cleanup

Author: imthaghost

.github/workflows/master-workflow.yml

@@ -17,7 +17,9 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.21.4
-      - name: Test SoundCloud Package
-        run: go test ./pkg/soundcloud/... -v
-      - name: Test Utils Package
-        run: go test ./pkg/utils/... -v
+      - name: Build
+        run: go build ./...
+      - name: Vet
+        run: go vet ./...
+      - name: Test
+        run: go test ./... -v

.gitignore

@@ -1,4 +1,5 @@
 .DS_Store
 dist
+/scdl
 
 .idea/

.goreleaser.yml

@@ -13,7 +13,7 @@ before:
 builds:
   - env:
       - CGO_ENABLED=0
-    main: ./cmd/scdl/main.go
+    main: ./
     binary: scdl
 
 # Archive configurations

README.md

@@ -1,85 +1,92 @@
 <p align="center">
-    <img alt="gopher" src="docs/media/pods.png"> 
+    <img alt="gopher" src="docs/media/pods.png">
 </p>
 <p align="center">
-Scdl is the fastest SoundCloud music downloading CLI tool. Scdl utilizes a go routine pool ensuring multiple thread safe and fast downloads from SoundCloud within seconds. There are extended features such as search (no URL needed) recursively downloading all songs from a given playlist and more!
+A fast SoundCloud track downloader written in Go. Give it a track URL, get back an <code>.mp3</code> with embedded cover art.
 </p>
-<br>
 <p align="center">
    <a href="https://goreportcard.com/report/github.com/imthaghost/scdl"><img src="https://goreportcard.com/badge/github.com/imthaghost/scdl"></a>
 </p>
-<br>
 
 ![Download](/docs/media/v2.gif)
 
 ## Table of Contents
 
--   [Installation](#installation)
--   [Usage](#usage)
--   [Examples](#Examples)
--   [Todo](#Todo)
--   [License](#license)
+- [Installation](#installation)
+- [Usage](#usage)
+- [How it works](#how-it-works)
+- [Roadmap](#roadmap)
+- [License](#license)
 
-## 🚀 Installation
+## Installation
 
-### Brew
+### Homebrew
 
 ```bash
-# tap
 brew tap imthaghost/scdl
-# install tool
 brew install scdl
 ```
 
-### Manual
+### Go
 
 ```bash
-# go install :)
-go install github.com/imthaghost/scdl/cmd/scdl@latest
+go install github.com/imthaghost/scdl@latest
 ```
 
-### Binary
+### Pre-built binary
 
-[Download Here](https://github.com/imthaghost/scdl/releases)
+Grab the latest release from the [releases page](https://github.com/imthaghost/scdl/releases).
 
 ## Usage
 
-  ``-h, --help`` -  Help screen and usage
+```bash
+scdl <track-url>
+```
 
-  ``-s, --search`` - Option for searching for songs
+Example:
 
+```bash
+scdl https://soundcloud.com/polo-g/polo-g-feat-juice-wrld-flex
+```
 
-## Examples
+The file is written to the current directory as `<track title>.mp3` with the SoundCloud artwork embedded as an ID3v2 front-cover frame.
 
-### Base Command
-```bash 
-# command + SounCloud URL
-scdl https://soundcloud.com/polo-g/polo-g-feat-juice-wrld-flex
+### Go+ / private tracks (authenticated downloads)
+
+Supply a SoundCloud OAuth token to unlock 256 kbps Go+ transcodings and to download private tracks your account can access. Either pass it on the flag:
+
+```bash
+scdl --token "$YOUR_TOKEN" <track-url>
+```
+
+…or set it once in your shell:
+
+```bash
+export SCDL_TOKEN="your-token-here"
+scdl <track-url>
 ```
 
+To find your token: open soundcloud.com in your logged-in browser, open DevTools → Network, click any request to `api-v2.soundcloud.com`, and copy the value after `OAuth ` in the `Authorization` request header.
 
+Private share links (`?secret_token=s-XXX` or `/s-XXX`) are supported with or without a token.
 
-## Todo
+## How it works
 
-### Short term
+1. Fetches the track page and parses its `__sc_hydration` JSON.
+2. Scrapes a fresh `client_id` from SoundCloud's JS bundles.
+3. Builds an authenticated HLS playlist URL using the track's `track_authorization` token.
+4. Downloads every segment in parallel, decrypts any AES-128 segments, and assembles them in order.
+5. Writes the resulting MP3 and embeds the `og:image` cover art via [`bogem/id3v2`](https://github.com/bogem/id3v2).
 
--   [x] Cobra command line interface
--   [x] Download audio file from Soundcloud URL
--   [x] Goroutine pool for downloading m3u8 file
--   [x] Installation via Brew
--   [x] Mp3 file contains image cover
--   [x] Download a song through search functionality
--   [ ] 80-100% test coverage
--   [ ] Update tool for better performance
--   [ ] Proxy flag
--   [ ] Format flag
-### Long term
--   [ ] Search results
--   [ ] Download all songs from a given playlist
--   [ ] Download all songs from a given album
+## Roadmap
 
-## 📝 License
+- [x] High-quality (256 kbps) downloads via SoundCloud Go+ auth ([#13](https://github.com/imthaghost/scdl/issues/13))
+- [x] Private share-link downloads (`?secret_token=` / `/s-XXX`) ([#10](https://github.com/imthaghost/scdl/issues/10))
+- [ ] Playlist / set URLs (`/sets/...`)
+- [ ] Non-zero exit code on download failure
+- [ ] `--output` / `-o` flag for output path
+- [ ] Proxy support
 
-By contributing, you agree that your contributions will be licensed under its MIT License.
+## License
 
-In short, when you submit code changes, your submissions are understood to be under the same [MIT License](http://choosealicense.com/licenses/mit/) that covers the project. Feel free to contact the maintainers if that's a concern.
+[MIT](https://choosealicense.com/licenses/mit/) — see [LICENSE](LICENSE).

client.go

@@ -0,0 +1,47 @@
+package main
+
+import (
+	"net/http"
+	"strings"
+)
+
+const (
+	userAgent       = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"
+	apiV2Host       = "api-v2.soundcloud.com"
+	authHeader      = "Authorization"
+	authHeaderValue = "OAuth "
+)
+
+// Soundcloud is an HTTP client for scraping and downloading SoundCloud tracks.
+//
+// Token is an optional SoundCloud OAuth token. When set, it's attached as
+// "Authorization: OAuth <token>" on requests to api-v2.soundcloud.com, which
+// unlocks Go+ high-quality transcodings and private tracks the account has
+// access to.
+type Soundcloud struct {
+	Client    *http.Client
+	UserAgent string
+	Token     string
+}
+
+func NewClient(httpClient *http.Client, token string) *Soundcloud {
+	if httpClient == nil {
+		httpClient = &http.Client{}
+	}
+	return &Soundcloud{Client: httpClient, UserAgent: userAgent, Token: token}
+}
+
+// authedGet performs a GET request, attaching the OAuth header only when the
+// URL targets api-v2.soundcloud.com and a token is configured. Other hosts
+// (the page itself, CDN segments, asset bundles) don't accept the header.
+func (s *Soundcloud) authedGet(rawURL string) (*http.Response, error) {
+	req, err := http.NewRequest("GET", rawURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("User-Agent", s.UserAgent)
+	if s.Token != "" && strings.Contains(rawURL, apiV2Host) {
+		req.Header.Set(authHeader, authHeaderValue+s.Token)
+	}
+	return s.Client.Do(req)
+}

client_test.go

@@ -0,0 +1,84 @@
+package main
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+// roundTripFunc lets us intercept requests without spinning up a real server,
+// which is the only way to assert the request URL hits api-v2.soundcloud.com.
+type roundTripFunc func(*http.Request) (*http.Response, error)
+
+func (f roundTripFunc) RoundTrip(r *http.Request) (*http.Response, error) { return f(r) }
+
+func TestAuthedGetAttachesOAuthHeaderOnlyForAPIV2(t *testing.T) {
+	cases := []struct {
+		name      string
+		url       string
+		token     string
+		wantAuth  string
+		wantAgent string
+	}{
+		{
+			name:     "api-v2 with token: header attached",
+			url:      "https://api-v2.soundcloud.com/media/foo",
+			token:    "TEST_TOKEN",
+			wantAuth: "OAuth TEST_TOKEN",
+		},
+		{
+			name:     "api-v2 without token: no auth header",
+			url:      "https://api-v2.soundcloud.com/media/foo",
+			token:    "",
+			wantAuth: "",
+		},
+		{
+			name:     "non-api-v2 with token: token NOT leaked to other hosts",
+			url:      "https://cdn.example.com/segment.ts",
+			token:    "TEST_TOKEN",
+			wantAuth: "",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			var seen *http.Request
+			httpClient := &http.Client{Transport: roundTripFunc(func(req *http.Request) (*http.Response, error) {
+				seen = req
+				return &http.Response{StatusCode: 200, Body: http.NoBody, Header: make(http.Header)}, nil
+			})}
+			s := NewClient(httpClient, tc.token)
+			resp, err := s.authedGet(tc.url)
+			if err != nil {
+				t.Fatalf("authedGet: %v", err)
+			}
+			resp.Body.Close()
+
+			if got := seen.Header.Get("Authorization"); got != tc.wantAuth {
+				t.Errorf("Authorization = %q, want %q", got, tc.wantAuth)
+			}
+			if got := seen.Header.Get("User-Agent"); got == "" || !strings.HasPrefix(got, "Mozilla/") {
+				t.Errorf("User-Agent = %q, want a Mozilla-style UA", got)
+			}
+		})
+	}
+}
+
+// TestAuthedGetEndToEnd uses a real httptest server to make sure the request
+// actually goes through (no transport oddities) and the body is readable.
+func TestAuthedGetEndToEnd(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("ok"))
+	}))
+	defer srv.Close()
+
+	resp, err := NewClient(http.DefaultClient, "").authedGet(srv.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != 200 {
+		t.Errorf("status = %d, want 200", resp.StatusCode)
+	}
+}