Spotify-Helper

• Back-end
• Node.js
• Discord.js
• SQLite
• Spotify Web API
• OAuth 2.0

Spotify Helper is a Discord bot that seamlessly integrates Spotify playback controls directly into Discord servers, allowing users to play songs and manage their queue without leaving the chat interface.

I built the entire system: a Discord bot with slash commands, OAuth 2.0 authentication flow for Spotify, token management with automatic refresh, and a web interface for secure account linking. The bot extracts Spotify track IDs from shared links and controls playback through Spotify’s Web API.

How it works (link → playback)

1. Account linking: Users run /setup to get a secure OAuth link that connects their Spotify account to their Discord profile, storing encrypted tokens in SQLite.
2. Link detection: When users share Spotify track links in chat, the bot automatically extracts track IDs using regex pattern matching.
3. Playback control: Right-clicking on messages with Spotify links reveals context menu options to either play immediately or add to queue.
4. Token management: The bot automatically refreshes expired access tokens using refresh tokens, ensuring seamless operation without user intervention.
5. Device integration: The bot detects active Spotify devices and plays music on the first available device, with fallback error handling.

What I built (scope & responsibilities)

• Discord bot framework: slash commands, context menus, and event handling using Discord.js v14 with proper intents and partials.
• OAuth 2.0 flow: secure Spotify authentication with PKCE, token storage, and automatic refresh mechanism.
• Database layer: SQLite integration for user data, Spotify credentials, and request tracking with UUID-based security.
• Spotify API integration: device detection, playback control, queue management, and comprehensive error handling.
• Web authentication: external site for secure OAuth callback handling and token exchange.

Design choices that make it robust

• Automatic token refresh: prevents authentication failures by proactively refreshing tokens before they expire (1-hour threshold).
• Context menu integration: seamless UX by detecting Spotify links in messages and providing right-click actions.
• Error resilience: comprehensive error handling for device unavailability, network issues, and API rate limits.
• Security-first: UUID-based request tracking, secure token storage, and proper OAuth flow implementation.
• Modular architecture: clean separation between commands, database functions, and API utilities for maintainability.