import { secureFetch } from '../network/security.util.js'; let cachedToken: string | null = null; let tokenExpiry = 0; export async function getSpotifyAccessToken(): Promise { if (cachedToken && Date.now() < tokenExpiry) { return cachedToken; } const clientId = process.env.SPOTIFY_CLIENT_ID; const clientSecret = process.env.SPOTIFY_CLIENT_SECRET; if (!clientId || !clientSecret) { throw new Error('Spotify credentials missing'); } const authString = Buffer.from(`${clientId}:${clientSecret}`).toString( 'base64' ); const response = await secureFetch('https://accounts.spotify.com/api/token', { method: 'POST', headers: { Authorization: `Basic ${authString}`, 'Content-Type': 'application/x-www-form-urlencoded', }, body: 'grant_type=client_credentials', }); if (!response.ok) { const errorText = await response.text(); const message = `Spotify auth failed: ${response.status} - ${errorText}`; throw new Error(message); } const data = (await response.json()) as { access_token: string; expires_in: number; }; cachedToken = data.access_token; tokenExpiry = Date.now() + data.expires_in * 1000 - 60000; return cachedToken; }