
-            runtimeInputs = [ pkgs.nodejs_22 ];
+            runtimeInputs = [ pkgs.nodejs_22 pkgs.nodePackages_latest.vercel ];
             text = ''
               echo "Starting development server..."
+              ENV_FILE="../.env.vercel.development.local"
+              vercel env pull "$ENV_FILE" --environment development --yes --cwd ..
+              if [ -f "$ENV_FILE" ]; then
+                set -a
+                # shellcheck source=/dev/null
+                . "$ENV_FILE"
+                set +a
+              fi
               npm run dev
             '';
           };
 
@@ -4,6 +4,7 @@
   "private": true,
   "scripts": {
     "dev": "next dev --turbopack",
+    "dev:vercel": "vercel dev --yes",
     "build": "next build",
     "start": "next start",
     "lint": "eslint .",
@@ -17,6 +18,7 @@
     "extract-colors": "^4.2.1",
     "framer-motion": "^12.27.5",
     "glob": "^13.0.6",
+    "hls.js": "^1.6.16",
     "lru-cache": "^11.0.0",
     "next": "^16.1.6",
     "pdfjs-dist": "^5.7.284",
 
@@ -0,0 +1,128 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+const ALLOWED_TIDAL_HOSTNAMES = [
+  'sp-pr-cf.audio.tidal.com',
+  'sp-ad-cf.audio.tidal.com',
+  'sp-pr-ad.audio.tidal.com',
+  'cdn.tidal.com',
+  'audio.tidal.com',
+];
+
+function isAllowedTidalUrl(url: URL): boolean {
+  return ALLOWED_TIDAL_HOSTNAMES.some(
+    (h) => url.hostname === h || url.hostname.endsWith(`.${h}`)
+  );
+}
+
+function rewriteManifestSegments(content: string, manifestUrl: string): string {
+  let baseUrl: URL | null = null;
+  try {
+    baseUrl = new URL(manifestUrl);
+  } catch {
+    /* leave baseUrl null – only absolute segment URLs can be rewritten */
+  }
+
+  return content
+    .split('\n')
+    .map((line) => {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith('#')) return line;
+
+      // Resolve relative URLs against the manifest URL when possible.
+      let segUrl = trimmed;
+      if (baseUrl && !trimmed.startsWith('http')) {
+        try {
+          segUrl = new URL(trimmed, baseUrl).toString();
+        } catch {
+          return line;
+        }
+      }
+
+      try {
+        const parsed = new URL(segUrl);
+        if (isAllowedTidalUrl(parsed)) {
+          return `/api/tidal-hls-proxy?url=${encodeURIComponent(segUrl)}`;
+        }
+      } catch {
+        /* not a valid URL, leave as-is */
+      }
+      return line;
+    })
+    .join('\n');
+}
+
+export async function GET(req: NextRequest) {
+  const rawUrl = req.nextUrl.searchParams.get('url');
+  if (!rawUrl) {
+    return new NextResponse('Missing url parameter', { status: 400 });
+  }
+
+  let targetUrl: URL;
+  try {
+    targetUrl = new URL(rawUrl);
+  } catch {
+    return new NextResponse('Invalid URL', { status: 400 });
+  }
+
+  if (!isAllowedTidalUrl(targetUrl)) {
+    return new NextResponse('Domain not allowed', { status: 403 });
+  }
+
+  const upstream = await fetch(targetUrl.toString(), {
+    headers: { 'User-Agent': 'Mozilla/5.0 TidalPlayer/1.0' },
+    cache: 'no-store',
+  }).catch(() => null);
+
+  if (!upstream) {
+    return new NextResponse('Upstream fetch failed', { status: 502 });
+  }
+  if (!upstream.ok) {
+    return new NextResponse(`Upstream error ${upstream.status}`, {
+      status: upstream.status,
+    });
+  }
+
+  const contentType = upstream.headers.get('content-type') ?? '';
+  const looksLikeManifest =
+    contentType.includes('mpegurl') ||
+    rawUrl.includes('.m3u8') ||
+    rawUrl.includes('/manifest') ||
+    contentType.includes('tidal.bts');
+
+  const corsHeaders = {
+    'Access-Control-Allow-Origin': '*',
+    'Access-Control-Allow-Methods': 'GET, OPTIONS',
+  };
+
+  if (looksLikeManifest) {
+    const text = await upstream.text();
+    const rewritten = rewriteManifestSegments(text, rawUrl);
+    return new NextResponse(rewritten, {
+      headers: {
+        ...corsHeaders,
+        'Content-Type': 'application/vnd.apple.mpegurl',
+        'Cache-Control': 'no-cache',
+      },
+    });
+  }
+
+  // Audio segment – stream through.
+  const buffer = await upstream.arrayBuffer();
+  return new NextResponse(buffer, {
+    headers: {
+      ...corsHeaders,
+      'Content-Type': contentType || 'audio/aac',
+      'Cache-Control': 'max-age=3600',
+    },
+  });
+}
+
+export async function OPTIONS() {
+  return new NextResponse(null, {
+    status: 204,
+    headers: {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Methods': 'GET, OPTIONS',
+    },
+  });
+}
@@ -0,0 +1,83 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+type TidalSearchPayload = {
+  data?: unknown;
+  included: unknown[];
+};
+
+type CacheEntry = {
+  expiresAt: number;
+  payload: TidalSearchPayload;
+};
+
+const SEARCH_CACHE_TTL_MS = 10 * 60 * 1000; // 10 minutes
+const searchCache = new Map<string, CacheEntry>();
+
+// GET /api/tidal-search?q=BladeWalker+ModernOrange&countryCode=US
+export async function GET(req: NextRequest) {
+  const { searchParams } = new URL(req.url);
+  const q           = searchParams.get('q') ?? '';
+  const countryCode = searchParams.get('countryCode') ?? 'US';
+  const query = q.trim();
+  const cacheKey = `${countryCode}::${query.toLowerCase()}`;
+
+  if (!query) {
+    return NextResponse.json({ included: [] }, { status: 200 });
+  }
+
+  const now = Date.now();
+  const cached = searchCache.get(cacheKey);
+  if (cached && now < cached.expiresAt) {
+    return NextResponse.json(cached.payload, { status: 200 });
+  }
+
+  // Get a fresh access token from our own secure endpoint
+  const tokenRes = await fetch(`${req.nextUrl.origin}/api/tidal-token`);
+  if (!tokenRes.ok) return NextResponse.json({ error: 'token fetch failed' }, { status: 500 });
+  const { token } = await tokenRes.json();
+
+  // TIDAL path is case-sensitive: /searchResults/{id}
+  const url = `https://openapi.tidal.com/v2/searchResults/${encodeURIComponent(query)}?countryCode=${countryCode}&include=tracks`;
+
+  const res = await fetch(url, {
+    headers: {
+      'Authorization': `Bearer ${token}`,
+      'Accept': 'application/vnd.api+json',
+    },
+  });
+
+  if (res.status === 429) {
+    // In dev React strict mode, repeated mounts can trigger bursts.
+    // Serve stale cache if available; otherwise provide a soft-empty payload.
+    if (cached) {
+      return NextResponse.json(cached.payload, { status: 200 });
+    }
+    return NextResponse.json({ included: [] }, { status: 200 });
+  }
+
+  if (res.status === 404) {
+    // No search result id for this query; return empty tracks payload for client fallback.
+    const payload: TidalSearchPayload = { included: [] };
+    searchCache.set(cacheKey, {
+      payload,
+      expiresAt: now + SEARCH_CACHE_TTL_MS,
+    });
+    return NextResponse.json(payload, { status: 200 });
+  }
+
+  if (!res.ok) {
+    const text = await res.text();
+    return NextResponse.json({ error: text }, { status: res.status });
+  }
+
+  const data = await res.json();
+  const payload: TidalSearchPayload = {
+    data: data.data,
+    included: Array.isArray(data.included) ? data.included : [],
+  };
+  searchCache.set(cacheKey, {
+    payload,
+    expiresAt: now + SEARCH_CACHE_TTL_MS,
+  });
+  return NextResponse.json(payload);
+}
@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server';
+
+let cachedToken: string | null = null;
+let tokenExpiry = 0;
+
+export async function GET() {
+  // Serve cached token if still valid (with 60s buffer)
+  if (cachedToken && Date.now() < tokenExpiry - 60_000) {
+    return NextResponse.json({ token: cachedToken });
+  }
+
+  const clientId     = process.env.TIDAL_CLIENT_ID;
+  const clientSecret = process.env.TIDAL_CLIENT_SECRET;
+
+  if (!clientId || !clientSecret) {
+    return NextResponse.json({ error: 'TIDAL credentials not configured' }, { status: 500 });
+  }
+
+  const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
+
+  const res = await fetch('https://auth.tidal.com/v1/oauth2/token', {
+    method: 'POST',
+    headers: {
+      'Authorization': `Basic ${credentials}`,
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+    body: 'grant_type=client_credentials',
+  });
+
+  if (!res.ok) {
+    const text = await res.text();
+    return NextResponse.json({ error: `TIDAL auth failed: ${text}` }, { status: res.status });
+  }
+
+  const data = await res.json();
+  cachedToken = data.access_token;
+  tokenExpiry = Date.now() + data.expires_in * 1000;
+
+  return NextResponse.json({ token: cachedToken });
+}