From 3a3f6498158e10ad275351fde0ab2db5869ece5c Mon Sep 17 00:00:00 2001
From: wen wang <wangw469@gmail.com>
Date: Sun, 8 Dec 2024 01:30:28 +0800
Subject: [PATCH] only use secrets with 200 and 401 status code (#781)

---
 streamrip/client/qobuz.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/streamrip/client/qobuz.py b/streamrip/client/qobuz.py
index ce0b8cc..44703a3 100644
--- a/streamrip/client/qobuz.py
+++ b/streamrip/client/qobuz.py
@@ -382,8 +382,22 @@ async def _get_app_id_and_secrets(self) -> tuple[str, list[str]]:
         async with QobuzSpoofer() as spoofer:
             return await spoofer.get_app_id_and_secrets()
 
+    async def _test_secret(self, secret: str) -> Optional[str]:
+        status, _ = await self._request_file_url("19512574", 4, secret)
+        if status == 400:
+            return None
+        if status == 200 or status == 401:
+            return secret
+        logger.warning("Got status %d when testing secret", status)
+        return None
+
     async def _get_valid_secret(self, secrets: list[str]) -> str:
-        working_secrets = [r for r in secrets]
+        results = await asyncio.gather(
+                *[self._test_secret(secret) for secret in secrets],
+                )
+        working_secrets = [r for r in results if r is not None]
+        if len(working_secrets) == 0:
+            raise InvalidAppSecretError(secrets)
 
         return working_secrets[0]