feat: disallow running spicetify as admin/root

rxri · rxri · commit 1ec567bddbb1 · 2025-02-27T23:42:19.000+01:00
diff --git a/CustomApps/lyrics-plus/index.js b/CustomApps/lyrics-plus/index.js
@@ -58,9 +58,14 @@ const CONFIG = {
 		delay: 0,
 	},
 	providers: {
+		lrclib: {
+			on: getConfig("lyrics-plus:provider:lrclib:on"),
+			desc: "Lyrics sourced from lrclib.net. Supports both synced and unsynced lyrics. LRCLIB is a free and open-source lyrics provider.",
+			modes: [SYNCED, UNSYNCED],
+		},
 		musixmatch: {
 			on: getConfig("lyrics-plus:provider:musixmatch:on"),
-			desc: "Fully compatible with Spotify. Requires a token that can be retrieved from the official Musixmatch app. If you have problems with retrieving lyrics, try refreshing the token by clicking <code>Refresh Token</code> button.",
+			desc: "Fully compatible with Spotify. Requires a token that can be retrieved from the official Musixmatch app. If you have problems with retrieving lyrics, try refreshing the token by clicking <code>Refresh Token</code> button. You may need to be forced to use your own CORS Proxy to use this provider.",
 			token: localStorage.getItem("lyrics-plus:provider:musixmatch:token") || "21051986b9886beabe1ce01c3ce94c96319411f8f2c122676365e3",
 			modes: [KARAOKE, SYNCED, UNSYNCED],
 		},
@@ -70,15 +75,10 @@ const CONFIG = {
 			modes: [SYNCED, UNSYNCED],
 		},
 		netease: {
-			on: getConfig("lyrics-plus:provider:netease:on"),
+			on: getConfig("lyrics-plus:provider:netease:on", false),
 			desc: "Crowdsourced lyrics provider ran by Chinese developers and users.",
 			modes: [KARAOKE, SYNCED, UNSYNCED],
 		},
-		lrclib: {
-			on: getConfig("lyrics-plus:provider:lrclib:on"),
-			desc: "Lyrics sourced from lrclib.net. Supports both synced and unsynced lyrics. LRCLIB is a free and open-source lyrics provider.",
-			modes: [SYNCED, UNSYNCED],
-		},
 		genius: {
 			on: spotifyVersion >= "1.2.31" ? false : getConfig("lyrics-plus:provider:genius:on"),
 			desc: "Provide unsynced lyrics with insights from artists themselves. Genius is disabled and cannot be used as a provider on <code>1.2.31</code> and higher.",
@@ -175,9 +175,10 @@ class LyricsContainer extends react.Component {
 		this.styleVariables = {};
 		this.fullscreenContainer = document.createElement("div");
 		this.fullscreenContainer.id = "lyrics-fullscreen-container";
-		this.mousetrap = new Spicetify.Mousetrap();
+		this.mousetrap = null;
 		this.containerRef = react.createRef(null);
 		this.translator = null;
+		this.initMoustrap();
 		// Cache last state
 		this.languageOverride = CONFIG.visual["translate:detect-language-override"];
 		this.translate = CONFIG.visual.translate;
@@ -647,6 +648,11 @@ class LyricsContainer extends react.Component {
 		reader.readAsText(file[0]);
 		event.target.value = "";
 	}
+	initMoustrap() {
+		if (!this.mousetrap && Spicetify.Mousetrap) {
+			this.mousetrap = new Spicetify.Mousetrap();
+		}
+	}
 
 	componentDidMount() {
 		this.onQueueChange = async ({ data: queue }) => {
diff --git a/spicetify.go b/spicetify.go
@@ -17,23 +17,55 @@ import (
 	"github.com/spicetify/cli/src/cmd"
 	spotifystatus "github.com/spicetify/cli/src/status/spotify"
 	"github.com/spicetify/cli/src/utils"
+	"golang.org/x/sys/windows"
 )
 
 var (
 	version string
 )
 
 var (
-	flags          = []string{}
-	commands       = []string{}
-	quiet          = false
-	extensionFocus = false
-	appFocus       = false
-	styleFocus     = false
-	noRestart      = false
-	liveRefresh    = false
+	flags            = []string{}
+	commands         = []string{}
+	quiet            = false
+	extensionFocus   = false
+	appFocus         = false
+	styleFocus       = false
+	noRestart        = false
+	liveRefresh      = false
+	bypassAdminCheck = false
 )
 
+func isAdmin(bypassAdminCheck bool) bool {
+	if bypassAdminCheck {
+		return false
+	}
+
+	switch runtime.GOOS {
+	case "windows":
+		var sid *windows.SID
+		err := windows.AllocateAndInitializeSid(
+			&windows.SECURITY_NT_AUTHORITY,
+			2,
+			windows.SECURITY_BUILTIN_DOMAIN_RID,
+			windows.DOMAIN_ALIAS_RID_ADMINS,
+			0, 0, 0, 0, 0, 0,
+			&sid)
+		if err != nil {
+			return false
+		}
+		defer windows.FreeSid(sid)
+
+		token := windows.Token(0)
+		member, err := token.IsMember(sid)
+		return err == nil && member
+
+	case "linux", "darwin":
+		return os.Geteuid() == 0
+	}
+	return false
+}
+
 func init() {
 	if runtime.GOOS != "windows" &&
 		runtime.GOOS != "darwin" &&
@@ -66,6 +98,8 @@ func init() {
 
 	for _, v := range flags {
 		switch v {
+		case "--bypass-admin":
+			bypassAdminCheck = true
 		case "-c", "--config":
 			fmt.Println(cmd.GetConfigPath())
 			os.Exit(0)
@@ -110,6 +144,15 @@ func init() {
 		os.Stdout = nil
 	}
 
+	if isAdmin(bypassAdminCheck) {
+		utils.PrintError("Spicetify should not be run with administrator/root privileges")
+		utils.PrintError("Running as admin can cause Spotify to show a black/blank window after applying spicetify")
+		utils.PrintError("This happens because Spotify (running as a normal user) can't access files modified with admin privileges")
+		utils.PrintInfo("If you understand the risks and need to continue anyway, you can use the '--bypass-admin' flag.")
+		utils.PrintInfo("Spicetify is now exiting...")
+		os.Exit(1)
+	}
+
 	utils.MigrateConfigFolder()
 	utils.MigrateFolders()
 	cmd.InitConfig(quiet)
