- auth / Mac app rebuild
This commit is contained in:
@@ -44,28 +44,27 @@ php cli/blog.php rebuild
|
||||
|
||||
## Mac Client and API
|
||||
|
||||
The native macOS 12+ client lives in `macclient/`.
|
||||
The native AppKit macOS 12+ client lives in `macclient/`.
|
||||
|
||||
```bash
|
||||
cd macclient
|
||||
swift run TCMSMacClient
|
||||
./build-app.sh
|
||||
open TCMSMacClient.app
|
||||
```
|
||||
|
||||
Point the client at any TCMS site URL. It will call `api.php` at that site for posts, pages, media, comments, local autosave restore, and optional remote draft autosave.
|
||||
Point the client at any TCMS site URL. It will call `api.php` at that site for posts, pages, media, comments, local autosave, and optional remote draft autosave.
|
||||
|
||||
For remote servers, set an API token in `config/site.json` or through the `TCMS_API_TOKEN` environment variable:
|
||||
API credentials are stored in the site root `.env` file:
|
||||
|
||||
```json
|
||||
{
|
||||
"api": {
|
||||
"enabled": true,
|
||||
"token": "replace-with-a-long-random-token",
|
||||
"allow_local_without_token": true
|
||||
}
|
||||
}
|
||||
```text
|
||||
TCMS_API_ENABLED=true
|
||||
TCMS_API_USERNAME=admin
|
||||
TCMS_API_PASSWORD=change-this-password
|
||||
TCMS_API_PASSWORD_HASH=
|
||||
TCMS_API_TOKEN=change-this-token
|
||||
```
|
||||
|
||||
Send the token as a Bearer token or `X-TCMS-Token`. Localhost requests may use the tokenless development fallback while `allow_local_without_token` is enabled.
|
||||
The Mac client can authenticate with the `.env` username/password. Scripts can also send `TCMS_API_TOKEN` as a Bearer token or `X-TCMS-Token`. Use `TCMS_API_PASSWORD_HASH` with `password_hash()` output instead of `TCMS_API_PASSWORD` for production.
|
||||
|
||||
## Comments
|
||||
|
||||
@@ -107,7 +106,7 @@ php cli/blog.php stats:summary
|
||||
|
||||
## Apache
|
||||
|
||||
The included `.htaccess` enables pretty URLs and blocks direct access to app code, configuration, SQLite, CSV, JSON databases, and Markdown content files.
|
||||
The included `.htaccess` enables pretty URLs and blocks direct access to app code, configuration, `.env`, the Mac client source, SQLite, CSV, JSON databases, and Markdown content files.
|
||||
|
||||
For a subdirectory install such as `https://example.com/blog`, either place the app in that folder and let the CMS auto-detect the path, or set:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user