Added support of TUI player

Added cli client SSO login support
Improved artist page
2026-06-10 23:20:18 +01:00 · 2026-06-10 13:34:38 +01:00 · 2026-06-09 17:18:55 +01:00
6 changed files with 217 additions and 41 deletions
@@ -1418,7 +1418,7 @@ checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c"

 [[package]]
 name = "furumusic"
-version = "0.4.3"
+version = "0.4.6"
 dependencies = [
 "anyhow",
 "async-trait",
@@ -1,6 +1,6 @@
 [package]
 name = "furumusic"
-version = "0.4.4"
+version = "0.4.7"
 edition = "2024"
 description = "Reusable web-app boilerplate: auth, OIDC/SSO, admin panel, user management, i18n, PostgreSQL"

@@ -373,6 +373,7 @@ translations! {
    player_repeat:           "Repeat"                          , "Повтор";
    player_volume:           "Volume"                          , "Громкость";
    player_appears_on:       "Appears on"                      , "Участвует в";
+    player_top_tracks:       "Popular tracks"                  , "Популярные треки";
    player_albums:           "Albums"                          , "Альбомы";
    player_eps:              "EPs"                             , "EP";
    player_singles:          "Singles"                         , "Синглы";
@@ -977,27 +977,54 @@ fn safe_mobile_redirect_uri(raw: Option<&str>) -> Option<String> {
    if lower.starts_with("furumi://") || lower.starts_with("furumusic://") {
        return Some(value.to_owned());
    }
+    if is_loopback_http_redirect(&lower) {
+        return Some(value.to_owned());
+    }
    None
 }

+/// RFC 8252 §7.3: native apps without a custom URL scheme (the CLI client)
+/// receive the callback on a loopback listener with an ephemeral port.
+fn is_loopback_http_redirect(lower: &str) -> bool {
+    let Some(rest) = lower.strip_prefix("http://") else {
+        return false;
+    };
+    let host_port = rest.split(['/', '?', '#']).next().unwrap_or("");
+    let Some((host, port)) = host_port.rsplit_once(':') else {
+        return false;
+    };
+    matches!(host, "127.0.0.1" | "localhost" | "[::1]")
+        && !port.is_empty()
+        && port.len() <= 5
+        && port.bytes().all(|b| b.is_ascii_digit())
+}
+
 fn mobile_redirect_success(app_redirect_uri: &str, code: &str) -> cot::response::Response {
    let deep_link = append_query_param(app_redirect_uri, "code", code);
+    if is_loopback_http_redirect(&app_redirect_uri.to_ascii_lowercase()) {
+        return auth::redirect(&deep_link);
+    }
    mobile_deep_link_page(
        "success",
        "Sign-in complete",
-        "Furumi should open automatically. You can close this window after the app opens.",
+        "Furumi should open automatically. If it doesn't, use the button or copy the code below.",
        None,
+        Some(code),
        &deep_link,
    )
 }

 fn mobile_redirect_error(app_redirect_uri: &str, error: &str) -> cot::response::Response {
    let deep_link = append_query_param(app_redirect_uri, "error", error);
+    if is_loopback_http_redirect(&app_redirect_uri.to_ascii_lowercase()) {
+        return auth::redirect(&deep_link);
+    }
    mobile_deep_link_page(
        "error",
        "Sign-in failed",
-        "Furumi should open automatically and show the sign-in error. You can close this window after the app opens.",
+        "Furumi should open automatically and show the sign-in error.",
        Some(error),
+        None,
        &deep_link,
    )
 }
@@ -1007,6 +1034,7 @@ fn mobile_deep_link_page(
    title: &str,
    message: &str,
    detail: Option<&str>,
+    code: Option<&str>,
    deep_link: &str,
 ) -> cot::response::Response {
    let state_class = html_escape(state);
@@ -1015,6 +1043,15 @@ fn mobile_deep_link_page(
    let detail_html = detail
        .map(|value| format!(r#"<p class="detail">Reason: {}</p>"#, html_escape(value)))
        .unwrap_or_default();
+    let code_html = code
+        .map(|value| {
+            format!(
+                r#"<p class="hint">Signing in from a terminal? Paste this code there:</p>
+    <input class="code" readonly value="{}" onclick="this.select()">"#,
+                html_escape(value)
+            )
+        })
+        .unwrap_or_default();
    let deep_link_html = html_escape(deep_link);
    let deep_link_js =
        serde_json::to_string(deep_link).expect("serializing URL string cannot fail");
@@ -1095,6 +1132,19 @@ fn mobile_deep_link_page(
      font-size: 13px;
      color: #89847c;
    }}
+    .code {{
+      width: 100%;
+      margin-top: 8px;
+      padding: 10px 12px;
+      box-sizing: border-box;
+      border: 1px solid #3a3c42;
+      border-radius: 8px;
+      background: #1a1c20;
+      color: #e8d8a8;
+      font-family: ui-monospace, SFMono-Regular, Menlo, Consolas, monospace;
+      font-size: 13px;
+      text-align: center;
+    }}
  </style>
 </head>
 <body>
@@ -1105,15 +1155,13 @@ fn mobile_deep_link_page(
    {detail_html}
    <a href="{deep_link_html}">Open Furumi</a>
    <p class="hint">If nothing happens, use the button above.</p>
+    {code_html}
  </main>
  <script>
    const deepLink = {deep_link_js};
    window.setTimeout(() => {{
      window.location.href = deepLink;
    }}, 100);
-    window.setTimeout(() => {{
-      window.close();
-    }}, 1800);
  </script>
 </body>
 </html>"#,
@@ -1230,4 +1278,25 @@ mod tests {
        );
        assert!(safe_mobile_redirect_uri(Some("https://example.com/callback")).is_none());
    }
+
+    #[test]
+    fn mobile_oidc_redirect_uri_allows_loopback_http() {
+        assert_eq!(
+            safe_mobile_redirect_uri(Some("http://127.0.0.1:8753/callback")).as_deref(),
+            Some("http://127.0.0.1:8753/callback")
+        );
+        assert_eq!(
+            safe_mobile_redirect_uri(Some("http://localhost:1234/callback")).as_deref(),
+            Some("http://localhost:1234/callback")
+        );
+        assert_eq!(
+            safe_mobile_redirect_uri(Some("http://[::1]:1234/callback")).as_deref(),
+            Some("http://[::1]:1234/callback")
+        );
+        // Non-loopback hosts, missing ports and https stay rejected.
+        assert!(safe_mobile_redirect_uri(Some("http://127.0.0.1/callback")).is_none());
+        assert!(safe_mobile_redirect_uri(Some("http://evil.com:80/callback")).is_none());
+        assert!(safe_mobile_redirect_uri(Some("https://127.0.0.1:80/callback")).is_none());
+        assert!(safe_mobile_redirect_uri(Some("http://127.0.0.1:notaport/x")).is_none());
+    }
 }
@@ -861,6 +861,12 @@ fn native_device_name_from_user_agent(user_agent: Option<&str>) -> Option<String
                None => "Furumi MacOS".to_string(),
            });
        }
+        if product.eq_ignore_ascii_case("FurumiTUI") || product.eq_ignore_ascii_case("furumi-tui") {
+            return Some(match version.as_deref() {
+                Some(v) => format!("Furumi TUI {v}"),
+                None => "Furumi TUI".to_string(),
+            });
+        }
    }
    None
 }
@@ -890,6 +896,9 @@ fn device_kind_from_user_agent(user_agent: Option<&str>) -> &'static str {
    if ua.contains("furumimac") {
        return "computer";
    }
+    if ua.contains("furumitui/") || ua.contains("furumi-tui/") {
+        return "computer";
+    }
    if ua.contains("iphone") || (ua.contains("android") && ua.contains("mobile")) {
        "phone"
    } else if ua.contains("ipad") || ua.contains("tablet") || ua.contains("android") {
@@ -914,6 +923,22 @@ mod device_tests {
        assert_eq!(device_kind_from_user_agent(user_agent), "phone");
    }

+    #[test]
+    fn detects_furumi_tui_native_client() {
+        let user_agent = Some("FurumiTUI/0.1.0 macos");
+
+        assert_eq!(device_name_from_user_agent(user_agent), "Furumi TUI 0.1.0");
+        assert_eq!(device_kind_from_user_agent(user_agent), "computer");
+    }
+
+    #[test]
+    fn detects_furumi_tui_http_user_agent_token() {
+        let user_agent = Some("furumi-tui/0.1.0 (macos)");
+
+        assert_eq!(device_name_from_user_agent(user_agent), "Furumi TUI 0.1.0");
+        assert_eq!(device_kind_from_user_agent(user_agent), "computer");
+    }
+
    #[test]
    fn keeps_browser_fallback_for_generic_android_user_agents() {
        let user_agent = Some("Mozilla/5.0 Android Mobile");
@@ -3201,40 +3226,44 @@ async fn artist_detail_handler(
        .collect();

    let top_tracks = sqlx::query_as::<_, PlaylistTrackRow>(
-        r#"SELECT t.id, t.title::text as title, t.track_number, t.disc_number,
-                  t.duration_seconds, t.cover_file_id,
-                  r.cover_file_id as release_cover_file_id,
-                  r.id as release_id,
-                  r.title::text as release_title,
-                  r.year as release_year,
-                  COALESCE(mf.uploader_name, 'UFO')::text AS uploader_name,
-                  mf.audio_format,
-                  mf.audio_bitrate,
-                  mf.audio_sample_rate,
-                  mf.audio_bit_depth,
-                  mf.file_size_bytes,
-                  t.lastfm_listeners,
-                  t.lastfm_playcount,
-                  t.lastfm_rating,
-                  t.lastfm_updated_at
-           FROM furumusic__track t
-           JOIN furumusic__release r ON r.id = t.release_id
-           LEFT JOIN furumusic__media_file mf ON mf.id = t.audio_file_id
-           WHERE t.is_hidden = false
-             AND r.is_hidden = false
-             AND EXISTS (
-                 SELECT 1
-                   FROM furumusic__track_artist ta
-                  WHERE ta.track_id = t.id
-                    AND ta.artist_id = $1
-                    AND ta.role <> 'featuring'
-             )
-           ORDER BY COALESCE(t.lastfm_rating, 0) DESC,
-                    COALESCE(t.lastfm_playcount, 0) DESC,
-                    COALESCE(t.lastfm_listeners, 0) DESC,
-                    r.year DESC NULLS LAST,
-                    t.track_number NULLS LAST,
-                    t.id
+        r#"SELECT * FROM (
+               SELECT DISTINCT ON (lower(t.title::text))
+                      t.id, t.title::text as title, t.track_number, t.disc_number,
+                      t.duration_seconds, t.cover_file_id,
+                      r.cover_file_id as release_cover_file_id,
+                      r.id as release_id,
+                      r.title::text as release_title,
+                      r.year as release_year,
+                      COALESCE(mf.uploader_name, 'UFO')::text AS uploader_name,
+                      mf.audio_format,
+                      mf.audio_bitrate,
+                      mf.audio_sample_rate,
+                      mf.audio_bit_depth,
+                      mf.file_size_bytes,
+                      t.lastfm_listeners,
+                      t.lastfm_playcount,
+                      t.lastfm_rating,
+                      t.lastfm_updated_at
+               FROM furumusic__track t
+               JOIN furumusic__release r ON r.id = t.release_id
+               LEFT JOIN furumusic__media_file mf ON mf.id = t.audio_file_id
+               WHERE t.is_hidden = false
+                 AND r.is_hidden = false
+                 AND EXISTS (
+                     SELECT 1
+                       FROM furumusic__track_artist ta
+                      WHERE ta.track_id = t.id
+                        AND ta.artist_id = $1
+                        AND ta.role <> 'featuring'
+                 )
+               ORDER BY lower(t.title::text), COALESCE(t.lastfm_rating, 0) DESC
+           ) deduped
+           ORDER BY COALESCE(lastfm_rating, 0) DESC,
+                    COALESCE(lastfm_playcount, 0) DESC,
+                    COALESCE(lastfm_listeners, 0) DESC,
+                    release_year DESC NULLS LAST,
+                    track_number NULLS LAST,
+                    id
           LIMIT 50"#,
    )
    .bind(artist_id)
@@ -620,6 +620,83 @@
                            </div>
                        </div>
                    </div>
+                    <template x-if="$store.library.currentArtist.top_tracks && $store.library.currentArtist.top_tracks.length > 0">
+                        <section class="artist-release-group">
+                            <h2 class="artist-release-group-title">{{ t.player_top_tracks }}</h2>
+                            <div class="track-list-header">
+                                <span>#</span>
+                                <span>{{ t.player_title }}</span>
+                                <span></span>
+                                <span></span>
+                                <span style="text-align:right">{{ t.player_duration }}</span>
+                            </div>
+                            <template x-for="(track, idx) in $store.library.currentArtist.top_tracks" :key="track.id">
+                                <div class="track-row artist-appearance-row"
+                                     :class="{ playing: $store.player.currentTrack && $store.player.currentTrack.id === track.id }"
+                                     @dblclick="$store.queue.playRelease($store.library.currentArtist.top_tracks, idx)">
+                                    <span class="track-num" x-text="idx + 1"></span>
+                                    <div class="track-info">
+                                        <button class="artist-appearance-cover"
+                                                type="button"
+                                                @click.stop="$store.library.openRelease(track.release_id)"
+                                                :title="track.release_title"
+                                                aria-label="{{ t.player_release }}">
+                                            <template x-if="track.cover_url">
+                                                <img :src="track.cover_url" :alt="track.release_title" loading="lazy">
+                                            </template>
+                                            <template x-if="!track.cover_url">
+                                                <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><rect x="3" y="3" width="18" height="18" rx="2"/><circle cx="12" cy="12" r="4"/></svg>
+                                            </template>
+                                        </button>
+                                        <div class="artist-appearance-copy">
+                                            <div class="track-title">
+                                                <span x-text="track.title"></span>
+                                                <span style="color:var(--text-subdued)"> · </span>
+                                                <a class="artist-link" @click.stop="$store.library.openRelease(track.release_id)" x-text="track.release_title"></a>
+                                            </div>
+                                            <div class="track-artists-inline">
+                                                <template x-for="(artist, artistIdx) in $store.library.trackArtistLinks(track)" :key="artist.label + '-' + artist.id + '-' + artistIdx">
+                                                    <span>
+                                                        <template x-if="artistIdx > 0"><span>, </span></template>
+                                                        <a class="artist-link" @click.stop="$store.library.openArtist(artist.id)" x-text="artist.label"></a>
+                                                    </span>
+                                                </template>
+                                            </div>
+                                        </div>
+                                    </div>
+                                    <span></span>
+                                    <div class="track-actions">
+                                        <button class="track-action-btn info-btn popularity-info-btn"
+                                                :class="{ 'has-popularity': $store.library.hasPopularity(track), 'no-popularity': !$store.library.hasPopularity(track) }"
+                                                :style="$store.library.popularityStyle(track)"
+                                                @click.stop="$store.library.openTrackInfo(track)"
+                                                :title="$store.library.trackInfoTitle(track)"
+                                                aria-label="{{ t.player_track_info }}">
+                                            <span x-show="$store.library.hasPopularity(track)" x-text="$store.library.popularityLabel(track)"></span>
+                                            <span x-show="!$store.library.hasPopularity(track)" class="info-letter">i</span>
+                                        </button>
+                                        <button class="like-btn" :class="{ liked: $store.likes.has(track.id) }" @click.stop="$store.likes.toggle(track.id)" title="{{ t.player_like }}">
+                                            <svg viewBox="0 0 24 24" :fill="$store.likes.has(track.id) ? 'currentColor' : 'none'" stroke="currentColor" stroke-width="2"><path d="M20.84 4.61a5.5 5.5 0 00-7.78 0L12 5.67l-1.06-1.06a5.5 5.5 0 00-7.78 7.78L12 21.23l8.84-8.84a5.5 5.5 0 000-7.78z"/></svg>
+                                        </button>
+                                        <button class="track-action-btn queue-insert-btn queue-next-btn" @click.stop="$store.queue.addNextInQueue([track])" title="{{ t.player_play_next }}">
+                                            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M5 6h10M5 12h7M5 18h10"/><path d="M17 9l4 3-4 3" fill="currentColor" stroke="none"/></svg>
+                                        </button>
+                                        <button class="track-action-btn queue-insert-btn queue-end-btn" @click.stop="$store.queue.addToEnd([track])" title="{{ t.player_add_to_queue }}">
+                                            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M5 6h14M5 12h14M5 18h7"/><path d="M17 15l4 3-4 3" fill="currentColor" stroke="none"/></svg>
+                                        </button>
+                                        <button class="track-action-btn track-share-btn" @click.stop="$store.sharing.copyTrack(track, $event.currentTarget)" title="{{ t.player_share_track }}" aria-label="{{ t.player_share_track }}">
+                                            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="18" cy="5" r="3"/><circle cx="6" cy="12" r="3"/><circle cx="18" cy="19" r="3"/><path d="M8.6 10.6l6.8-3.9M8.6 13.4l6.8 3.9"/></svg>
+                                        </button>
+                                        <button class="track-action-btn playlist-add-btn" @click.stop="$store.playlists.showPicker([track.id])" title="{{ t.player_add_to_playlist }}">
+                                            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M8 6h13M8 12h13M8 18h13M3 6h.01M3 12h.01M3 18h.01"/></svg>
+                                        </button>
+                                    </div>
+                                    <span class="track-duration" x-text="formatTime(track.duration_seconds)"></span>
+                                </div>
+                            </template>
+                        </section>
+                    </template>
+
                    <template x-for="group in $store.library.artistReleaseGroups()" :key="group.type">
                        <section class="artist-release-group">
                            <h2 class="artist-release-group-title" x-text="group.label"></h2>
Author	SHA1	Message	Date
Ultradesu	0c120c0868	Added support of TUI player Build and Publish / Build and Publish Docker Image (push) Successful in 2m38s Details	2026-06-10 23:20:18 +01:00
Ultradesu	d9d0fbb7d1	Added cli client SSO login support Build and Publish / Build and Publish Docker Image (push) Successful in 3m11s Details	2026-06-10 13:34:38 +01:00
Ultradesu	71d6556ba8	Improved artist page Build and Publish / Build and Publish Docker Image (push) Successful in 2m37s Details	2026-06-09 17:18:55 +01:00