Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/api/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

<?php
/**
 * API endpoint to generate signed audio tokens for JavaScript
 * Returns a signed URL for streaming audio
 * 
 * Supports dynamic token expiration based on track duration:
 * - Pass ?duration=SECONDS to set token expiry to duration + 60s buffer
 * - Minimum expiry is 300 seconds (5 minutes) for short clips
 * - This allows playlists to refresh tokens per-track without mid-playback expiration
 */

header('Content-Type: application/json');

session_start();
require_once __DIR__ . '/../utils/audio_token.php';
require_once __DIR__ . '/../config/database.php';

// Get parameters
$trackId = $_GET['track_id'] ?? $_POST['track_id'] ?? null;
$variationIndex = isset($_GET['variation']) ? (int)$_GET['variation'] : (isset($_POST['variation']) ? (int)$_POST['variation'] : null);

// Dynamic token expiration based on track duration
// duration parameter is in seconds; we add 60s buffer for buffering/seeking
// Minimum 300 seconds (5 min) to handle short clips and seeking
$requestedDuration = isset($_GET['duration']) ? (int)$_GET['duration'] : 0;
$tokenExpiry = max(300, $requestedDuration + 60); // At least 5 min, or duration + 1 min buffer

if (!$trackId || !is_numeric($trackId)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Invalid track ID']);
    exit;
}

// Optional: Verify track exists and is accessible
$pdo = getDBConnection();
if ($pdo) {
    $stmt = $pdo->prepare("SELECT id, is_public, user_id FROM music_tracks WHERE id = ? AND status = 'complete'");
    $stmt->execute([$trackId]);
    $track = $stmt->fetch(PDO::FETCH_ASSOC);
    
    if (!$track) {
        http_response_code(404);
        echo json_encode(['success' => false, 'error' => 'Track not found']);
        exit;
    }
    
    // Check access
    $user_id = $_SESSION['user_id'] ?? null;
    $is_admin = isset($_SESSION['is_admin']) && $_SESSION['is_admin'];
    $hasAccess = false;
    
    // Admins have access to all tracks
    if ($is_admin) {
        $hasAccess = true;
    } elseif ($user_id && $track['user_id'] == $user_id) {
        $hasAccess = true;
    } elseif ($track['is_public'] == 1 || $track['is_public'] === null) {
        $hasAccess = true;
    }
    
    if (!$hasAccess) {
        http_response_code(403);
        echo json_encode(['success' => false, 'error' => 'Access denied']);
        exit;
    }
} else {
    $user_id = $_SESSION['user_id'] ?? null;
}

// CRITICAL: Generate tokens with user/session binding and dynamic expiration
// Tokens are bound to the user who generates them - cannot be shared
// Token expiry is based on track duration for playlist autoplay support
$session_id = session_id();
$signedUrl = getSignedAudioUrl($trackId, $variationIndex, $tokenExpiry, $user_id, $session_id);
$tokenData = generateAudioToken($trackId, $variationIndex, $tokenExpiry, $user_id, $session_id);

echo json_encode([
    'success' => true,
    'url' => $signedUrl,
    'token' => $tokenData['token'],
    'expires' => $tokenData['expires'],
    'expires_in' => $tokenData['expires'] - time(),
    'requested_duration' => $requestedDuration,
    'token_expiry' => $tokenExpiry
]);