spotify-profile-monitor 2.6__tar.gz → 2.7__tar.gz

{spotify_profile_monitor-2.6 → spotify_profile_monitor-2.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spotify_profile_monitor
-Version: 2.6
+Version: 2.7
 Summary: Tool implementing real-time tracking of Spotify users activities and profile changes including playlists
 Author-email: Michal Szymanski <misiektoja-pypi@rm-rf.ninja>
 License-Expression: GPL-3.0-or-later
@@ -24,13 +24,16 @@ Requires-Dist: pytz>=2020.1
 Requires-Dist: tzlocal>=4.0
 Requires-Dist: python-dotenv>=0.19
 Requires-Dist: spotipy>=2.24.0
+Requires-Dist: wcwidth>=0.2.7
 Dynamic: license-file
 
 # spotify_profile_monitor
 
-OSINT tool for real-time monitoring of Spotify users' activities and profile changes including playlists.
+OSINT tool for real-time monitoring of **Spotify users' activities and profile changes including playlists**.
 
-NOTE: If you want to track Spotify friends' music activity, check out another tool I developed: [spotify_monitor](https://github.com/misiektoja/spotify_monitor).
+✨ If you want to track Spotify friends' music activity, check out another tool I developed: [spotify_monitor](https://github.com/misiektoja/spotify_monitor).
+
+🛠️ If you're looking for debug tools to get Spotify Web Player access tokens and extract secret keys: [click here](#debugging-tools)
 
 <a id="features"></a>
 ## Features
@@ -89,14 +92,17 @@ NOTE: If you want to track Spotify friends' music activity, check out another to
    * [Check Intervals](#check-intervals)
    * [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix)
    * [Coloring Log Output with GRC](#coloring-log-output-with-grc)
-6. [Change Log](#change-log)
-7. [License](#license)
+6. [Debugging Tools](#debugging-tools)
+   * [Access Token Retrieval via sp_dc Cookie and TOTP](#access-token-retrieval-via-sp_dc-cookie-and-totp)
+   * [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles)
+7. [Change Log](#change-log)
+8. [License](#license)
 
 <a id="requirements"></a>
 ## Requirements
 
 * Python 3.6 or higher
-* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `pytz`, `tzlocal`, `python-dotenv`, [Spotipy](https://github.com/spotipy-dev/spotipy)
+* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `pytz`, `tzlocal`, `python-dotenv`, [Spotipy](https://github.com/spotipy-dev/spotipy), `wcwidth`
 
 Tested on:
 
@@ -124,7 +130,7 @@ Download the *[spotify_profile_monitor.py](https://raw.githubusercontent.com/mis
 Install dependencies via pip:
 
 ```sh
-pip install requests python-dateutil urllib3 pyotp pytz tzlocal python-dotenv spotipy
+pip install requests python-dateutil urllib3 pyotp pytz tzlocal python-dotenv spotipy wcwidth
 ```
 
 Alternatively, from the downloaded *[requirements.txt](https://raw.githubusercontent.com/misiektoja/spotify_profile_monitor/refs/heads/main/requirements.txt)*:
@@ -241,6 +247,8 @@ If your `sp_dc` cookie expires, the tool will notify you via the console and ema
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
+
 <a id="spotify-desktop-client"></a>
 #### Spotify Desktop Client
 
@@ -811,6 +819,76 @@ Example:
 grc tail -F -n 100 spotify_profile_monitor_<user_uri_id/file_suffix>.log
 ```
 
+<a id="debugging-tools"></a>
+## Debugging Tools
+
+To help with troubleshooting and development, two debug utilities are available in the [debug](https://github.com/misiektoja/spotify_monitor/tree/dev/debug) directory of the related [spotify_monitor](https://github.com/misiektoja/spotify_monitor) project.
+
+<a id="access-token-retrieval-via-sp_dc-cookie-and-totp"></a>
+### Access Token Retrieval via sp_dc Cookie and TOTP
+
+The [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) tool retrieves a Spotify access token using a Web Player `sp_dc` cookie and TOTP parameters. 
+
+Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) or:
+
+```sh
+wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_totp_test.py
+```
+
+Install requirements:
+
+```sh
+pip install requests python-dateutil pyotp
+```
+
+Run:
+
+```sh
+python3 spotify_monitor_totp_test.py --sp-dc "your_sp_dc_cookie_value"
+```
+
+You should get a valid Spotify access token, example output:
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_totp_test.png" alt="spotify_monitor_totp_test" width="100%"/>
+</p>
+
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) (available since v1.6). There is also a [Thereallo1026/spotify-secrets](https://github.com/Thereallo1026/spotify-secrets) repo which offers JSON files that are automatically updated with current secrets.
+
+<a id="secret-key-extraction-from-spotify-web-player-bundles"></a>
+### Secret Key Extraction from Spotify Web Player Bundles
+
+The [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) tool automatically extracts secret keys used for TOTP generation in Spotify Web Player JavaScript bundles. 
+
+Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) or:
+
+```sh
+wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_secret_grabber.py
+```
+
+Install requirements:
+
+```sh
+pip install playwright
+playwright install
+```
+
+Run:
+
+```sh
+python3 spotify_monitor_secret_grabber.py
+```
+
+You should get output similar to below:
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_secret_grabber.png" alt="spotify_monitor_secret_grabber" width="100%"/>
+</p>
+
+You can now update the secrets used for TOTP generation (for example `SECRET_CIPHER_DICT` in `spotify_monitor_totp_test`, `spotify_monitor` and `spotify_profile_monitor`).
+
+> **NOTE:** you can also use [Thereallo1026/spotify-secrets](https://github.com/Thereallo1026/spotify-secrets) repo which offers JSON files that are automatically updated with current secrets (its secret extraction code is based on `spotify_monitor_secret_grabber`).
+
 <a id="change-log"></a>
 ## Change Log
 

{spotify_profile_monitor-2.6 → spotify_profile_monitor-2.7}/README.md

@@ -1,8 +1,10 @@
 # spotify_profile_monitor
 
-OSINT tool for real-time monitoring of Spotify users' activities and profile changes including playlists.
+OSINT tool for real-time monitoring of **Spotify users' activities and profile changes including playlists**.
 
-NOTE: If you want to track Spotify friends' music activity, check out another tool I developed: [spotify_monitor](https://github.com/misiektoja/spotify_monitor).
+✨ If you want to track Spotify friends' music activity, check out another tool I developed: [spotify_monitor](https://github.com/misiektoja/spotify_monitor).
+
+🛠️ If you're looking for debug tools to get Spotify Web Player access tokens and extract secret keys: [click here](#debugging-tools)
 
 <a id="features"></a>
 ## Features
@@ -61,14 +63,17 @@ NOTE: If you want to track Spotify friends' music activity, check out another to
    * [Check Intervals](#check-intervals)
    * [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix)
    * [Coloring Log Output with GRC](#coloring-log-output-with-grc)
-6. [Change Log](#change-log)
-7. [License](#license)
+6. [Debugging Tools](#debugging-tools)
+   * [Access Token Retrieval via sp_dc Cookie and TOTP](#access-token-retrieval-via-sp_dc-cookie-and-totp)
+   * [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles)
+7. [Change Log](#change-log)
+8. [License](#license)
 
 <a id="requirements"></a>
 ## Requirements
 
 * Python 3.6 or higher
-* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `pytz`, `tzlocal`, `python-dotenv`, [Spotipy](https://github.com/spotipy-dev/spotipy)
+* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `pytz`, `tzlocal`, `python-dotenv`, [Spotipy](https://github.com/spotipy-dev/spotipy), `wcwidth`
 
 Tested on:
 
@@ -96,7 +101,7 @@ Download the *[spotify_profile_monitor.py](https://raw.githubusercontent.com/mis
 Install dependencies via pip:
 
 ```sh
-pip install requests python-dateutil urllib3 pyotp pytz tzlocal python-dotenv spotipy
+pip install requests python-dateutil urllib3 pyotp pytz tzlocal python-dotenv spotipy wcwidth
 ```
 
 Alternatively, from the downloaded *[requirements.txt](https://raw.githubusercontent.com/misiektoja/spotify_profile_monitor/refs/heads/main/requirements.txt)*:
@@ -213,6 +218,8 @@ If your `sp_dc` cookie expires, the tool will notify you via the console and ema
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
+
 <a id="spotify-desktop-client"></a>
 #### Spotify Desktop Client
 
@@ -783,6 +790,76 @@ Example:
 grc tail -F -n 100 spotify_profile_monitor_<user_uri_id/file_suffix>.log
 ```
 
+<a id="debugging-tools"></a>
+## Debugging Tools
+
+To help with troubleshooting and development, two debug utilities are available in the [debug](https://github.com/misiektoja/spotify_monitor/tree/dev/debug) directory of the related [spotify_monitor](https://github.com/misiektoja/spotify_monitor) project.
+
+<a id="access-token-retrieval-via-sp_dc-cookie-and-totp"></a>
+### Access Token Retrieval via sp_dc Cookie and TOTP
+
+The [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) tool retrieves a Spotify access token using a Web Player `sp_dc` cookie and TOTP parameters. 
+
+Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) or:
+
+```sh
+wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_totp_test.py
+```
+
+Install requirements:
+
+```sh
+pip install requests python-dateutil pyotp
+```
+
+Run:
+
+```sh
+python3 spotify_monitor_totp_test.py --sp-dc "your_sp_dc_cookie_value"
+```
+
+You should get a valid Spotify access token, example output:
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_totp_test.png" alt="spotify_monitor_totp_test" width="100%"/>
+</p>
+
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) (available since v1.6). There is also a [Thereallo1026/spotify-secrets](https://github.com/Thereallo1026/spotify-secrets) repo which offers JSON files that are automatically updated with current secrets.
+
+<a id="secret-key-extraction-from-spotify-web-player-bundles"></a>
+### Secret Key Extraction from Spotify Web Player Bundles
+
+The [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) tool automatically extracts secret keys used for TOTP generation in Spotify Web Player JavaScript bundles. 
+
+Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) or:
+
+```sh
+wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_secret_grabber.py
+```
+
+Install requirements:
+
+```sh
+pip install playwright
+playwright install
+```
+
+Run:
+
+```sh
+python3 spotify_monitor_secret_grabber.py
+```
+
+You should get output similar to below:
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_secret_grabber.png" alt="spotify_monitor_secret_grabber" width="100%"/>
+</p>
+
+You can now update the secrets used for TOTP generation (for example `SECRET_CIPHER_DICT` in `spotify_monitor_totp_test`, `spotify_monitor` and `spotify_profile_monitor`).
+
+> **NOTE:** you can also use [Thereallo1026/spotify-secrets](https://github.com/Thereallo1026/spotify-secrets) repo which offers JSON files that are automatically updated with current secrets (its secret extraction code is based on `spotify_monitor_secret_grabber`).
+
 <a id="change-log"></a>
 ## Change Log
 

{spotify_profile_monitor-2.6 → spotify_profile_monitor-2.7}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "spotify_profile_monitor"
-version = "2.6"
+version = "2.7"
 description = "Tool implementing real-time tracking of Spotify users activities and profile changes including playlists"
 readme = "README.md"
 license = "GPL-3.0-or-later"
@@ -20,6 +20,7 @@ dependencies = [
   "tzlocal>=4.0",
   "python-dotenv>=0.19",
   "spotipy>=2.24.0",
+  "wcwidth>=0.2.7",
 ]
 classifiers = [
   "Programming Language :: Python :: 3",

{spotify_profile_monitor-2.6 → spotify_profile_monitor-2.7}/spotify_profile_monitor.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: spotify_profile_monitor
-Version: 2.6
+Version: 2.7
 Summary: Tool implementing real-time tracking of Spotify users activities and profile changes including playlists
 Author-email: Michal Szymanski <misiektoja-pypi@rm-rf.ninja>
 License-Expression: GPL-3.0-or-later
@@ -24,13 +24,16 @@ Requires-Dist: pytz>=2020.1
 Requires-Dist: tzlocal>=4.0
 Requires-Dist: python-dotenv>=0.19
 Requires-Dist: spotipy>=2.24.0
+Requires-Dist: wcwidth>=0.2.7
 Dynamic: license-file
 
 # spotify_profile_monitor
 
-OSINT tool for real-time monitoring of Spotify users' activities and profile changes including playlists.
+OSINT tool for real-time monitoring of **Spotify users' activities and profile changes including playlists**.
 
-NOTE: If you want to track Spotify friends' music activity, check out another tool I developed: [spotify_monitor](https://github.com/misiektoja/spotify_monitor).
+✨ If you want to track Spotify friends' music activity, check out another tool I developed: [spotify_monitor](https://github.com/misiektoja/spotify_monitor).
+
+🛠️ If you're looking for debug tools to get Spotify Web Player access tokens and extract secret keys: [click here](#debugging-tools)
 
 <a id="features"></a>
 ## Features
@@ -89,14 +92,17 @@ NOTE: If you want to track Spotify friends' music activity, check out another to
    * [Check Intervals](#check-intervals)
    * [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix)
    * [Coloring Log Output with GRC](#coloring-log-output-with-grc)
-6. [Change Log](#change-log)
-7. [License](#license)
+6. [Debugging Tools](#debugging-tools)
+   * [Access Token Retrieval via sp_dc Cookie and TOTP](#access-token-retrieval-via-sp_dc-cookie-and-totp)
+   * [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles)
+7. [Change Log](#change-log)
+8. [License](#license)
 
 <a id="requirements"></a>
 ## Requirements
 
 * Python 3.6 or higher
-* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `pytz`, `tzlocal`, `python-dotenv`, [Spotipy](https://github.com/spotipy-dev/spotipy)
+* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `pytz`, `tzlocal`, `python-dotenv`, [Spotipy](https://github.com/spotipy-dev/spotipy), `wcwidth`
 
 Tested on:
 
@@ -124,7 +130,7 @@ Download the *[spotify_profile_monitor.py](https://raw.githubusercontent.com/mis
 Install dependencies via pip:
 
 ```sh
-pip install requests python-dateutil urllib3 pyotp pytz tzlocal python-dotenv spotipy
+pip install requests python-dateutil urllib3 pyotp pytz tzlocal python-dotenv spotipy wcwidth
 ```
 
 Alternatively, from the downloaded *[requirements.txt](https://raw.githubusercontent.com/misiektoja/spotify_profile_monitor/refs/heads/main/requirements.txt)*:
@@ -241,6 +247,8 @@ If your `sp_dc` cookie expires, the tool will notify you via the console and ema
 
 If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
 
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days, that's why since v2.7 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
+
 <a id="spotify-desktop-client"></a>
 #### Spotify Desktop Client
 
@@ -811,6 +819,76 @@ Example:
 grc tail -F -n 100 spotify_profile_monitor_<user_uri_id/file_suffix>.log
 ```
 
+<a id="debugging-tools"></a>
+## Debugging Tools
+
+To help with troubleshooting and development, two debug utilities are available in the [debug](https://github.com/misiektoja/spotify_monitor/tree/dev/debug) directory of the related [spotify_monitor](https://github.com/misiektoja/spotify_monitor) project.
+
+<a id="access-token-retrieval-via-sp_dc-cookie-and-totp"></a>
+### Access Token Retrieval via sp_dc Cookie and TOTP
+
+The [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) tool retrieves a Spotify access token using a Web Player `sp_dc` cookie and TOTP parameters. 
+
+Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) or:
+
+```sh
+wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_totp_test.py
+```
+
+Install requirements:
+
+```sh
+pip install requests python-dateutil pyotp
+```
+
+Run:
+
+```sh
+python3 spotify_monitor_totp_test.py --sp-dc "your_sp_dc_cookie_value"
+```
+
+You should get a valid Spotify access token, example output:
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_totp_test.png" alt="spotify_monitor_totp_test" width="100%"/>
+</p>
+
+> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every two days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) (available since v1.6). There is also a [Thereallo1026/spotify-secrets](https://github.com/Thereallo1026/spotify-secrets) repo which offers JSON files that are automatically updated with current secrets.
+
+<a id="secret-key-extraction-from-spotify-web-player-bundles"></a>
+### Secret Key Extraction from Spotify Web Player Bundles
+
+The [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) tool automatically extracts secret keys used for TOTP generation in Spotify Web Player JavaScript bundles. 
+
+Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) or:
+
+```sh
+wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_secret_grabber.py
+```
+
+Install requirements:
+
+```sh
+pip install playwright
+playwright install
+```
+
+Run:
+
+```sh
+python3 spotify_monitor_secret_grabber.py
+```
+
+You should get output similar to below:
+
+<p align="center">
+   <img src="https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/assets/spotify_monitor_secret_grabber.png" alt="spotify_monitor_secret_grabber" width="100%"/>
+</p>
+
+You can now update the secrets used for TOTP generation (for example `SECRET_CIPHER_DICT` in `spotify_monitor_totp_test`, `spotify_monitor` and `spotify_profile_monitor`).
+
+> **NOTE:** you can also use [Thereallo1026/spotify-secrets](https://github.com/Thereallo1026/spotify-secrets) repo which offers JSON files that are automatically updated with current secrets (its secret extraction code is based on `spotify_monitor_secret_grabber`).
+
 <a id="change-log"></a>
 ## Change Log
 

{spotify_profile_monitor-2.6 → spotify_profile_monitor-2.7}/spotify_profile_monitor.egg-info/requires.txt

@@ -6,3 +6,4 @@ pytz>=2020.1
 tzlocal>=4.0
 python-dotenv>=0.19
 spotipy>=2.24.0
+wcwidth>=0.2.7

{spotify_profile_monitor-2.6 → spotify_profile_monitor-2.7}/spotify_profile_monitor.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """
 Author: Michal Szymanski <misiektoja-github@rm-rf.ninja>
-v2.6
+v2.7
 
 OSINT tool implementing real-time tracking of Spotify users activities and profile changes including playlists:
 https://github.com/misiektoja/spotify_profile_monitor/
@@ -16,9 +16,10 @@ pytz
 tzlocal (optional)
 python-dotenv (optional)
 spotipy (optional, needed when the token source is set to oauth_app)
+wcwidth (optional, needed by TRUNCATE_CHARS feature)
 """
 
-VERSION = "2.6"
+VERSION = "2.7"
 
 # ---------------------------
 # CONFIGURATION SECTION START
@@ -246,14 +247,38 @@ TRUNCATE_CHARS = 0
 # Value used by signal handlers to increase or decrease profile check interval (SPOTIFY_CHECK_INTERVAL); in seconds
 SPOTIFY_CHECK_SIGNAL_VALUE = 300  # 5 minutes
 
+# ---------------------------------------------------------------------
+
+# The section below is used when the token source is set to 'cookie'
+
 # Maximum number of attempts to get a valid access token in a single run of the spotify_get_access_token_from_sp_dc() function
-# Used only when the token source is set to 'cookie'
-TOKEN_MAX_RETRIES = 10
+TOKEN_MAX_RETRIES = 3
 
 # Interval between access token retry attempts; in seconds
-# Used only when the token source is set to 'cookie'
 TOKEN_RETRY_TIMEOUT = 0.5  # 0.5 second
 
+# Mapping of TOTP version identifiers to the secrets needed for TOTP generation
+# Newest secrets are downloaded automatically from SECRET_CIPHER_DICT_URL (see below)
+# Can also be fetched via spotify_monitor_secret_grabber.py utility - see debug dir
+SECRET_CIPHER_DICT = {
+    "12": [107, 81, 49, 57, 67, 93, 87, 81, 69, 67, 40, 93, 48, 50, 46, 91, 94, 113, 41, 108, 77, 107, 34],
+    "11": [111, 45, 40, 73, 95, 74, 35, 85, 105, 107, 60, 110, 55, 72, 69, 70, 114, 83, 63, 88, 91],
+    "10": [61, 110, 58, 98, 35, 79, 117, 69, 102, 72, 92, 102, 69, 93, 41, 101, 42, 75],
+    "9": [109, 101, 90, 99, 66, 92, 116, 108, 85, 70, 86, 49, 68, 54, 87, 50, 72, 121, 52, 64, 57, 43, 36, 81, 97, 72, 53, 41, 78, 56],
+    "8": [37, 84, 32, 76, 87, 90, 87, 47, 13, 75, 48, 54, 44, 28, 19, 21, 22],
+    "7": [59, 91, 66, 74, 30, 66, 74, 38, 46, 50, 72, 61, 44, 71, 86, 39, 89],
+    "6": [21, 24, 85, 46, 48, 35, 33, 8, 11, 63, 76, 12, 55, 77, 14, 7, 54],
+    "5": [12, 56, 76, 33, 88, 44, 88, 33, 78, 78, 11, 66, 22, 22, 55, 69, 54],
+}
+
+# Remote URL used to fetch updated secrets needed for TOTP generation
+# Set to empty string to disable
+SECRET_CIPHER_DICT_URL = "https://github.com/Thereallo1026/spotify-secrets/blob/main/secrets/secretDict.json?raw=true"
+
+# Identifier used to select the appropriate secret from SECRET_CIPHER_DICT when generating a TOTP token
+# Set to 0 to auto-select the highest available version
+TOTP_VER = 0
+
 # ---------------------------------------------------------------------
 
 # The section below is used when the token source is set to 'oauth_app'
@@ -521,6 +546,9 @@ CLEAR_SCREEN = False
 SPOTIFY_CHECK_SIGNAL_VALUE = 0
 TOKEN_MAX_RETRIES = 0
 TOKEN_RETRY_TIMEOUT = 0.0
+SECRET_CIPHER_DICT = {}
+SECRET_CIPHER_DICT_URL = ""
+TOTP_VER = 0
 TRUNCATE_CHARS = 0
 
 exec(CONFIG_BLOCK, globals())
@@ -554,9 +582,6 @@ TOKEN_URL = "https://open.spotify.com/api/token"
 # URL of the endpoint to get server time needed to create TOTP object
 SERVER_TIME_URL = "https://open.spotify.com/"
 
-# Identifier used to select the appropriate encrypted secret from secret_cipher_dict when generating a TOTP token
-TOTP_VER = 10
-
 # Variables for caching functionality of the Spotify client token to avoid unnecessary refreshing
 SP_CACHED_CLIENT_TOKEN = None
 SP_CLIENT_TOKEN_EXPIRES_AT = 0
@@ -661,14 +686,30 @@ SESSION.mount("http://", adapter)
 
 
 # Truncates each line of a string to a specified number of characters including tab expansion and multi-line support
-def truncate_string_per_line(message, truncate_chars, tabsize=8):
+def truncate_string_per_line(message, truncate_width, tabsize=8):
+    try:
+        from wcwidth import wcwidth
+    except ImportError:
+        return message
+
     lines = message.split('\n')
     truncated_lines = []
 
     for line in lines:
-        expanded_line = line.expandtabs(tabsize=tabsize)
-        truncated_line = expanded_line[:truncate_chars]
-        truncated_lines.append(truncated_line)
+        expanded_line = line.expandtabs(tabsize)
+        current_width = 0
+        truncated = ''
+
+        for char in expanded_line:
+            char_width = wcwidth(char)
+            if char_width < 0:
+                char_width = 0  # Non-printable or unknown width
+            if current_width + char_width > truncate_width:
+                break
+            truncated += char
+            current_width += char_width
+
+        truncated_lines.append(truncated)
 
     return '\n'.join(truncated_lines)
 
@@ -1437,15 +1478,10 @@ def fetch_server_time(session: req.Session, ua: str) -> int:
 def generate_totp():
     import pyotp
 
-    secret_cipher_dict = {
-        "10": [61, 110, 58, 98, 35, 79, 117, 69, 102, 72, 92, 102, 69, 93, 41, 101, 42, 75],
-        "9": [109, 101, 90, 99, 66, 92, 116, 108, 85, 70, 86, 49, 68, 54, 87, 50, 72, 121, 52, 64, 57, 43, 36, 81, 97, 72, 53, 41, 78, 56],
-        "8": [37, 84, 32, 76, 87, 90, 87, 47, 13, 75, 48, 54, 44, 28, 19, 21, 22],
-        "7": [59, 91, 66, 74, 30, 66, 74, 38, 46, 50, 72, 61, 44, 71, 86, 39, 89],
-        "6": [21, 24, 85, 46, 48, 35, 33, 8, 11, 63, 76, 12, 55, 77, 14, 7, 54],
-        "5": [12, 56, 76, 33, 88, 44, 88, 33, 78, 78, 11, 66, 22, 22, 55, 69, 54],
-    }
-    secret_cipher_bytes = secret_cipher_dict[str(TOTP_VER)]
+    if str((ver := TOTP_VER or max(map(int, SECRET_CIPHER_DICT)))) not in SECRET_CIPHER_DICT:
+        raise Exception(f"generate_totp(): Defined TOTP_VER ({ver}) is missing in SECRET_CIPHER_DICT")
+
+    secret_cipher_bytes = SECRET_CIPHER_DICT[str(ver)]
 
     transformed = [e ^ ((t % 33) + 9) for t, e in enumerate(secret_cipher_bytes)]
     joined = "".join(str(num) for num in transformed)
@@ -1455,6 +1491,34 @@ def generate_totp():
     return pyotp.TOTP(secret, digits=6, interval=30)
 
 
+def fetch_and_update_secrets():
+    global SECRET_CIPHER_DICT
+
+    if not SECRET_CIPHER_DICT_URL:
+        return False
+
+    try:
+        response = req.get(SECRET_CIPHER_DICT_URL, timeout=FUNCTION_TIMEOUT, verify=VERIFY_SSL)
+        response.raise_for_status()
+        secrets = response.json()
+
+        if not isinstance(secrets, dict) or not secrets:
+            raise ValueError("fetch_and_update_secrets(): Fetched payload not a non‑empty dict")
+
+        for key, value in secrets.items():
+            if not isinstance(key, str) or not key.isdigit():
+                raise ValueError(f"fetch_and_update_secrets(): Invalid key format: {key}")
+            if not isinstance(value, list) or not all(isinstance(x, int) for x in value):
+                raise ValueError(f"fetch_and_update_secrets(): Invalid value format for key {key}")
+
+        SECRET_CIPHER_DICT = secrets
+        return True
+
+    except Exception as e:
+        print(f"fetch_and_update_secrets(): Failed to get new secrets: {e}")
+        return False
+
+
 # Refreshes the Spotify access token using the sp_dc cookie, tries first with mode "transport" and if needed with "init"
 def refresh_access_token_from_sp_dc(sp_dc: str) -> dict:
     transport = True
@@ -1554,29 +1618,52 @@ def spotify_get_access_token_from_sp_dc(sp_dc: str):
     max_retries = TOKEN_MAX_RETRIES
     retry = 0
 
-    while retry < max_retries:
-        token_data = refresh_access_token_from_sp_dc(sp_dc)
-        token = token_data["access_token"]
-        client_id = token_data.get("client_id", "")
-        length = token_data["length"]
+    last_error = ""
 
-        SP_CACHED_ACCESS_TOKEN = token
-        SP_ACCESS_TOKEN_EXPIRES_AT = token_data["expires_at"]
-        SP_CACHED_CLIENT_ID = client_id
-
-        if SP_CACHED_ACCESS_TOKEN is None or not check_token_validity(SP_CACHED_ACCESS_TOKEN, SP_CACHED_CLIENT_ID, USER_AGENT):
+    while retry < max_retries:
+        try:
+            token_data = refresh_access_token_from_sp_dc(sp_dc)
+            token = token_data["access_token"]
+            client_id = token_data.get("client_id", "")
+            length = token_data["length"]
+
+            SP_CACHED_ACCESS_TOKEN = token
+            SP_ACCESS_TOKEN_EXPIRES_AT = token_data["expires_at"]
+            SP_CACHED_CLIENT_ID = client_id
+
+            if SP_CACHED_ACCESS_TOKEN is None or not check_token_validity(SP_CACHED_ACCESS_TOKEN, SP_CACHED_CLIENT_ID, USER_AGENT):
+                retry += 1
+                time.sleep(TOKEN_RETRY_TIMEOUT)
+            else:
+                break
+        except Exception as e:
+            last_error = str(e)
             retry += 1
-            time.sleep(TOKEN_RETRY_TIMEOUT)
-        else:
-            break
+            if retry < max_retries:
+                time.sleep(TOKEN_RETRY_TIMEOUT)
 
     if retry == max_retries:
-        if SP_CACHED_ACCESS_TOKEN is not None:
-            print(f"* Token appears to be still invalid after {max_retries} attempts, returning token anyway")
-            print_cur_ts("Timestamp:\t\t\t")
-            return SP_CACHED_ACCESS_TOKEN
-        else:
-            raise RuntimeError(f"Failed to obtain a valid Spotify access token after {max_retries} attempts")
+
+        if fetch_and_update_secrets():
+            try:
+                token_data = refresh_access_token_from_sp_dc(sp_dc)
+                token = token_data["access_token"]
+                client_id = token_data.get("client_id", "")
+                length = token_data["length"]
+
+                SP_CACHED_ACCESS_TOKEN = token
+                SP_ACCESS_TOKEN_EXPIRES_AT = token_data["expires_at"]
+                SP_CACHED_CLIENT_ID = client_id
+
+                if SP_CACHED_ACCESS_TOKEN and check_token_validity(SP_CACHED_ACCESS_TOKEN, SP_CACHED_CLIENT_ID, USER_AGENT):
+                    return SP_CACHED_ACCESS_TOKEN
+            except Exception as e:
+                last_error = str(e)
+
+        error_msg = f"Failed to obtain a valid Spotify access token after {max_retries} attempts"
+        if last_error:
+            error_msg += f": {last_error}"
+        raise RuntimeError(error_msg)
 
     return SP_CACHED_ACCESS_TOKEN