Here's what was built and why each decision was made:
Key at data_dir.parent/.garmin_key — nginx serves location /data/ { alias /var/bincio/data/; } so
anything inside that dir is reachable. The key lives one level up at /var/bincio/.garmin_key,
outside nginx's reach.
Two-layer storage — garmin_creds.json holds the encrypted email+password (needed for re-login when
tokens expire); garmin_session/ holds the garth OAuth tokens in plain JSON (short-lived, not the
user's actual password).
test_login() — called by the connect endpoint before saving anything, so credentials are only
persisted if they actually work.
get_client() — tries the session first (fast, no network), falls back to full re-login
transparently. The caller never needs to think about whether the session is fresh.
This commit is contained in:
Davide Scaini
@@ -11,6 +11,7 @@ build/
|
||||
htmlcov/
|
||||
.coverage
|
||||
.idea*
|
||||
feedback*
|
||||
|
||||
# uv
|
||||
uv.lock
|
||||
|
||||
Reference in New Issue
Block a user