diff --git a/README.md b/README.md index 566791b..312b9e8 100644 --- a/README.md +++ b/README.md @@ -26,15 +26,16 @@ go build -o canvasarchiver ./cmd/canvasarchiver ./canvasarchiver -fo ``` - Or for videos-only mode (all Panopto videos flat, no files): - ```bash - ./canvasarchiver -vo - ``` + Or for videos-only mode (all Panopto videos flat, no files): + ```bash + ./canvasarchiver -vo + ``` -2. On first run, you'll be prompted to authenticate: - - Visit the provided OAuth URL - - Authorize the application - - Copy the authorization code back to the terminal +2. On first run, you'll be prompted to choose an authentication method: + - **[1] Login via browser (OAuth)**: Visit the provided URL, authorize, and paste the code + - **[2] Use Canvas API token**: Enter a manually generated API token (e.g. `12230~...`) + + The choice is saved and reused on subsequent runs. 3. Enter your Course ID when prompted (or use `-me` to download all enrolled courses) @@ -54,7 +55,6 @@ go build -o canvasarchiver ./cmd/canvasarchiver | `-me` | Download all enrolled courses | | `-n` | Prefix modules with order numbers `[1]`, `[2]`, etc. | - ## Configuration The following constants can be modified in `internal/config/config.go`: @@ -66,7 +66,7 @@ The following constants can be modified in `internal/config/config.go`: ## Authentication -Credentials are stored in `credentials.json` after the first successful login. The refresh token is automatically used for subsequent runs. +Credentials are stored in `credentials.json` after the first successful authentication. The chosen method is remembered for subsequent runs — OAuth refresh tokens are automatically refreshed, and API tokens are validated before saving. ## Notes diff --git a/cmd/canvasarchiver/main.go b/cmd/canvasarchiver/main.go index f0dd336..d8237e0 100644 --- a/cmd/canvasarchiver/main.go +++ b/cmd/canvasarchiver/main.go @@ -22,7 +22,7 @@ func main() { httpClient := &http.Client{} authenticator := auth.NewAuthenticator(httpClient) - accessToken, err := authenticator.GetAccessToken() + accessToken, err := authenticator.GetToken() if err != nil { fmt.Printf("Authentication failed: %v\n", err) return diff --git a/internal/auth/auth.go b/internal/auth/auth.go index a6fe8b8..140f35f 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -27,11 +27,39 @@ func NewAuthenticator(client *http.Client) *Authenticator { } } -func (a *Authenticator) GetAccessToken() (string, error) { +func (a *Authenticator) GetToken() (string, error) { + creds, err := LoadCredentials() + if err == nil && creds.AuthMethod != "" { + switch creds.AuthMethod { + case "api": + token := strings.TrimSpace(creds.APIToken) + if token == "" { + return a.promptMethod() + } + fmt.Print("[*] Validating saved API token... ") + if err := a.validateAPIToken(token); err != nil { + fmt.Println("FAILED") + fmt.Printf("[!] %v\n", err) + SaveCredentials(&models.Credentials{}) + return a.promptMethod() + } + fmt.Println("OK") + return token, nil + case "oauth": + return a.refreshOrLogin() + } + } + return a.promptMethod() +} + +func (a *Authenticator) refreshOrLogin() (string, error) { creds, err := LoadCredentials() if err != nil { return a.login() } + if strings.TrimSpace(creds.RefreshToken) == "" { + return a.login() + } fmt.Println("[*] Reusing saved refresh token...") tr, err := a.doTokenRequest(url.Values{ @@ -49,6 +77,66 @@ func (a *Authenticator) GetAccessToken() (string, error) { return tr.AccessToken, nil } +func (a *Authenticator) promptMethod() (string, error) { + fmt.Println("Select authentication method:") + fmt.Println(" [1] Login via browser (OAuth)") + fmt.Println(" [2] Use Canvas API token") + fmt.Print("Choice (1/2): ") + input, err := bufio.NewReader(os.Stdin).ReadString('\n') + if err != nil && err != io.EOF { + return "", err + } + switch strings.TrimSpace(input) { + case "2": + return a.setupAPIToken() + default: + return a.login() + } +} + +func (a *Authenticator) setupAPIToken() (string, error) { + fmt.Print("Enter Canvas API token: ") + token, err := bufio.NewReader(os.Stdin).ReadString('\n') + if err != nil && err != io.EOF { + return "", err + } + token = strings.TrimSpace(token) + if token == "" { + return "", fmt.Errorf("empty API token") + } + + fmt.Print("[*] Validating API token... ") + if err := a.validateAPIToken(token); err != nil { + fmt.Println("FAILED") + return "", err + } + fmt.Println("OK") + + if err := SaveCredentials(&models.Credentials{ + AuthMethod: "api", + APIToken: token, + }); err != nil { + return "", err + } + fmt.Println("[+] API token saved.") + return token, nil +} + +func (a *Authenticator) validateAPIToken(token string) error { + req, _ := http.NewRequest("GET", config.BaseURL+"/api/v1/users/self", nil) + req.Header.Set("Authorization", "Bearer "+token) + resp, err := a.HTTPClient.Do(req) + if err != nil { + return err + } + defer resp.Body.Close() + if resp.StatusCode != 200 { + body, _ := io.ReadAll(resp.Body) + return fmt.Errorf("invalid token: %d %s", resp.StatusCode, strings.TrimSpace(string(body))) + } + return nil +} + func (a *Authenticator) login() (string, error) { codeVerifier, codeChallenge, err := generatePKCEPair() if err != nil { @@ -80,7 +168,9 @@ func (a *Authenticator) login() (string, error) { return "", err } - SaveCredentials(&models.Credentials{RefreshToken: tr.RefreshToken}) + if err := SaveRefreshToken(tr.RefreshToken); err != nil { + return "", err + } fmt.Println("[+] Login successful.") return tr.AccessToken, nil } @@ -162,9 +252,22 @@ func extractCode(input string) (string, error) { return input, nil } -func SaveCredentials(creds *models.Credentials) { - data, _ := json.MarshalIndent(creds, "", " ") - os.WriteFile(config.CredsFile, data, 0o644) +func SaveCredentials(creds *models.Credentials) error { + data, err := json.MarshalIndent(creds, "", " ") + if err != nil { + return err + } + return os.WriteFile(config.CredsFile, data, 0o644) +} + +func SaveRefreshToken(refreshToken string) error { + creds, err := LoadCredentials() + if err != nil { + creds = &models.Credentials{} + } + creds.RefreshToken = refreshToken + creds.AuthMethod = "oauth" + return SaveCredentials(creds) } func LoadCredentials() (*models.Credentials, error) { @@ -173,6 +276,8 @@ func LoadCredentials() (*models.Credentials, error) { return nil, err } var creds models.Credentials - json.Unmarshal(data, &creds) + if err := json.Unmarshal(data, &creds); err != nil { + return nil, err + } return &creds, nil } diff --git a/internal/canvas/client.go b/internal/canvas/client.go index 09bad89..a08281e 100644 --- a/internal/canvas/client.go +++ b/internal/canvas/client.go @@ -16,6 +16,13 @@ import ( "git.directme.in/Joren/CanvasArchiver/internal/utils" ) +func checkAPIResponse(resp *http.Response) error { + if resp.StatusCode < 300 { + return nil + } + return fmt.Errorf("API error: %d", resp.StatusCode) +} + type Client struct { HTTPClient *http.Client AccessToken string @@ -48,6 +55,10 @@ func (c *Client) GetCourseInfo() error { } defer resp.Body.Close() + if err := checkAPIResponse(resp); err != nil { + return err + } + var course models.Course json.NewDecoder(resp.Body).Decode(&course) @@ -64,6 +75,10 @@ func (c *Client) GetEnrolledCourses() ([]models.Course, error) { } defer resp.Body.Close() + if err := checkAPIResponse(resp); err != nil { + return nil, err + } + var courses []models.Course json.NewDecoder(resp.Body).Decode(&courses) return courses, nil diff --git a/internal/models/models.go b/internal/models/models.go index 14fdadd..af1be06 100644 --- a/internal/models/models.go +++ b/internal/models/models.go @@ -1,7 +1,9 @@ package models type Credentials struct { - RefreshToken string `json:"refresh_token"` + AuthMethod string `json:"auth_method,omitempty"` + RefreshToken string `json:"refresh_token,omitempty"` + APIToken string `json:"api_token,omitempty"` } type TokenResponse struct {