8 Commits

Author SHA1 Message Date
4978d84196 Merge pull request 'feat/interactive-auth' (#9) from feat/interactive-auth into main
Reviewed-on: #9
2026-06-19 21:19:58 +02:00
07fade16d3 feat: interactive auth method selection with API token validation
- Add GetToken() as unified auth entry point with method selection
- Prompt [1] OAuth / [2] API token on first launch, save choice
- Validate API tokens against /api/v1/users/self before saving
- Check saved API token validity on reuse; fallback to re-prompt on failure
- Add HTTP status check to GetCourseInfo and GetEnrolledCourses
- Remove --api flag, auth method is now persistent and interactive
2026-06-19 21:17:00 +02:00
666369714b feat: add --api flag for Canvas API token authentication
- Add APIToken field to Credentials struct with omitempty JSON tag
- Implement GetAPIToken() method with persistent token storage
- Add SaveRefreshToken() helper to preserve API tokens during OAuth
- Implement --api CLI flag to use API token instead of OAuth
- Validate empty refresh tokens and skip refresh if invalid
- Update README with API token usage documentation
2026-06-19 21:12:43 +02:00
122d00c8f9 Merge pull request 'fix: update Canvas OAuth flow' (#8) from feat/videos-only-mode into main
Reviewed-on: #8
2026-06-19 21:05:28 +02:00
ef10711b6e Merge remote-tracking branch 'origin/main' into feat/videos-only-mode 2026-06-19 21:04:15 +02:00
25729ce492 fix: update Canvas OAuth flow 2026-06-19 21:00:02 +02:00
04e7d3e0f4 Merge pull request 'feat/videos-only-mode' (#5) from feat/videos-only-mode into main
Reviewed-on: #5
2026-05-16 22:55:48 +02:00
2776d057cd fix: revert ExternalUrl auth to DownloadVideo, remove dead debug code
DownloadVideo already handles the Panopto Login.aspx canvas auth form
correctly through its multi-step form submission logic. The real fix for
ExternalUrl Panopto folder links was the URL normalization (List.aspx?folderID=
→ List.aspx#folderID="...") already in DownloadVideo.

Remove DownloadExternalPanoptoURL (dead code) and all debug prints.
Update README with -vo flag documentation.
2026-05-16 22:53:11 +02:00
7 changed files with 257 additions and 224 deletions

View File

@@ -21,15 +21,21 @@ go build -o canvasarchiver ./cmd/canvasarchiver
./canvasarchiver ./canvasarchiver
``` ```
Or for files-only mode: Or for files-only mode (all files flat, no videos):
```bash ```bash
./canvasarchiver -fo ./canvasarchiver -fo
``` ```
2. On first run, you'll be prompted to authenticate: Or for videos-only mode (all Panopto videos flat, no files):
- Visit the provided OAuth URL ```bash
- Authorize the application ./canvasarchiver -vo
- Copy the authorization code back to the terminal ```
2. On first run, you'll be prompted to choose an authentication method:
- **[1] Login via browser (OAuth)**: Visit the provided URL, authorize, and paste the code
- **[2] Use Canvas API token**: Enter a manually generated API token (e.g. `12230~...`)
The choice is saved and reused on subsequent runs.
3. Enter your Course ID when prompted (or use `-me` to download all enrolled courses) 3. Enter your Course ID when prompted (or use `-me` to download all enrolled courses)
@@ -38,15 +44,17 @@ go build -o canvasarchiver ./cmd/canvasarchiver
- Module content (to `Modules/`) - Module content (to `Modules/`)
- Panopto recordings (to `Recordings/`) - Panopto recordings (to `Recordings/`)
In `-vo` mode, only videos are downloaded — all into the course root directory (no subdirectories).
### Flags ### Flags
| Flag | Description | | Flag | Description |
|------|-------------| |------|-------------|
| `-fo` | Files only mode - download all files to a single directory without module structure | | `-fo` | Files only download all files flat into one directory; skips videos and module structure |
| `-vo` | Videos only — scan recordings and all module video items, download everything flat into one directory; skips regular files |
| `-me` | Download all enrolled courses | | `-me` | Download all enrolled courses |
| `-n` | Prefix modules with order numbers `[1]`, `[2]`, etc. | | `-n` | Prefix modules with order numbers `[1]`, `[2]`, etc. |
## Configuration ## Configuration
The following constants can be modified in `internal/config/config.go`: The following constants can be modified in `internal/config/config.go`:
@@ -58,7 +66,7 @@ The following constants can be modified in `internal/config/config.go`:
## Authentication ## Authentication
Credentials are stored in `credentials.json` after the first successful login. The refresh token is automatically used for subsequent runs. Credentials are stored in `credentials.json` after the first successful authentication. The chosen method is remembered for subsequent runs — OAuth refresh tokens are automatically refreshed, and API tokens are validated before saving.
## Notes ## Notes

View File

@@ -22,7 +22,7 @@ func main() {
httpClient := &http.Client{} httpClient := &http.Client{}
authenticator := auth.NewAuthenticator(httpClient) authenticator := auth.NewAuthenticator(httpClient)
accessToken, err := authenticator.GetAccessToken() accessToken, err := authenticator.GetToken()
if err != nil { if err != nil {
fmt.Printf("Authentication failed: %v\n", err) fmt.Printf("Authentication failed: %v\n", err)
return return

View File

@@ -1,11 +1,17 @@
package auth package auth
import ( import (
"bufio"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io"
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
"strings"
"git.directme.in/Joren/CanvasArchiver/internal/config" "git.directme.in/Joren/CanvasArchiver/internal/config"
"git.directme.in/Joren/CanvasArchiver/internal/models" "git.directme.in/Joren/CanvasArchiver/internal/models"
@@ -21,31 +27,38 @@ func NewAuthenticator(client *http.Client) *Authenticator {
} }
} }
func (a *Authenticator) GetAccessToken() (string, error) { func (a *Authenticator) GetToken() (string, error) {
creds, err := LoadCredentials()
if err == nil && creds.AuthMethod != "" {
switch creds.AuthMethod {
case "api":
token := strings.TrimSpace(creds.APIToken)
if token == "" {
return a.promptMethod()
}
fmt.Print("[*] Validating saved API token... ")
if err := a.validateAPIToken(token); err != nil {
fmt.Println("FAILED")
fmt.Printf("[!] %v\n", err)
SaveCredentials(&models.Credentials{})
return a.promptMethod()
}
fmt.Println("OK")
return token, nil
case "oauth":
return a.refreshOrLogin()
}
}
return a.promptMethod()
}
func (a *Authenticator) refreshOrLogin() (string, error) {
creds, err := LoadCredentials() creds, err := LoadCredentials()
if err != nil { if err != nil {
return a.login()
fmt.Println("--- Initial Canvas Login Required ---")
fmt.Printf("Visit: %s/login/oauth2/auth?client_id=%s&response_type=code&redirect_uri=%s\n",
config.BaseURL, config.ClientID, url.QueryEscape(config.RedirectURI))
fmt.Print("Enter Code: ")
var code string
fmt.Scanln(&code)
tr, err := a.doTokenRequest(url.Values{
"grant_type": {"authorization_code"},
"client_id": {config.ClientID},
"client_secret": {config.ClientSecret},
"redirect_uri": {config.RedirectURI},
"code": {code},
})
if err != nil {
return "", err
} }
if strings.TrimSpace(creds.RefreshToken) == "" {
SaveCredentials(&models.Credentials{RefreshToken: tr.RefreshToken}) return a.login()
fmt.Println("[+] Login successful.")
return tr.AccessToken, nil
} }
fmt.Println("[*] Reusing saved refresh token...") fmt.Println("[*] Reusing saved refresh token...")
@@ -54,11 +67,111 @@ func (a *Authenticator) GetAccessToken() (string, error) {
"client_id": {config.ClientID}, "client_id": {config.ClientID},
"client_secret": {config.ClientSecret}, "client_secret": {config.ClientSecret},
"refresh_token": {creds.RefreshToken}, "refresh_token": {creds.RefreshToken},
"redirect_uri": {config.RedirectURI},
})
if err != nil {
fmt.Printf("[!] Refresh failed: %v\n", err)
return a.login()
}
fmt.Println("[+] Session refreshed.")
return tr.AccessToken, nil
}
func (a *Authenticator) promptMethod() (string, error) {
fmt.Println("Select authentication method:")
fmt.Println(" [1] Login via browser (OAuth)")
fmt.Println(" [2] Use Canvas API token")
fmt.Print("Choice (1/2): ")
input, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil && err != io.EOF {
return "", err
}
switch strings.TrimSpace(input) {
case "2":
return a.setupAPIToken()
default:
return a.login()
}
}
func (a *Authenticator) setupAPIToken() (string, error) {
fmt.Print("Enter Canvas API token: ")
token, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil && err != io.EOF {
return "", err
}
token = strings.TrimSpace(token)
if token == "" {
return "", fmt.Errorf("empty API token")
}
fmt.Print("[*] Validating API token... ")
if err := a.validateAPIToken(token); err != nil {
fmt.Println("FAILED")
return "", err
}
fmt.Println("OK")
if err := SaveCredentials(&models.Credentials{
AuthMethod: "api",
APIToken: token,
}); err != nil {
return "", err
}
fmt.Println("[+] API token saved.")
return token, nil
}
func (a *Authenticator) validateAPIToken(token string) error {
req, _ := http.NewRequest("GET", config.BaseURL+"/api/v1/users/self", nil)
req.Header.Set("Authorization", "Bearer "+token)
resp, err := a.HTTPClient.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
body, _ := io.ReadAll(resp.Body)
return fmt.Errorf("invalid token: %d %s", resp.StatusCode, strings.TrimSpace(string(body)))
}
return nil
}
func (a *Authenticator) login() (string, error) {
codeVerifier, codeChallenge, err := generatePKCEPair()
if err != nil {
return "", err
}
fmt.Println("--- Initial Canvas Login Required ---")
fmt.Printf("Visit: %s\n", buildAuthURL(codeChallenge))
fmt.Print("Enter Code or redirect URL: ")
input, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil && err != io.EOF {
return "", err
}
code, err := extractCode(input)
if err != nil {
return "", err
}
tr, err := a.doTokenRequest(url.Values{
"grant_type": {"authorization_code"},
"client_id": {config.ClientID},
"client_secret": {config.ClientSecret},
"redirect_uri": {config.RedirectURI},
"code": {code},
"code_verifier": {codeVerifier},
}) })
if err != nil { if err != nil {
return "", err return "", err
} }
fmt.Println("[+] Session refreshed.")
if err := SaveRefreshToken(tr.RefreshToken); err != nil {
return "", err
}
fmt.Println("[+] Login successful.")
return tr.AccessToken, nil return tr.AccessToken, nil
} }
@@ -70,17 +183,91 @@ func (a *Authenticator) doTokenRequest(v url.Values) (*models.TokenResponse, err
defer resp.Body.Close() defer resp.Body.Close()
if resp.StatusCode != 200 { if resp.StatusCode != 200 {
return nil, fmt.Errorf("token request failed: %d", resp.StatusCode) body, _ := io.ReadAll(resp.Body)
return nil, fmt.Errorf("token request failed: %d: %s", resp.StatusCode, string(body))
} }
var tr models.TokenResponse var tr models.TokenResponse
json.NewDecoder(resp.Body).Decode(&tr) if err := json.NewDecoder(resp.Body).Decode(&tr); err != nil {
return nil, err
}
return &tr, nil return &tr, nil
} }
func SaveCredentials(creds *models.Credentials) { func buildAuthURL(codeChallenge string) string {
data, _ := json.MarshalIndent(creds, "", " ") u, _ := url.Parse(config.BaseURL + "/login/oauth2/auth")
os.WriteFile(config.CredsFile, data, 0o644) q := u.Query()
q.Set("client_id", config.ClientID)
q.Set("response_type", "code")
q.Set("mobile", "1")
q.Set("purpose", config.OAuthPurpose)
q.Set("code_challenge", codeChallenge)
q.Set("code_challenge_method", "S256")
q.Set("redirect_uri", config.RedirectURI)
if config.AuthProvider != "" {
q.Set("authentication_provider", config.AuthProvider)
}
u.RawQuery = q.Encode()
return u.String()
}
func generatePKCEPair() (string, string, error) {
randomBytes := make([]byte, 64)
if _, err := rand.Read(randomBytes); err != nil {
return "", "", err
}
verifier := base64.RawURLEncoding.EncodeToString(randomBytes)
challengeBytes := sha256.Sum256([]byte(verifier))
challenge := base64.RawURLEncoding.EncodeToString(challengeBytes[:])
return verifier, challenge, nil
}
func extractCode(input string) (string, error) {
input = strings.TrimSpace(input)
if input == "" {
return "", fmt.Errorf("empty authorization code")
}
for _, field := range strings.Fields(input) {
if strings.Contains(field, "code=") {
input = field
break
}
}
parsedURL, err := url.Parse(input)
if err == nil {
if code := parsedURL.Query().Get("code"); code != "" {
return code, nil
}
}
if values, err := url.ParseQuery(input); err == nil {
if code := values.Get("code"); code != "" {
return code, nil
}
}
return input, nil
}
func SaveCredentials(creds *models.Credentials) error {
data, err := json.MarshalIndent(creds, "", " ")
if err != nil {
return err
}
return os.WriteFile(config.CredsFile, data, 0o644)
}
func SaveRefreshToken(refreshToken string) error {
creds, err := LoadCredentials()
if err != nil {
creds = &models.Credentials{}
}
creds.RefreshToken = refreshToken
creds.AuthMethod = "oauth"
return SaveCredentials(creds)
} }
func LoadCredentials() (*models.Credentials, error) { func LoadCredentials() (*models.Credentials, error) {
@@ -89,6 +276,8 @@ func LoadCredentials() (*models.Credentials, error) {
return nil, err return nil, err
} }
var creds models.Credentials var creds models.Credentials
json.Unmarshal(data, &creds) if err := json.Unmarshal(data, &creds); err != nil {
return nil, err
}
return &creds, nil return &creds, nil
} }

View File

@@ -16,6 +16,13 @@ import (
"git.directme.in/Joren/CanvasArchiver/internal/utils" "git.directme.in/Joren/CanvasArchiver/internal/utils"
) )
func checkAPIResponse(resp *http.Response) error {
if resp.StatusCode < 300 {
return nil
}
return fmt.Errorf("API error: %d", resp.StatusCode)
}
type Client struct { type Client struct {
HTTPClient *http.Client HTTPClient *http.Client
AccessToken string AccessToken string
@@ -48,6 +55,10 @@ func (c *Client) GetCourseInfo() error {
} }
defer resp.Body.Close() defer resp.Body.Close()
if err := checkAPIResponse(resp); err != nil {
return err
}
var course models.Course var course models.Course
json.NewDecoder(resp.Body).Decode(&course) json.NewDecoder(resp.Body).Decode(&course)
@@ -64,6 +75,10 @@ func (c *Client) GetEnrolledCourses() ([]models.Course, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
if err := checkAPIResponse(resp); err != nil {
return nil, err
}
var courses []models.Course var courses []models.Course
json.NewDecoder(resp.Body).Decode(&courses) json.NewDecoder(resp.Body).Decode(&courses)
return courses, nil return courses, nil

View File

@@ -4,7 +4,9 @@ const (
BaseURL = "https://canvas.vub.be" BaseURL = "https://canvas.vub.be"
ClientID = "170000000000044" ClientID = "170000000000044"
ClientSecret = "3sxR3NtgXRfT9KdpWGAFQygq6O9RzLN021h2lAzhHUZEeSQ5XGV41Ddi5iutwW6f" ClientSecret = "3sxR3NtgXRfT9KdpWGAFQygq6O9RzLN021h2lAzhHUZEeSQ5XGV41Ddi5iutwW6f"
RedirectURI = "urn:ietf:wg:oauth:2.0:oob" RedirectURI = "https://sso.canvaslms.com/canvas/login"
OAuthPurpose = "CanvasArchiver"
AuthProvider = "microsoft"
CredsFile = "credentials.json" CredsFile = "credentials.json"
PanoptoID = "15" PanoptoID = "15"
UserAgent = "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36" UserAgent = "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36"

View File

@@ -1,7 +1,9 @@
package models package models
type Credentials struct { type Credentials struct {
RefreshToken string `json:"refresh_token"` AuthMethod string `json:"auth_method,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
APIToken string `json:"api_token,omitempty"`
} }
type TokenResponse struct { type TokenResponse struct {

View File

@@ -377,186 +377,3 @@ func DownloadMainRecordings(httpClient *http.Client, accessToken, courseID, root
} }
} }
// DownloadExternalPanoptoURL authenticates via the module_item_redirect path
// (exactly what the Canvas mobile app does for ExternalUrl items) and then
// runs yt-dlp against the given Panopto URL with the resulting cookies.
//
// moduleItemURL item.URL (https://canvas.vub.be/api/v1/.../module_item_redirect/<id>)
// panoptoURL item.ExternalURL (https://vub.cloud.panopto.eu/Panopto/Pages/...)
func DownloadExternalPanoptoURL(httpClient *http.Client, accessToken, moduleItemURL, panoptoURL, modDir, title string) {
fmt.Printf(" [dbg] moduleItemURL: %s\n", moduleItemURL)
fmt.Printf(" [dbg] panoptoURL: %s\n", panoptoURL)
jar, _ := cookiejar.New(nil)
// Manual redirect following so we can track cross-domain hops correctly.
noRedirectClient := &http.Client{
Jar: jar,
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
}
// Step 1: exchange the module item URL for a Canvas web session URL.
returnTo := moduleItemURL + "?display=borderless"
sessionTokenURL := config.BaseURL + "/login/session_token?return_to=" + url.QueryEscape(returnTo)
fmt.Printf(" [dbg] session_token URL: %s\n", sessionTokenURL)
bridgeReq, _ := http.NewRequest("GET", sessionTokenURL, nil)
bridgeReq.Header.Set("Authorization", "Bearer "+accessToken)
bridgeReq.Header.Set("User-Agent", config.UserAgent)
bResp, err := httpClient.Do(bridgeReq)
if err != nil {
fmt.Printf(" [!] session_token request failed: %v\n", err)
return
}
rawBody, _ := io.ReadAll(bResp.Body)
bResp.Body.Close()
fmt.Printf(" [dbg] session_token response (%d): %s\n", bResp.StatusCode, string(rawBody))
var bridgeData struct {
SessionURL string `json:"session_url"`
}
json.Unmarshal(rawBody, &bridgeData)
if bridgeData.SessionURL == "" {
fmt.Printf(" [!] No session_url returned (skipping %s)\n", title)
return
}
fmt.Printf(" [dbg] session_url: %s\n", bridgeData.SessionURL)
// Step 2: GET session URL → Canvas shows OAuth2 confirm page for Panopto.
// We follow redirects manually so cross-domain hops (canvas→panopto) work correctly.
currentURL := bridgeData.SessionURL
var formHTML string
var formFinalURL string
for hop := 0; hop < 10; hop++ {
hopReq, _ := http.NewRequest("GET", currentURL, nil)
hopReq.Header.Set("User-Agent", config.UserAgent)
hopResp, err := noRedirectClient.Do(hopReq)
if err != nil {
fmt.Printf(" [!] Failed hop %d to %s: %v\n", hop, currentURL, err)
return
}
body, _ := io.ReadAll(hopResp.Body)
hopResp.Body.Close()
fmt.Printf(" [dbg] hop %d: status=%d url=%s body=%d\n", hop, hopResp.StatusCode, currentURL, len(body))
if hopResp.StatusCode == 301 || hopResp.StatusCode == 302 || hopResp.StatusCode == 303 {
loc, _ := hopResp.Location()
if loc == nil {
fmt.Printf(" [!] Redirect with no Location header\n")
return
}
currentURL = loc.String()
continue
}
formHTML = string(body)
formFinalURL = currentURL
break
}
fmt.Printf(" [dbg] OAuth page final URL: %s, length: %d\n", formFinalURL, len(formHTML))
if strings.Contains(formHTML, "U hebt geen toegang") || strings.Contains(formHTML, "You do not have access") {
fmt.Printf(" [!] Access denied. Skipping %s\n", title)
return
}
// Step 3: POST /login/oauth2/accept → Canvas redirects to Panopto Login.aspx?code=...
// webClient follows all hops automatically, ending with Panopto setting cookies.
action := utils.ResolveAction(formFinalURL, formHTML)
formData := utils.ExtractFormFields(formHTML)
fmt.Printf(" [dbg] POST action: %s\n", action)
postReq, _ := http.NewRequest("POST", action, strings.NewReader(formData.Encode()))
postReq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
postReq.Header.Set("User-Agent", config.UserAgent)
postReq.Header.Set("Origin", config.BaseURL)
postReq.Header.Set("Referer", formFinalURL)
postResp, err := noRedirectClient.Do(postReq)
if err != nil {
fmt.Printf(" [!] OAuth accept POST failed: %v\n", err)
return
}
postBody, _ := io.ReadAll(postResp.Body)
postResp.Body.Close()
fmt.Printf(" [dbg] POST response status: %d, body len: %d\n", postResp.StatusCode, len(postBody))
// Now follow the redirect chain from the POST (canvas → panopto Login.aspx → CookieCheck).
if postResp.StatusCode == 302 || postResp.StatusCode == 303 {
currentURL2 := ""
if loc, _ := postResp.Location(); loc != nil {
currentURL2 = loc.String()
}
for hop := 0; hop < 10 && currentURL2 != ""; hop++ {
hopReq, _ := http.NewRequest("GET", currentURL2, nil)
hopReq.Header.Set("User-Agent", config.UserAgent)
hopResp, err := noRedirectClient.Do(hopReq)
if err != nil {
fmt.Printf(" [dbg] post-redirect hop %d error: %v\n", hop, err)
break
}
body2, _ := io.ReadAll(hopResp.Body)
hopResp.Body.Close()
fmt.Printf(" [dbg] post-redirect hop %d: status=%d url=%s body=%d\n", hop, hopResp.StatusCode, currentURL2, len(body2))
if hopResp.StatusCode == 301 || hopResp.StatusCode == 302 || hopResp.StatusCode == 303 {
if loc, _ := hopResp.Location(); loc != nil {
currentURL2 = loc.String()
continue
}
}
break
}
}
// noRedirectClient.Jar now holds Panopto session cookies from the CookieCheck chain.
panoptoDomain, _ := url.Parse("https://vub.cloud.panopto.eu")
cookies := noRedirectClient.Jar.Cookies(panoptoDomain)
fmt.Printf(" [dbg] Panopto cookies: %d\n", len(cookies))
for _, c := range cookies {
fmt.Printf(" [dbg] cookie: %s=%s\n", c.Name, c.Value[:min(20, len(c.Value))])
}
if len(cookies) == 0 {
fmt.Printf(" [!] No Panopto cookies after auth falling back for: %s\n", title)
DownloadVideo(httpClient, accessToken, "", modDir, panoptoURL, title)
return
}
cookieFile := filepath.Join(modDir, ".cookies_ext.txt")
cData := "# Netscape HTTP Cookie File\n"
for _, c := range cookies {
cData += fmt.Sprintf(".vub.cloud.panopto.eu\tTRUE\t/\tTRUE\t0\t%s\t%s\n", c.Name, c.Value)
}
os.WriteFile(cookieFile, []byte(cData), 0o644)
fmt.Printf(" [*] Downloading: %s\n", title)
normalizedURL := normalizePanoptoURL(panoptoURL)
isList := strings.Contains(normalizedURL, "List.aspx")
ytCmd := getYoutubeDLCommand()
var args []string
if isList {
args = []string{
"--cookies", cookieFile,
"--referer", config.BaseURL + "/",
"-P", modDir,
"-o", utils.Sanitize(title) + "/%(title)s.%(ext)s",
normalizedURL,
}
} else {
args = []string{
"--no-playlist",
"--cookies", cookieFile,
"--referer", config.BaseURL + "/",
"-P", modDir,
"-o", utils.Sanitize(title) + ".%(ext)s",
normalizedURL,
}
}
cmd := exec.Command(ytCmd, args...)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
if err := cmd.Run(); err != nil {
fmt.Printf(" [!] yt-dlp failed: %v\n", err)
}
os.Remove(cookieFile)
}