SonicFlow is a sleek, terminal-inspired music discovery application built with Python, Flask, industry-standard security practices, and the iTunes Search API. It features a "Noir Terminal" aesthetic, allowing users to scan global audio repositories, save tracks to a persistent "Vault," and decrypt a daily selection of music.
- [SYSTEM_DISCOVERY]: Real-time music search via iTunes API with filters for Artist, Album, and Genre.
- [LIBRARY_VAULT]: Save your favorite tracks to a local SQLite database for future retrieval.
- [DECRYPT_DAILY]: A daily curated selection of 10 tracks seeded by the current date.
- Global Player: Integrated audio preview player with "Noir" visual scanlines and effects.
- Responsive Layout: Built with a custom "Noir Terminal" CSS stylesheet and Bootstrap grid.
- Paginated Results: Low-latency handling of search results and history vault lists.
To ensure the application is safe for public environments, the codebase implements the following protection layers:
- CSRF Protection: All state-changing routes (
POSTrequests for saving/deleting songs) are protected via a session-signed, cryptographically compared CSRF token check. - XSS Mitigation: Client-side rendering in the search module uses robust HTML entity encoding to sanitize user/API input, protecting against DOM-based Cross-Site Scripting.
- Strict Content Security Policy (CSP): HTTP response headers restrict resource loading to local files (
'self') and trusted CDNs, preventing unauthorized script execution and code injection. - Secure Cookie Configuration: Cookies are hardened with
HttpOnly,SameSite=Lax, andSecureattributes (enforced in production) to prevent session-hijacking. - Secure Fallback Key: The application automatically generates a cryptographically secure random key (
secrets.token_hex(32)) if noSECRET_KEYis provided in the environment.
- Backend: Python 3.11+, Flask
- Database: SQLite with Flask-SQLAlchemy (ORM)
- Frontend: Vanilla JS (CSP-Compliant, Event Delegation), Jinja2 Templates, Bootstrap 4
- Testing: Pytest (configured to bypass CSRF validation during unit testing)
- API Integration: iTunes Search API (restricted via CSP to
is*-ssl.mzstatic.comand*.apple.com)
- Python 3.11 or higher
pip(Python package manager)
-
Clone the Repository
git clone https://github.com/yourusername/SonicFlow.git cd SonicFlow -
Setup Virtual Environment
python -m venv venv # Windows: venv\Scripts\activate # macOS/Linux: source venv/bin/activate
-
Install Pinned Dependencies
pip install -r requirements.txt
-
Environment Configuration Copy the example environment file:
cp .env.example .env
Open the new
.envfile and configure your security keys:SECRET_KEY=generate-a-secure-random-key-here DATABASE_URL=sqlite:///music.db
-
Initialize Database & Run
python run.py
Open your browser to
http://127.0.0.1:5000.
Verify the backend services, models, and test client routes:
python -m pytest -v- LEARN.md: Beginner's guide detailing how the application works, along with core concepts about web security (XSS, CSRF, CSP).