feat(m5b): optional YouTube write scope via incremental OAuth
Default login now requests read-only (youtube.readonly); write (unsubscribe,
later playlist export) is an explicit opt-in.
- auth.py: split READ_SCOPES / WRITE_SCOPES; new GET /auth/upgrade (incremental
consent, prompt=consent); has_write_scope() helper
- /api/me exposes can_write
- youtube/client.py: delete_subscription (50 units, OAuth-only)
- DELETE /api/channels/{id}/subscription, gated on write scope (403 otherwise)
- UI: Settings - Account 'Playlist editing & YouTube export' enable button;
per-channel 'Unsubscribe on YouTube' (with confirm) shown only when can_write
Browser-facing; develop/test locally until the public HTTPS login lands. Needs a
one-time Console step: add youtube.readonly to the OAuth consent screen scopes.
This commit is contained in:
parent
f4b8a721fb
commit
43c05ea14b
8 changed files with 152 additions and 11 deletions
|
|
@ -151,6 +151,25 @@ class YouTubeClient:
|
|||
params["pageToken"] = page_token
|
||||
return self._get("playlistItems", params)
|
||||
|
||||
def delete_subscription(self, subscription_id: str) -> None:
|
||||
"""Unsubscribe on YouTube. Requires the write scope and the user's OAuth token
|
||||
(never the public API key). subscriptions.delete costs 50 quota units."""
|
||||
resp = self._http.delete(
|
||||
f"{API_BASE}/subscriptions",
|
||||
params={"id": subscription_id},
|
||||
headers={"Authorization": f"Bearer {self._access_token()}"},
|
||||
)
|
||||
quota.record_usage(self.db, 50)
|
||||
if resp.status_code not in (200, 204):
|
||||
log.warning(
|
||||
"YouTube subscriptions.delete -> %s: %s",
|
||||
resp.status_code,
|
||||
resp.text[:200],
|
||||
)
|
||||
raise YouTubeError(
|
||||
f"DELETE subscriptions -> {resp.status_code}: {resp.text[:300]}"
|
||||
)
|
||||
|
||||
def get_videos(self, video_ids: list[str]) -> list[dict]:
|
||||
items: list[dict] = []
|
||||
for batch in _chunks(video_ids, 50):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue