Merge pull request 'feat/interactive-auth' (#9) from feat/interactive-auth into main
Reviewed-on: #9
This commit was merged in pull request #9.
This commit is contained in:
20
README.md
20
README.md
@@ -26,15 +26,16 @@ go build -o canvasarchiver ./cmd/canvasarchiver
|
|||||||
./canvasarchiver -fo
|
./canvasarchiver -fo
|
||||||
```
|
```
|
||||||
|
|
||||||
Or for videos-only mode (all Panopto videos flat, no files):
|
Or for videos-only mode (all Panopto videos flat, no files):
|
||||||
```bash
|
```bash
|
||||||
./canvasarchiver -vo
|
./canvasarchiver -vo
|
||||||
```
|
```
|
||||||
|
|
||||||
2. On first run, you'll be prompted to authenticate:
|
2. On first run, you'll be prompted to choose an authentication method:
|
||||||
- Visit the provided OAuth URL
|
- **[1] Login via browser (OAuth)**: Visit the provided URL, authorize, and paste the code
|
||||||
- Authorize the application
|
- **[2] Use Canvas API token**: Enter a manually generated API token (e.g. `12230~...`)
|
||||||
- Copy the authorization code back to the terminal
|
|
||||||
|
The choice is saved and reused on subsequent runs.
|
||||||
|
|
||||||
3. Enter your Course ID when prompted (or use `-me` to download all enrolled courses)
|
3. Enter your Course ID when prompted (or use `-me` to download all enrolled courses)
|
||||||
|
|
||||||
@@ -54,7 +55,6 @@ go build -o canvasarchiver ./cmd/canvasarchiver
|
|||||||
| `-me` | Download all enrolled courses |
|
| `-me` | Download all enrolled courses |
|
||||||
| `-n` | Prefix modules with order numbers `[1]`, `[2]`, etc. |
|
| `-n` | Prefix modules with order numbers `[1]`, `[2]`, etc. |
|
||||||
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
The following constants can be modified in `internal/config/config.go`:
|
The following constants can be modified in `internal/config/config.go`:
|
||||||
@@ -66,7 +66,7 @@ The following constants can be modified in `internal/config/config.go`:
|
|||||||
|
|
||||||
## Authentication
|
## Authentication
|
||||||
|
|
||||||
Credentials are stored in `credentials.json` after the first successful login. The refresh token is automatically used for subsequent runs.
|
Credentials are stored in `credentials.json` after the first successful authentication. The chosen method is remembered for subsequent runs — OAuth refresh tokens are automatically refreshed, and API tokens are validated before saving.
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
|
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ func main() {
|
|||||||
httpClient := &http.Client{}
|
httpClient := &http.Client{}
|
||||||
|
|
||||||
authenticator := auth.NewAuthenticator(httpClient)
|
authenticator := auth.NewAuthenticator(httpClient)
|
||||||
accessToken, err := authenticator.GetAccessToken()
|
accessToken, err := authenticator.GetToken()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("Authentication failed: %v\n", err)
|
fmt.Printf("Authentication failed: %v\n", err)
|
||||||
return
|
return
|
||||||
|
|||||||
@@ -27,11 +27,39 @@ func NewAuthenticator(client *http.Client) *Authenticator {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *Authenticator) GetAccessToken() (string, error) {
|
func (a *Authenticator) GetToken() (string, error) {
|
||||||
|
creds, err := LoadCredentials()
|
||||||
|
if err == nil && creds.AuthMethod != "" {
|
||||||
|
switch creds.AuthMethod {
|
||||||
|
case "api":
|
||||||
|
token := strings.TrimSpace(creds.APIToken)
|
||||||
|
if token == "" {
|
||||||
|
return a.promptMethod()
|
||||||
|
}
|
||||||
|
fmt.Print("[*] Validating saved API token... ")
|
||||||
|
if err := a.validateAPIToken(token); err != nil {
|
||||||
|
fmt.Println("FAILED")
|
||||||
|
fmt.Printf("[!] %v\n", err)
|
||||||
|
SaveCredentials(&models.Credentials{})
|
||||||
|
return a.promptMethod()
|
||||||
|
}
|
||||||
|
fmt.Println("OK")
|
||||||
|
return token, nil
|
||||||
|
case "oauth":
|
||||||
|
return a.refreshOrLogin()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return a.promptMethod()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *Authenticator) refreshOrLogin() (string, error) {
|
||||||
creds, err := LoadCredentials()
|
creds, err := LoadCredentials()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return a.login()
|
return a.login()
|
||||||
}
|
}
|
||||||
|
if strings.TrimSpace(creds.RefreshToken) == "" {
|
||||||
|
return a.login()
|
||||||
|
}
|
||||||
|
|
||||||
fmt.Println("[*] Reusing saved refresh token...")
|
fmt.Println("[*] Reusing saved refresh token...")
|
||||||
tr, err := a.doTokenRequest(url.Values{
|
tr, err := a.doTokenRequest(url.Values{
|
||||||
@@ -49,6 +77,66 @@ func (a *Authenticator) GetAccessToken() (string, error) {
|
|||||||
return tr.AccessToken, nil
|
return tr.AccessToken, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *Authenticator) promptMethod() (string, error) {
|
||||||
|
fmt.Println("Select authentication method:")
|
||||||
|
fmt.Println(" [1] Login via browser (OAuth)")
|
||||||
|
fmt.Println(" [2] Use Canvas API token")
|
||||||
|
fmt.Print("Choice (1/2): ")
|
||||||
|
input, err := bufio.NewReader(os.Stdin).ReadString('\n')
|
||||||
|
if err != nil && err != io.EOF {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
switch strings.TrimSpace(input) {
|
||||||
|
case "2":
|
||||||
|
return a.setupAPIToken()
|
||||||
|
default:
|
||||||
|
return a.login()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *Authenticator) setupAPIToken() (string, error) {
|
||||||
|
fmt.Print("Enter Canvas API token: ")
|
||||||
|
token, err := bufio.NewReader(os.Stdin).ReadString('\n')
|
||||||
|
if err != nil && err != io.EOF {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
token = strings.TrimSpace(token)
|
||||||
|
if token == "" {
|
||||||
|
return "", fmt.Errorf("empty API token")
|
||||||
|
}
|
||||||
|
|
||||||
|
fmt.Print("[*] Validating API token... ")
|
||||||
|
if err := a.validateAPIToken(token); err != nil {
|
||||||
|
fmt.Println("FAILED")
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
fmt.Println("OK")
|
||||||
|
|
||||||
|
if err := SaveCredentials(&models.Credentials{
|
||||||
|
AuthMethod: "api",
|
||||||
|
APIToken: token,
|
||||||
|
}); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
fmt.Println("[+] API token saved.")
|
||||||
|
return token, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *Authenticator) validateAPIToken(token string) error {
|
||||||
|
req, _ := http.NewRequest("GET", config.BaseURL+"/api/v1/users/self", nil)
|
||||||
|
req.Header.Set("Authorization", "Bearer "+token)
|
||||||
|
resp, err := a.HTTPClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
if resp.StatusCode != 200 {
|
||||||
|
body, _ := io.ReadAll(resp.Body)
|
||||||
|
return fmt.Errorf("invalid token: %d %s", resp.StatusCode, strings.TrimSpace(string(body)))
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (a *Authenticator) login() (string, error) {
|
func (a *Authenticator) login() (string, error) {
|
||||||
codeVerifier, codeChallenge, err := generatePKCEPair()
|
codeVerifier, codeChallenge, err := generatePKCEPair()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -80,7 +168,9 @@ func (a *Authenticator) login() (string, error) {
|
|||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
SaveCredentials(&models.Credentials{RefreshToken: tr.RefreshToken})
|
if err := SaveRefreshToken(tr.RefreshToken); err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
fmt.Println("[+] Login successful.")
|
fmt.Println("[+] Login successful.")
|
||||||
return tr.AccessToken, nil
|
return tr.AccessToken, nil
|
||||||
}
|
}
|
||||||
@@ -162,9 +252,22 @@ func extractCode(input string) (string, error) {
|
|||||||
return input, nil
|
return input, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func SaveCredentials(creds *models.Credentials) {
|
func SaveCredentials(creds *models.Credentials) error {
|
||||||
data, _ := json.MarshalIndent(creds, "", " ")
|
data, err := json.MarshalIndent(creds, "", " ")
|
||||||
os.WriteFile(config.CredsFile, data, 0o644)
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return os.WriteFile(config.CredsFile, data, 0o644)
|
||||||
|
}
|
||||||
|
|
||||||
|
func SaveRefreshToken(refreshToken string) error {
|
||||||
|
creds, err := LoadCredentials()
|
||||||
|
if err != nil {
|
||||||
|
creds = &models.Credentials{}
|
||||||
|
}
|
||||||
|
creds.RefreshToken = refreshToken
|
||||||
|
creds.AuthMethod = "oauth"
|
||||||
|
return SaveCredentials(creds)
|
||||||
}
|
}
|
||||||
|
|
||||||
func LoadCredentials() (*models.Credentials, error) {
|
func LoadCredentials() (*models.Credentials, error) {
|
||||||
@@ -173,6 +276,8 @@ func LoadCredentials() (*models.Credentials, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
var creds models.Credentials
|
var creds models.Credentials
|
||||||
json.Unmarshal(data, &creds)
|
if err := json.Unmarshal(data, &creds); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &creds, nil
|
return &creds, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -16,6 +16,13 @@ import (
|
|||||||
"git.directme.in/Joren/CanvasArchiver/internal/utils"
|
"git.directme.in/Joren/CanvasArchiver/internal/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func checkAPIResponse(resp *http.Response) error {
|
||||||
|
if resp.StatusCode < 300 {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return fmt.Errorf("API error: %d", resp.StatusCode)
|
||||||
|
}
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
HTTPClient *http.Client
|
HTTPClient *http.Client
|
||||||
AccessToken string
|
AccessToken string
|
||||||
@@ -48,6 +55,10 @@ func (c *Client) GetCourseInfo() error {
|
|||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
if err := checkAPIResponse(resp); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
var course models.Course
|
var course models.Course
|
||||||
json.NewDecoder(resp.Body).Decode(&course)
|
json.NewDecoder(resp.Body).Decode(&course)
|
||||||
|
|
||||||
@@ -64,6 +75,10 @@ func (c *Client) GetEnrolledCourses() ([]models.Course, error) {
|
|||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
if err := checkAPIResponse(resp); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
var courses []models.Course
|
var courses []models.Course
|
||||||
json.NewDecoder(resp.Body).Decode(&courses)
|
json.NewDecoder(resp.Body).Decode(&courses)
|
||||||
return courses, nil
|
return courses, nil
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
package models
|
package models
|
||||||
|
|
||||||
type Credentials struct {
|
type Credentials struct {
|
||||||
RefreshToken string `json:"refresh_token"`
|
AuthMethod string `json:"auth_method,omitempty"`
|
||||||
|
RefreshToken string `json:"refresh_token,omitempty"`
|
||||||
|
APIToken string `json:"api_token,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type TokenResponse struct {
|
type TokenResponse struct {
|
||||||
|
|||||||
Reference in New Issue
Block a user