feat(CLI): per-API-credentials with default

That way, we can provide better service, as CLIs that consume a lot of quota can easily have their own app credentials, and with it, their own quota. The fallback will be a project that allows to use all possible google APIs. The user can always put in his own application secret to use his own quota or even paid services. Fixes #80
2026-01-22 19:21:27 +01:00 · 2015-04-24 10:52:43 +02:00
parent 6d84ef906e
commit e42f6fbedb
5 changed files with 12 additions and 19 deletions
--- a/etc/api/drive/v2/drive-api_overrides.yaml
+++ b/etc/api/drive/v2/drive-api_overrides.yaml
@@ -0,0 +1,2 @@
+api:
+  credentials: "{\"installed\":{\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"client_secret\":\"De0ub0IbWruJbBXUyseFYvZ-\",\"token_uri\":\"https://accounts.google.com/o/oauth2/token\",\"client_email\":\"\",\"redirect_uris\":[\"urn:ietf:wg:oauth:2.0:oob\",\"oob\"],\"client_x509_cert_url\":\"\",\"client_id\":\"276875258587-5gbp23a7aqnrl6p06c0jt5fskuktactq.apps.googleusercontent.com\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\"}}"
--- a/etc/api/shared.yaml
+++ b/etc/api/shared.yaml
@@ -1,4 +1,5 @@
 api:
+  credentials: "{\"installed\":{\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"client_secret\":\"hCsslbCUyfehWMmbkG8vTYxG\",\"token_uri\":\"https://accounts.google.com/o/oauth2/token\",\"client_email\":\"\",\"redirect_uris\":[\"urn:ietf:wg:oauth:2.0:oob\",\"oob\"],\"client_x509_cert_url\":\"\",\"client_id\":\"620010449518-9ngf7o4dhs0dka470npqvor6dc5lqb9b.apps.googleusercontent.com\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\"}}"
  blacklist:
    # exclude APIs which currently don't build correctly. State the reason for the exclusion as well
    # to allow looking at it at a later point.
--- a/etc/api/youtube/v3/youtube-api_overrides.yaml
+++ b/etc/api/youtube/v3/youtube-api_overrides.yaml
@@ -0,0 +1,2 @@
+api:
+  credentials: "{\n  \"installed\": {\n    \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n    \"client_secret\": \"UqkDJd5RFwnHoiG5x5Rub8SI\",\n    \"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\n    \"client_email\": \"\",\n    \"redirect_uris\": [\n      \"urn:ietf:wg:oauth:2.0:oob\",\n      \"oob\"\n    ],\n    \"client_x509_cert_url\": \"\",\n    \"client_id\": \"14070749909-vgip2f1okm7bkvajhi9jugan6126io9v.apps.googleusercontent.com\",\n    \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\"\n  }\n}"
--- a/src/mako/cli/lib/engine.mako
+++ b/src/mako/cli/lib/engine.mako
@@ -100,7 +100,8 @@ self.opt.${cmd_ident(method)} {
                Ok(p) => p,
            };

-            match cmn::application_secret_from_directory(&config_dir, "${util.program_name()}-secret.json") {
+            match cmn::application_secret_from_directory(&config_dir, "${util.program_name()}-secret.json", 
+                                                         "${api.credentials.replace('"', r'\"')}") {
                Ok(secret) => (config_dir, secret),
                Err(e) => return Err(InvalidOptionsError::single(e, 4))
            }
--- a/src/rust/cli/cmn.rs
+++ b/src/rust/cli/cmn.rs
@@ -395,7 +395,10 @@ pub fn assure_config_dir_exists(dir: &str) -> Result<String, CLIError> {
    Ok(expanded_config_dir)
 }

-pub fn application_secret_from_directory(dir: &str, secret_basename: &str) -> Result<ApplicationSecret, CLIError> {
+pub fn application_secret_from_directory(dir: &str, 
+                                         secret_basename: &str, 
+                                         json_app_secret: &str)
+                                                        -> Result<ApplicationSecret, CLIError> {
    let secret_path = Path::new(dir).join(secret_basename);
    let secret_str = || secret_path.as_path().to_str().unwrap().to_string();
    let secret_io_error = |io_err: io::Error| {
@@ -409,27 +412,11 @@ pub fn application_secret_from_directory(dir: &str, secret_basename: &str) -> Re
            Err(mut err) => {
                if err.kind() == io::ErrorKind::NotFound {
                    // Write our built-in one - user may adjust the written file at will
-                    let secret = ApplicationSecret {
-                        client_id: "14070749909-vgip2f1okm7bkvajhi9jugan6126io9v.apps.googleusercontent.com".to_string(),
-                        client_secret: "UqkDJd5RFwnHoiG5x5Rub8SI".to_string(),
-                        token_uri: "https://accounts.google.com/o/oauth2/token".to_string(),
-                        auth_uri: Default::default(),
-                        redirect_uris: Default::default(),
-                        client_email: None,
-                        auth_provider_x509_cert_url: None,
-                        client_x509_cert_url: Some("https://www.googleapis.com/oauth2/v1/certs".to_string())
-                    };

-                    let app_secret = ConsoleApplicationSecret {
-                        installed: Some(secret),
-                        web: None,
-                    };
-
-                    let json_enocded_secret = json::encode(&app_secret).unwrap();
                    err = match fs::OpenOptions::new().create(true).write(true).open(&secret_path) {
                        Err(cfe) => cfe,
                        Ok(mut f) => {
-                            match f.write(json_enocded_secret.as_bytes()) {
+                            match f.write(json_app_secret.as_bytes()) {
                                Err(io_err) => io_err,
                                Ok(_) => continue,
                            }