A spatial audio platform for creating and experiencing immersive 3D music mixes. Position individual stems in 3D space and let listeners experience your music with headphones-based HRTF spatial audio.
Frontend: SvelteKit + TypeScript + PixiJS + Resonance Audio Backend: Express + TypeScript + MongoDB + GridFS Auth: Auth.js with Google OAuth & Email/Password Deployment: Vercel (frontend) + Railway (backend)
- π΅ Spatial Audio Editor - Position stems in 3D space using visual map interface
- π§ HRTF Playback - Headphones-only binaural spatial audio using Google Resonance Audio
- π Dual Coordinate Systems - Cartesian (meters) and Spherical (azimuth/elevation/radius)
- ποΈ Stem Management - Upload, position, adjust gain, and delete individual stems
βΆοΈ Real-time Preview - Play/pause/restart with synchronized spatial audio- π Audio Deduplication - Efficient GridFS storage with MD5 hash deduplication
- π Multi-method Auth - Google OAuth or Email/Password via Auth.js
- π± Phone Recovery - SMS-based password reset using Twilio
- π€ User Ownership - Songs tied to creators, edit permissions enforced
- ποΈ Public Listening - Anyone can listen, only owners can edit
- π‘οΈ Protected Routes - JWT-like session validation on all write operations
- π¨ Visual Feedback - Real-time waveform visualization during playback
- π― Interactive Map - Drag-and-drop stem positioning with visual guides
- π Scale Control - Zoom in/out on the spatial map
- β¨οΈ Keyboard Shortcuts - Play/pause (Space), coordinate mode toggle, etc.
- π Per-stem Gain - Individual volume control for each stem
- Node.js 18+
- MongoDB URI (MongoDB Atlas or local instance)
- Google OAuth credentials (for sign-in)
- Twilio account (for SMS password recovery)
# Auth Configuration
AUTH_SECRET=your-random-secret-string-here
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
# MongoDB
MONGODB_URI=mongodb://localhost:27017 # or your Atlas URI
# API
VITE_API_URL=http://localhost:3001# MongoDB
MONGODB_URI=mongodb://localhost:27017 # or your Atlas URI
# Port
PORT=3001# Install all dependencies
npm install
# Build shared package
npm run build:shared
# Run development servers (client + server)
npm run devThe client will run on http://localhost:5173 and the server on http://localhost:3001.
Frontend (Vercel):
- Set
VITE_API_URLto your Railway backend URL - Set Auth.js environment variables
Backend (Railway):
- Set
MONGODB_URIto your MongoDB Atlas connection string - Auto-deploys from GitHub pushes
audio-xr/
βββ client/ # SvelteKit frontend
β βββ src/
β β βββ routes/ # Pages and API routes
β β β βββ +page.svelte # Home page
β β β βββ songs/+page.svelte # Songs list
β β β βββ songs/[id]/edit/ # Spatial audio editor
β β β βββ auth/signin/ # Authentication
β β βββ lib/
β β β βββ components/ # Reusable UI components
β β β β βββ MapEditor.svelte # 3D positioning editor
β β β β βββ UploadSongForm.svelte
β β β βββ api.ts # API configuration
β β βββ hooks.server.ts # Auth.js configuration
β βββ package.json
βββ server/ # Express backend API
β βββ src/
β β βββ routes/
β β β βββ songs.ts # Song CRUD
β β β βββ stems.ts # Stem streaming
β β β βββ stems-upload.ts # Stem upload/update
β β β βββ users.ts # User registration/recovery
β β βββ middleware/
β β β βββ auth.ts # Authentication middleware
β β βββ index.ts # Express server
β βββ package.json
βββ shared/ # Shared TypeScript types
β βββ src/types/song.ts
βββ package.json # Root workspace config
- SvelteKit - Full-stack framework with SSR
- TypeScript - Type safety
- PixiJS - 2D map canvas rendering
- Resonance Audio - Google's spatial audio library (HRTF)
- Auth.js - Authentication framework
- Express - REST API server
- MongoDB - Document database
- GridFS - Audio file storage with deduplication
- bcryptjs - Password hashing
- Multer - File upload handling
- Auth.js (SvelteKit) - Session management
- Google OAuth - One-click sign-in
- Credentials Provider - Email/password auth
- Twilio (optional) - SMS password recovery
- Upload: Creator uploads a song and individual stems (vocals, drums, bass, etc.)
- Position: Creator positions each stem in 3D space using the map editor
- Store: Stems stored in MongoDB GridFS with position metadata
- Listen: Listener loads the song, downloads stems, and hears spatial audio
- HRTF: Resonance Audio processes each stem based on its 3D position
- Output: Binaural audio played through headphones
- User clicks "Sign In to Create" or "Upload"
- Redirected to
/auth/signin - Choose Google OAuth or Email/Password
- If Email/Password signup, optionally add phone number for recovery
- Session created via Auth.js
- User ID attached to all created songs
- Edit actions check ownership before allowing changes
- User clicks "Forgot Password"
- Enters phone number
- Receives 6-digit SMS code via Twilio
- Enters code + new password
- Password reset, can log in again
GET /api/songs- List all songs (public)GET /api/songs/:id- Get song details (public)POST /api/songs- Create song (requires auth)
POST /api/songs/:id/stems- Upload stem (requires ownership)PATCH /api/songs/:id/stems/:stemId- Update stem position (requires ownership)DELETE /api/songs/:id/stems/:stemId- Delete stem (requires ownership)GET /api/stems/:fileId- Stream stem audio (public)
POST /api/users/register- Register new userPOST /api/users/reset-password/request- Request SMS reset codePOST /api/users/reset-password/verify- Verify code and reset password
For Listeners:
- Browse songs at
/songs - Click any song to listen
- Put on headphones for full spatial effect
- Press play and experience 3D audio
For Creators:
- Sign in with Google or create account
- Click "Create New" to upload a song
- Add individual stems (vocals, drums, bass, etc.)
- Position stems on the 3D map
- Preview with play button
- Share the song URL with listeners
- Passwords hashed with bcryptjs (never stored plain)
- Google OAuth users have no password stored
- Sessions validated via Auth.js
- API routes protected with ownership checks
- CORS configured for production domains
- Admin has MongoDB access for manual recovery
See LICENSE.txt for details.