florianloch / cassette Goto Github PK

https://goreportcard.com/report/github.com/florianloch/cassette

Resp. check whether this is necessary

Maybe show name of device somewhere on page?

• Update README, add link to current version
• Release
• Announce to people
• Add new tag

• Privacy Policy
• Entry page informing about cookies, linking to privacy policy
• Export data linked to user as JSON
• Delete an user's entry from DB
• Hash Spotify ID to provide anonymity
• Delete cookies from the webapp
• Settle an DPA with Cloudflare

This is superfluous now that we use the enhanced API call to play stating the playback position directly.

1. Create dummy triggering the limit
2. Add code to handle it

Ideas:

• Kassette - Pause and resume like in the good old times

E.g., in radio mode or auto play

Simply reverse list, LRU most probably the state one wants to resume

Seems assumptions about Spotify's URI are wrong:

Splitting context URI did not result in 3 parts. playbackContextURI=spotify:user:spotify:playlist:37i9dQZF1DX4wta20PHgwo splits=["spotify","user","spotify","playlist","37i9dQZF1DX4wta20PHgwo"]

https://developer.spotify.com/terms/ & https://developer.spotify.com/branding-guidelines/

• On every page showing information from Spotify (artists, tracks etc.) Spotify (and the API?) has to be mentioned

• “Spotistate” as name is not allowed; Cassette for Spotify should be fine but “Spotify” should not be part of the logo (not even the name): “Use any of the Spotify Marks found in the Spotify Branding Guidelines solely to promote your use, and the results of your use, of the Spotify Platform in accordance with these Developer Terms, applicable law, and the Branding Guidelines.”

• Streaming SDAs is only allowed for non-commercial use. Non-Streaming SDAs do not seem have this restriction,

• -> We do not want to be a Streaming SDA

• SDT restrictions G is not very clear about whether fetching data as done with Hoerbuchspion is permitted

• N prevents creation of an Alexa Skill or similar: “Do not use the Spotify Platform, Spotify Content, Spotify Service, or Spotify Marks in any way to create a voice-enabled SDA that enables a user to control with his or her voice, or any kind of voice assistant that provides voice-control functionality without prior written authorization from Spotify.”

• P states: “Do not incorporate any functionality into your SDA which is able to detect the presence of the Spotify Application on a user’s device (so-called “app sniffing”), without obtaining the user’s explicit permission.” Is asking the user on which device to start playback such a detection? Probably not. Additionally this happens transparently for the user and the information is not logged or tracked anywhere.

• Restrictions 3 b says the following: “Local caching. Except as set out in this paragraph, you will not locally cache any Spotify Content. Only when strictly necessary to enhance the performance of your SDA and its functionality, your SDA may locally cache (i) metadata and cover art or (ii) Conditional Downloads of sound recordings.” In Hoerbuchspion we have a local cache and it is strictly necessary for the functionality. For this project we should be fine.

• 3 d states: “Consistent with the Branding Guidelines, any use of the metadata, cover art and Audio Preview Clips as made available through the Spotify Platform shall be accompanied by a link back to the applicable artist, album, track, or playlist on the Spotify Service together with prominent use of Spotify Marks to clearly attribute the content as being supplied and made available by Spotify. If you offer a Streaming SDA or your SDA is able to control a background Spotify Application, metadata and cover art may only be used in connection with the underlying musical content, and there shall be no playback of Spotify Content without showing relevant cover art and metadata in your SDA. You will not offer metadata, cover art, and/or Audio Preview Clips as a standalone service or product.” We need to put links everywhere for Hoerbuchspion and this project. “Open in Spotify” links or similar. For albums there is also additional copyright information that can be retrieved from their API. Additionally Spotify needs to be mentioned prominently on both webapps. Is providing an overview on audiobooks a standalone service/product offering metadata/cover arts/preview clips? Don’t think so.

• 5.3: Is detecting the language of an albums’s name analyzation of content provided by Spotify?

• 5.7 & 5.9: We only store the users Spotify id - Spotify itself notifies the user on this so it should be fine. We need to provide functionality for unlinking/disconnecting a user from Spotify. By providing a “Delete everything” option as required for GDPR we should ne fine.

• 5.12 forces one to have an end user agreement and a privacy policy. At least the latter is required by GDPR too. 14 & 15 describe what they need to contain.

• 5.13 forces one to have “industry standard security and protection measures” in place for user data and other data retrieved from Spotify. Should be fine.

• According to 16 people below the age of eighteen should not be allowed to use an SDA.

• According to 17 one must provide a “notice and takedown” method/process in case of copyright infringements. This should be covered by regularly refetching the data and bei being up-to-date this way. Nevertheless a contact should be given.

• There is an FAQ on (restrictions) [https://developer.spotify.com/legal/general-restrictions/], according to this we are fine with both projects.

... instead of just taking the number of tracks and the current index,

Add link to version 2 and polish for release.

This would be handy. As default value for the name the playlist/album name could be chosen.