简体繁体 English

soundcloud如何隐藏流式音频的URL

[英]How has soundcloud hidden the URL of streaming audio

原文 2013-07-26 23:43:33 0 3 javascript/ html5/ audio/ soundcloud

I am trying to hide the URL of my audio streams for my HTML5 player and was really struggling to think of a way to do so and then I realised, soundcloud must hide the URL's of their streams. 我试图隐藏我的HTML5播放器的音频流的URL，并且真的很难想到这样做的方法然后我意识到，soundcloud必须隐藏其流的URL。 So i went onto soundcloud, opened up the console and played a track but I couldn't see any obvious way that the URL is hidden. 所以我进入了soundcloud，打开了控制台并播放了一首曲目，但是我看不到隐藏URL的任何明显方式。 After this I took a look at the DOM tree to see if there was any kind of audio information in there but I found nothing! 在此之后，我看了一下DOM树，看看那里是否有任何类型的音频信息，但我一无所获！ There's not even an ID for the player/audio so i'm very confused as to how soundcloud have done it. 甚至没有播放器/音频的ID，所以我对soundcloud如何做到这一点非常困惑。

Now I have done as best as I can so far with hiding the audio URL. 现在我已经尽可能地隐藏了音频URL。 I have put an ID in the DOM for the track, got that ID when the play button is clicked and retrieved the URL for that ID from the database. 我在轨道的DOM中放置了一个ID，在单击播放按钮时获取了该ID，并从数据库中检索了该ID的URL。 The obvious problem with that is that anyone willing enough can just go to the console and get the URL from the network events. 显而易见的问题是，任何有意愿的人都可以直接进入控制台并从网络事件中获取URL。

I am not trying to break past soundcloud's security to download tracks I shouldn't be. 我不是试图突破soundcloud的安全性来下载我不应该的曲目。 I'm just curious as to how they've hidden the URL. 我只是好奇他们是如何隐藏URL的。 Now i'm also curious as to how each track is distinguished as there's nothing in the DOM distinguishing them (not that I found on my brief look anyway). 现在我也很好奇每个曲目是如何区分的，因为DOM中没有任何东西可以区分它们（不是我在简短的表面上找到的）。

So, in short, does anyone have any ideas on how soundcloud has achieved this or how this could be achieved? 那么，简而言之，有没有人对soundcloud如何实现这一目标或如何实现这一点有任何想法？

3 个解决方案

Soundcloud is pretty much a pure JS site. Soundcloud几乎是一个纯粹的JS站点。

As you said, there is no ID of the song loaded with the HTML. 如你所说，没有加载HTML的歌曲的ID。 The way songs are recognized is by the page URL. 歌曲被识别的方式是页面URL。 The is done via. 这是通过。 this url (example): 这个网址（示例）：

https://api.sndcdn.com/resolve?url=https%3A//soundcloud.com/hoodinternet/joywave-tongues-hood-internet-remix&_status_code_map%5B302%5D=200&_status_format=json&client_id=YOUR_CLIENT_ID

This returns something like this: 这返回如下内容：

{"status":"302 - Found","location":"https://api.soundcloud.com/tracks/100270342?client_id=YOUR_CLIENT_ID"}

Next up it loads the location URL, from the JSON above. 接下来，它从上面的JSON加载位置URL。 This returns a bunch of information about the track, including: 这将返回有关该轨道的大量信息，包括：

stream_url: "https://api.soundcloud.com/tracks/100270342/stream"

Then it loads this URL: 然后它加载此URL：

https://api.sndcdn.com/i1/tracks/100270342/streams?client_id=YOUR_CLIENT_IT

Which returns a response like this: 这会返回如下响应：

{"http_mp3_128_url":"https://ec-media.soundcloud.com/2gNVBYiZ06bU.128.mp3?ff61182e3c2ecefa438cd021sdf02d0e385713f0c1faf3b0339595664fe070de810d30a8e3a1186eda958909e9ed97799adfeceabc135efac83aee4271217a108450591db3b88\&AWSAccessKeyId=AKIAsdfJ4IAZE5EOIdsf7PA7VQ\&Expires=1374883403\&Signature=%2B1%2B7dfdfLN4NWP3C3bNF3gizSEVIU%3D"}

So that's how they hide their stream URL's. 这就是他们隐藏流媒体网址的方式。 The only non obvious part is that they find the song ID, by hitting an API with the URL as a parameter. 唯一不明显的部分是他们通过点击带有URL作为参数的API来找到歌曲ID。 Same can be done with download URL's on tracks that support it. 在支持它的轨道上下载URL也可以这样做。

If you goto SoundCloud.com and open up your debugger (Chrome is what I'm using). 如果您转到SoundCloud.com并打开调试器（Chrome就是我正在使用的）。 Look at the "Network" tab and you'll see a script calling audio?anonymous_id#########. 查看“网络”选项卡，您将看到一个调用音频的脚本？anonymous_id #########。

This is structured like a REST call, meaning they pass an id to a service on their backend, and that returns the audio output anonymously. 它的结构类似于REST调用，这意味着它们将id传递给后端的服务，并以匿名方式返回音频输出。

They Changed the Media center address and now they are streaming from the link like below.But the access to this url is restricted. 他们更改了媒体中心地址，现在他们从下面的链接流式传输。但是对此网址的访问受到限制。

https://cf-media.sndcdn.com/Exbr0RDsakIP.128.mp3?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiKjovL2NmLW1lZGlhLnNuZGNkbi5jb20vRXhicjBSRHNha0lQLjEyOC5tcDMiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE0NzgyOTg5NTV9fX1dfQ__&Signature=niisPQ5NHUqclFI9Mb-eH1BJvOC~0zUZme8CLMkocXMs2zCWe2U2~chPYDydJuYYV3iFtUjqwCK~t~~kQg2o5TKx0~iUSZ1E4ZNBbhvHJWqBliILbEd2gZzBnrHtS0nBNCMfIuUVWmkMtWAEWXI7NyvOBPqJab8KZR8qkFnleyzefHfssxPGWV8sW09en1VkjDRPasHRmc~w22lSpF3dWqZAFbocRFZGLS-h5eXj~Qin-kxMo2DgxHE0K-Svg4BPAJ83s408SkruRq3q3B46IBxmR4mDfx4U8T~tN1mvQZGWtXESm~rIY8K40ZSwdTlOE8eMiogFsjH5HzXvc3pBFA__&Key-Pair-Id=APKAJAGZ7VMH2PFPW6UQ https://cf-media.sndcdn.com/Exbr0RDsakIP.128.mp3?Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiKjovL2NmLW1lZGlhLnNuZGNkbi5jb20vRXhicjBSRHNha0lQLjEyOC5tcDMiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjE0NzgyOTg5NTV9fX1dfQ__&Signature=niisPQ5NHUqclFI9Mb-eH1BJvOC~0zUZme8CLMkocXMs2zCWe2U2~chPYDydJuYYV3iFtUjqwCK~t~~kQg2o5TKx0~iUSZ1E4ZNBbhvHJWqBliILbEd2gZzBnrHtS0nBNCMfIuUVWmkMtWAEWXI7NyvOBPqJab8KZR8qkFnleyzefHfssxPGWV8sW09en1VkjDRPasHRmc~w22lSpF3dWqZAFbocRFZGLS-h5eXj~Qin-kxMo2DgxHE0K-Svg4BPAJ83s408SkruRq3q3B46IBxmR4mDfx4U8T~tN1mvQZGWtXESm~rIY8K40ZSwdTlOE8eMiogFsjH5HzXvc3pBFA__&Key -Pair-ID = APKAJAGZ7VMH2PFPW6UQ