Is there no subsonic-compatible media server app for SFOS?

The SubSonic API has long been the quasi standard for (mobile) media streaming.* I’ve used e.g. DSub (FOSS Android app) for both Navidrome and Airsonic, and maybe one or two more, on and off for many years.

Having one Subsonic compatible app would provide access to many media servers.

I just tried to connect Sailfin to my Navidrome, it did not work (it did work for Jellyfin). Apparently Jellyfin is not SubSonic API compatible.
I don’t like Jellyfin’s PHP dependency very much. Navidrome works much better for me.

BTW - because I know somebody will bring it up - while the browser works well enough, it won’t allow me to switch off the screen and still continue listening.

* This is even official nowadays.

I have made an app called Supersonik. Its a Qt6/Kirigami app so you need to install all the qt6 stuff, see Packaging Qt6 (6.7.2) for Sailfish OS - #22 by decon It is far from perfect, but happy to have feedback GitHub - piggz/supersonik · GitHub Adam Pigg: "Added genre support so Supersonik, my @kde@floss.…" - Fosstodon

Cool! It connects but cannot play back, I get this error:

https protocol not found, recompile FFmpeg with openssl, gnutls or securetransport enabled.

I configured my music server (Navidrome) to only run on https.

I suspect this error is generated by qt6-qtmultimedia and not your app directly, which is why I did not open an issue on github.

It looks like qt6-qtmultimedia could also use gstreamer, but I wouldn’t know how to configure that (and I have no idea if that would be able to use TLS/SSL).

I suspect this has something to do with SFOS ffmpeg version.
Hackishly replacing /usr/bin/ffmpeg with this version changes nothing (although that version is able to receive secure streams).

Ah ok, i configured my subsonic server to use http, as I connect via my tailscale network, so its not over the public internet. Ill try and find time to look at the qt6mm build options.

Thanks, but I’m not sure how build options could help. The culprit is SFOS’ default ffmpeg version which does not support HTTPS.

I suspect qt6mm uses ffmpeg libraries and not the executable itself. I wonder if it can be made to search for those libraries elsewhere, so users could install a better version.

And just to be clear: your app connects fine over HTTPS, it’s only the playback that gives up with the above error.

I have a version of Subsoniq that works on my C2. I’ve not published it because it’s mostly a recompilation of a work of another, but if you’re interested i can publish the source on github (iirc i have to check if there are no licenses issues).

I started learning c++ and qt on Friday. So far I’ve created:

• Logging in
• Searching for songs
• Playing songs

There is not much and currently there is only a deployment prepared for aarch64. If you simply need to play a song, this works. I’ll be updating this in the near future. My plan is to have working:

• Playlists
• Searching for artists
• Playing a playlist
• Playing random songs

Link: Making sure you're not a bot!

Ps.: My code quality won’t be good for now. I am a javascript developer, trying to learn qml and c++. I’ll try to fix it over time.
Ps2.: I am using sony 10 2 as my testing platform and use this app on fairphone 5. I have no idea how this will look like on other devices.

Edit:
Added v0.2 with playlists support

Edit v2: Pushed to open-repos SubMusic | OpenRepos.net — Community Repository System

@JulienBlanc yes please, I am absolutely interested! Are you refering to this? It’s GPLv2 so you have every right to fork & publish it.

@ScaleneVirus288 thanks I’ll check it out.

Most subsonic clients have a feature to automatically download songs you listened to for later offline use (or manually); I find that extremely handy and imho all clients should implement it.

I could try to do something like that in a future as a settings toggle + add a option to simply download a song instead of playing it. My client is also missing proper filtering + v0.5.1 still has some audio issues. I should move logic related to filtering to c++ backend instead of doing it on the frontend side. Player is trying to play unbuffered songs sometimes. Too many issues to fix, so little time…

I start new job on April 1th and I won’t be able to work on my app until around April 5th-6th. Fell free to ping me after that,

“Deleted by author” = I assume that you fixed your issue ? This app is working for at least 3 people ( me and 2 others that contacted me ). In any case, feel free to ping me if if you any issues.

I just tested your app and it works. Yay!

I have to say it’s very rudimentary, or maybe I don’t know how to add or search for albums etc.? It’s just one long list of songs?

A (small) issue: I entered the URL as …/app and while that works on my other (Android) app, here it did not. There cannot even be a trailing slash (I checked my server logs, it reports a 405 on //rest/ping.view?u=…).

And if I can I’d love to help with encrypted password storage. How (securely) is the password being sent over the web?

I can enter search terms, or filter the list. I can then add only filtered items to the playlist? Great and minimalistic concept!

It does not seem to work for “add all from current page” - but it does work for “add all”. However, that does not add but replaces the playlist. Hrmph.

And even so, I cannot add an album in its “natural” order.

The play/pause/next icons are a bit too small, I have to hit them in a very specific way. Fat fingers.

One good thing that works as it should is that it conmtinues playing even when not in focus or when the screen goes to sleep.

I hope you can read this as friendly & constructive. I looked at the repo but I don’t think I’ll be able to contribute any actual code.

You are right that this is rudimentary. I wanted something working, not perfect. All I do is search for song, play it and sometimes star it.
Pavel joined me ( pavelse here on the forum ) and he wants to make proper ui design. Sadly I don’t have time to learn how to do stuff in qml, so I rarely do anything with this. I gave him green light to do anything he wants.

Full list of features is on open-repos. In short: playing songs, creating playlists, starring songs and using scrobble ( mark that song has been listened to ). I have some roadmap, but its really basic: Making sure you're not a bot!.

About url. Code used for communication looks like this
QString urlStr = toQString(baseUrl) + "/rest/ping.view";
So there is no validation for additional slashes at the end etc. You have to provide full url and only url. I can try to add some additional validation in the future. I believe that navidrome uses /app as a internal web ui, where rest api ( /rest ) is used on domain itself.

And if I can I’d love to help with encrypted password storage. How (securely) is the password being sent over the web?

Subsonic requires hashed password + username in url with salt. This app is not that secured. Pavel did some work on latest commits, which recreates salt and hash every req to make it more secured. I have no idea if subsonic supports JWT or something similar, but I have it in the roadmap task.

• Add all to playlist = add all songs from /rest/search2 to playlist. If songs changed between you searched for a songs and pressing this, new songs returned by this api will be added to playlist.
• Add all to playlist from current page = Create a playlist from pageSize found songs from above api. This is using “page” param to control what songs to add.
• Add all to playlist in random order = this is using /rest/getRandomSongs. This is depended on how subsonic server returns songs.
• Add all to playlist from current page in random order = this is 1:1 “Add all to playlist from current page”, but randomizes songs

I believe that all buttons keep first song in the playlist and replace everything else. This is done to not disturb current player. If this is a issue for you, I can create new issue on the roadmap and try to add a toggle in settings.

And even so, I cannot add an album in its “natural” order.

I download all my songs from yt via yt-dl. This tool does not create albums, thus I have no way of testing those. Pavel is using navidrome and intended. If possible, could you expand this comment ? It will be easier to know what to work on.

The play/pause/next icons are a bit too small, I have to hit them in a very specific way. Fat fingers.

I’ve added new entry in the roadmap to make ui resizable via settings. Not sure when some1 will take it.

I hope you can read this as friendly & constructive. I looked at the repo but I don’t think I’ll be able to contribute any actual code.

To be honest with you I was really shocked that this app got +150 downloads in 2-3 weeks of existing. I also got additional person, who cared enough to contribute in places that I lack knowledge ( I learned qml and c++ just to make this app with really limited time ). Sfos community for me is super nice and I am helpful for any contributions that I receive. Doesn’t matter if those are new commits, things reported on the forum or messages on PM.

Edit: Typos

Thanks for explaining. It’s fine; I mostly included this complaint to explain why I deleted my previous post. But it would be good to add some text that explains this, above the entry field.
And I’ve never seen a double slash (//rest/...) causing trouble before, but that’s on Navidrome’s side.

I don’t really understand but I’ll take your word for it. IMHO it’s important to improve this.

Thanks for the detailed explanation. I get it now. I also just discovered that tap-holding, I can add single songs to the playlist. Good.

all buttons keep first song in the playlist and replace everything else

That makes sense but I’m pretty sure I found some inconsistency there. I’ll report back if I can reproduce it.

Well first of all yt-dlp can download albums (or playlists), even create them through splitting tracks by chapters. I also use it extensively.

What I mean is order albums by track number. Right now, the search returns tracks sorted alphabetically by track name. To explain:

Here’s a ls of an album I have downloaded:

01 Like An Animal - The Glove (Blue Sunshine) 20260120.mp3
02 Looking Glass Girl - The Glove (Blue Sunshine) 20260120.mp3
03 Sex-Eye-Make-Up - The Glove (Blue Sunshine) 20260120.mp3
04 Mr. Alphabet Says - The Glove (Blue Sunshine) 20260120.mp3
05 A Blues In Drag - The Glove (Blue Sunshine) 20260120.mp3
06 Punish Me With Kisses - The Glove (Blue Sunshine) 20260120.mp3
07 This Green City - The Glove (Blue Sunshine) 20260120.mp3
08 Orgy - The Glove (Blue Sunshine) 20260120.mp3
09 Perfect Murder - The Glove (Blue Sunshine) 20260120.mp3
10 Relax - The Glove (Blue Sunshine) 20260120.mp3
11 The Man From Nowhere (Original Instrumental Mix) - The Glove (Blue Sunshine) 20260120.mp3
12 Mouth To Mouth (Landray Vocal Mix) - The Glove (Blue Sunshine) 20260120.mp3
13 Punish Me With Kisses (Mike Hedges Mix) - The Glove (Blue Sunshine) 20260120.mp3
14 The Tightrope (Original Instrumental Mix) - The Glove (Blue Sunshine) 20260120.mp3
15 Like An Animal (12＂ Club What Club？ Mix) - The Glove (Blue Sunshine) 20260120.mp3
16 Like An Animal (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
17 Looking Glass Girl (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
18 Sex-Eye-Make-Up (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
19 Mr. Alphabet Says (Alt RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
20 A Blues In Drag (Alt RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
21 Punish Me With Kisses (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
22 This Green City (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
23 Orgy (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
24 Perfect Murder (Alt RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
25 Relax (Alt RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
26 The Man From Nowhere (Alt Instrumental Mix) - The Glove (Blue Sunshine) 20260120.mp3
27 Mouth To Mouth (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
28 Opened The Box (A Waltz) (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
29 The Tightrope (Almost Time) (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
30 And All Around Us The Mermaids Sang (AKA Torment) (RS Vocal Demo) - The Glove (Blue Sunshine) 20260120.mp3
31 Holiday 80 (Original Instrumental Mix) - The Glove (Blue Sunshine) 20260120.mp3

Let’s look at internal tags:

mediainfo 01\ Like\ An\ Animal\ -\ The\ Glove\ \(Blue\ Sunshine\)\ 20260120.mp3
General
Complete name                            : 01 Like An Animal - The Glove (Blue Sunshine) 20260120.mp3
Format                                   : MPEG Audio
File size                                : 4.51 MiB
Duration                                 : 4 min 44 s
Overall bit rate                         : 128 kb/s
Album                                    : Blue Sunshine
Album/Performer                          : The Glove
Track name                               : Like An Animal
Track name/Position                      : 1
Performer                                : The Glove
Genre                                    : rock, dreampop, ethereal, new wave, post-punk, psychedelic, United Kingdom
Recorded date                            : 2026
Writing library                          : LAME3.99r
Cover                                    : Yes
Cover description                        : Album cover
Cover type                               : Cover (front)
Cover MIME                               : image/jpeg
Comment                                  : https://thegloveband.bandcam
purl                                     : https://thegloveband.bandcamp.com/track/like-an-animal
comment                                  : https://thegloveband.bandcamp.com/track/like-an-animal

Note the field “Track name/Position”.* This increases by 1 with every track.

If, in your app, I filter for “the glove blue sunshine” I get this:

Screenshot_20260411_103501_0011080×2520 441 KB

“Add current page to playlist” adds the tracks in exactly that order.

I think you can see that this is not desirable.

* the naming of any media tags is not very consistent unfortunately. Another song might have used a slightly different tag for the track number.

mediainfo --info-parameters|grep -i track
Track
Track_More
Track/Url
Track/Sort
Track/Position
Track/Position_Total
SubTrack
Original/Track

Once again, thanks to you and @pavelse! The app feels stable, snappy and useful.

My 5 cents here.

Speaking about

And if I can I’d love to help with encrypted password storage. How (securely) is the password being sent over the web?

I was thinking about doing something more securely, but the SubSonic API, which is also used by Navidrome, got stuck somewhere in the late 2010s and probably will not be developed anymore, so it is required to deliver an auth token from the plain text password. There is a salt added (since v0.6 – new one for every request), and the resulting token is MD5 hashed, so even if the request is intercepted, the bad guy will need to use brute force to deliver the password from it.

Additional improvements here are possible, e.g.

- It is also possible to hash the password on the device side with some device-specific salt and store it on a FS in a reversible hashed form. If this hash is stolen, yes, the bad guy will need to spend some time to find the salt and reverse the hash. Voila, we can remove the scary message about plain text from the app, but.

– All these manipulations make sense assuming that the attacker’s goal is to see the password, while for Navidrome, it is not needed – there is no check on the server side (at least in the current version) that the token has expired or was used before. The bad guy could use the intercepted or stolen token ‘as-is’ without knowing the password.

– If the whole device is available for a bad guy, he will be able to restore the plain password using the same means that the application would use

– I need to check if there is something TPM-like (or rather crypto storage) available, but even if so, because the app needs plain text, having the device in hand, one can also see the plain text.

- Navidrome (and probably SubSonic) can use a better auth mechanism, which means one still uses the same SubSonic auth mechanism (or even no auth) but puts the whole server behind the proxy, which performs authorization with any modern means. Although this would be a significant step forward, in real life, I mostly see people putting everything in the private VPN and calling it a day.

Actually, that part about hashing on the device side is in my to-do list, but not as a security feature (because it is not), but as a part of refactoring, which is, you know, always somewhere around but not the first priority

Edit: some clarification about on-device hash

Edit2: maybe it makes more sense to store obvuscated password only until reboot. Looks more feasible than inventing TPM where there is no one, and secure enough

all buttons keep first song in the playlist and replace everything else

That makes sense but I’m pretty sure I found some inconsistency there. I’ll report back if I can reproduce it.

Are you talking about the situation when a single song sticks in the playlist even though there should be more songs there? I faced it once, but it was on a crossroad (like literally), so I had no chance to reproduce it. If you can find the exact steps here, it would be helpful.

Speaking about albums – I personally like the approach of adding songs from a raw search result, instead of making a client on-phone database for the server database, but I also caught myself some times on “it would be useful to have spotify-like ‘go to album’ button here” – will it cover your use case? This thing is on my personal to-do list and quite high, and for a single album, it would be easier to preserve the track order

Thanks for the deep explanation. I meant helping with local storage but tbh even that is beyond me. I know practically nothing about Qt/QML.

Interesting approach to avoid re-creating the server database. A “thin” frontend to the API, I guess.

Anything that allows me to find & add an album to the queue, in its intended order, would be great. I don’t use Spotify so I’m not 100% sure what you are refering to but it’s a common procedure.

Thanks for nothing

In a professional setting, I do not face consumer-side devices often, so in my answer, I missed an obvious attack vector, which is ‘malicious 3rd party app installed by user.’ This indeed requires better secret handling. I’ll try to come up with the solution in the next version.

About albums: the flow here will be like:

1. Search for something (artist, album, song name)
2. From the search result, select a song that belongs to the album you are interested in
3. From the song line, select ‘Go to album’ and be redirected to the album page, where songs are sorted by the track number
4. From there, add the album fully in the aforementioned order