Spotify Token Exchange (written in node.js)

server.js

// Node.js version of the Spotify Token Exchange originally scripted in ruby (based on beta 6 release candidate)
// https://github.com/spotify/ios-sdk/blob/master/Demo%20Projects/spotify_token_swap.rb

var express = require('express');
var bodyParser = require('body-parser');
var request = require('request');
var app = express();
var http = require('http').Server(app);

var config = {}
//INPUT YOUR OWN CREDENTIALS AND SETUP HERE
config.spotify_crypto_password = 'your_own_special_password';
config.k_client_id = "your_spotify_clientid";
config.k_client_secret = "your_spotify_secret";
config.server_port = 3000;
config.server_ip_address = '127.0.0.1';
//------------------------------
config.spotify_crypto_algorithm = 'des-ede3-cbc',
config.k_client_oauth_url = 'https://accounts.spotify.com/api/token';
config.k_client_profile_url = 'https://api.spotify.com/v1/me';
config.k_client_refresh_url = 'https://accounts.spotify.com/api/token';

var crypto = require('crypto'),
    algorithm = config.spotify_crypto_algorithm,
    password = config.spotify_crypto_password;
    
var authHeader = 'Basic ' + new Buffer(config.k_client_id + ':' + config.k_client_secret).toString('base64');

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));

app.post('/token', function (req, res) {
    var code = req.body.code;
    var formObject = {
        grant_type: "authorization_code",
        redirect_uri: config.k_client_callback_url,
        code: code
    }
    var options = {
        form: formObject,
        headers: { 'Authorization': authHeader },
        url: config.k_client_oauth_url
    }

    console.log('Spotify Token request received (code):' + code);

    request.post(options, function (err, resp, body) {
        if (err) {
            console.log("Error : " + err);
        } else {
            token_data = JSON.parse(body);

            if (token_data['error'] != null) {
                console.log('Error in token data:\n' + body);
            } else {
                refresh_token = token_data['refresh_token'];
                encrypted_token = encrypt(refresh_token);
                token_data['refresh_token'] = encrypted_token;
                refresh_token = encrypted_token;

                console.log('Spotify Token served for ' + token_data['id']);
                res.send(token_data);
            }
        }
    });
});


app.post('/refresh', function (req, res) {
    var encrypted_token = req.body.refresh_token;
    console.log('Spotify Token request received (encrypted_token):' + encrypted_token);

    var refresh_token = decrypt(encrypted_token);

    var formObject = {
        grant_type: 'refresh_token',
        refresh_token: refresh_token
    }

    var options = {
        form: formObject,
        headers: { 'Authorization': authHeader },
        url: config.k_client_refresh_url
    }

    request.post(options, function (err, resp, body) {
        if (err) {
            console.log('Error : ' + err);
        } else {
            console.log('Spotify Token refreshed.');
            res.send(body);
        }
    });
});

http.listen(config.server_port, config.server_ip_address, function () {
    console.log('Spotify Token Exchange started on port ' + config.server_port);
});



// Encryption scripts 
// Copyright (c) 20014 http://lollyrock.com/articles/nodejs-encryption/
function encrypt(text){
    var cipher = crypto.createCipher(algorithm,password)
    var crypted = cipher.update(text,'utf8','hex')
    crypted += cipher.final('hex');
    return crypted;
}
 
function decrypt(text){
    var decipher = crypto.createDecipher(algorithm, password);

    try {
        var dec = decipher.update(text,'hex','utf8');
        dec += decipher.final('utf8');
        return dec;
    } catch (ex) {
        console.log(ex);
        return;
    }
}