Initial commit

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -0,0 +1,68 @@
+# Saavn Song Downloader Chrome Extension
+
+![Snapshot](https://image.ibb.co/hGUe45/Unnamed_QQ_Screenshot20170819225454.png)
+
+This Extension will allow you to download any song, album or playlist in saavn seamlessly and easily.
+
+## Features
+
+- Select Any Quality Downloads (Supports HQ 320kbps)
+- Download a Single Song
+- Download an Album
+- Download a Playlist
+
+## How to use it
+
+- You will have a Download Selector on Top Menu. where you can select your download Quality
+- To Download a Single Song. You will see a "Download" button near the song title
+- To Download an Album You will see a "Download" button near the album title
+- To Download an Playlist You will see a "Download" button near the playlist name
+
+## How to Install it
+
+this extension is currently not hosted in chrome webstore, so you will have to install it manually on chrome. below are the steps
+
+- download the extension here : [download](https://bitbucket.org/shakee93/saavn-downloader-extension/get/61c666bbc197.zip)
+- extract the zip file
+- go to chrome extensions page [chrome://extensions/](chrome://extensions/)
+- you will see a button called "Load Unpacked Extension.." click that
+- select the extracted folder and press "ok"
+
+Note : the extension will be enabled on development mode. you will have a popup when opening the chrome. press cancel on that popup. you can always enable it again on the chrome extension page.
+
+## Issues
+
+if you have any issues regarding this extension you may submit a issue in here [issue link](https://bitbucket.org/shakee93/saavn-downloader-extension/issues/new) 
+
+## Behind the Scenes
+
+### overview
+
+Sorry to write this. but the saavn has a very poor security it is just exposed to everyone.. they haven't even mingled there code where in point a hacker or someone cannot read the code. the code they have minified is readable and easily exploitable because of it.
+
+if you have javascript knowledge you can easily understand whats going behind. on the web application they will generate a single response url for a song playback which will be played via the player on the web. the song url will expire in approx 10s which means you cannot download it most of the time as the url expires. it will give an Forbidden error most of the time when you try to download.
+
+### Flaws
+
+the web is typically exploitable we all know that. atleast this would have been much harder for someone to crack if it has been improved
+
+-The Didn't Mingle the code. anyone can read the code and understand it.
+
+-The Api of the application is exposed to the global anyone can access it from the chrome developer tools. for instance the 'Player' object :D you can play songs Programmatically. are you kidding ?
+
+-Each song object details directly printed on the dom '.song-json' :D any hacker can easily deserialize  the json object and use the data.
+
+if they fix those the extension will be stopped from working :D sorry guys
+
+### How it works
+
+Song
+- When you press a download button on song. it will send a request and generate a download URL from server.
+- Then it will download the song asynchronously in background. as the download song will have a gibberish name and no song details.
+- Then we will download the album art asynchronously.
+- Then we will add ID3 tags (Title, Singer, Cover, Composer and stuff) to the downloaded song.
+
+Album, Playlist
+- Will download all Songs asynchronously as mentioned above.
+- We will make a virtual zip on memory and create a folder and add the songs there.
+- Download the Zip

_locales/en/messages.json

@@ -0,0 +1,66 @@
+{
+  "l10nTabName": {
+    "message":"Localization"
+    ,"description":"name of the localization tab"
+  }
+  ,"l10nHeader": {
+    "message":"It does localization too! (this whole tab is, actually)"
+    ,"description":"Header text for the localization section"
+  }
+  ,"l10nIntro": {
+    "message":"'L10n' refers to 'Localization' - 'L' an 'n' are obvious, and 10 comes from the number of letters between those two.  It is the process/whatever of displaying something in the language of choice.  It uses 'I18n', 'Internationalization', which refers to the tools / framework supporting L10n.  I.e., something is internationalized if it has I18n support, and can be localized.  Something is localized for you if it is in your language / dialect."
+    ,"description":"introduce the basic idea."
+  }
+  ,"l10nProd": {
+    "message":"You <strong>are</strong> planning to allow localization, right?  You have <em>no idea</em> who will be using your extension!  You have no idea who will be translating it!  At least support the basics, it's not hard, and having the framework in place will let you transition much more easily later on."
+    ,"description":"drive the point home.  It's good for you."
+  }
+  ,"l10nFirstParagraph": {
+    "message":"When the options page loads, elements decorated with <strong>data-l10n</strong> will automatically be localized!"
+    ,"description":"inform that <el data-l10n='' /> elements will be localized on load"
+  }
+  ,"l10nSecondParagraph": {
+    "message":"If you need more complex localization, you can also define <strong>data-l10n-args</strong>.  This should contain <span class='code'>$containerType$</span> filled with <span class='code'>$dataType$</span>, which will be passed into Chrome's i18n API as <span class='code'>$functionArgs$</span>.  In fact, this paragraph does just that, and wraps the args in mono-space font.  Easy!"
+    ,"description":"introduce the data-l10n-args attribute.  End on a lame note."
+    ,"placeholders": {
+      "containerType": {
+        "content":"$1"
+        ,"example":"'array', 'list', or something similar"
+        ,"description":"type of the args container"
+      }
+      ,"dataType": {
+        "content":"$2"
+        ,"example":"string"
+        ,"description":"type of data in each array index"
+      }
+      ,"functionArgs": {
+        "content":"$3"
+        ,"example":"arguments"
+        ,"description":"whatever you call what you pass into a function/method.  args, params, etc."
+      }
+    }
+  }
+  ,"l10nThirdParagraph": {
+    "message":"Message contents are passed right into innerHTML without processing - include any tags (or even scripts) that you feel like.  If you have an input field, the placeholder will be set instead, and buttons will have the value attribute set."
+    ,"description":"inform that we handle placeholders, buttons, and direct HTML input"
+  }
+  ,"l10nButtonsBefore": {
+    "message":"Different types of buttons are handled as well.  &lt;button&gt; elements have their html set:"
+  }
+  ,"l10nButton": {
+    "message":"in a <strong>button</strong>"
+  }
+  ,"l10nButtonsBetween": {
+    "message":"while &lt;input type='submit'&gt; and &lt;input type='button'&gt; get their 'value' set (note: no HTML):"
+  }
+  ,"l10nSubmit": {
+    "message":"a <strong>submit</strong> value"
+  }
+  ,"l10nButtonsAfter": {
+    "message":"Awesome, no?"
+  }
+  ,"l10nExtras": {
+    "message":"You can even set <span class='code'>data-l10n</span> on things like the &lt;title&gt; tag, which lets you have translatable page titles, or fieldset &lt;legend&gt; tags, or anywhere else - the default <span class='code'>Boil.localize()</span> behavior will check every tag in the document, not just the body."
+    ,"description":"inform about places which may not be obvious, like <title>, etc"
+  }
+}