0b496d9
This commit was signed with the committer’s verified signature.
Molunerfinn
PiEgg
Features
PicGo Server (Local HTTP API)
The local server has been rebuilt to be more robust and secure. It now supports automatic port detection and optional authentication, making it safer to run in shared environments.
How to use:
Simply run the following command to start the server:
picgo server- Smart Port Management: By default, it uses port
36677. If the port is busy, PicGo will intelligently detect if another PicGo instance is running and reuse it, or automatically find the next available port. - Upload Endpoint: Send
POST /uploadrequests with:- JSON body:
{ "list": ["/path/to/image.png"] }. if list is not provided, it will upload images from the clipboard. - Multipart form-data:
filesfield.
- JSON body:
- Health Check:
POST /heartbeatto check server status.
Security & Authentication:
You can now protect your upload server with a secret token.
- Set a secret: Use the
--secretflag, set thePICGO_SERVER_SECRETenv var, or configuresettings.server.secret. - Authenticate requests: If secret is set, clients must provide the secret via the
Authorization: Bearer <secret>header,X-PicGo-Secretheader, or?secret=query parameter.
For plugin authors and Node.js users
- New Router APIs: Use
picgo.server.registerGet,picgo.server.registerPost, andpicgo.server.mountto add custom routes safely. - Programmatic Control: You can now control the server lifecycle via
picgo.server.listen(),picgo.server.shutdown(), and check status withpicgo.server.isListening().
PicGo Cloud Login
We have introduced a seamless login experience for PicGo Cloud. You can now authenticate directly via your browser without manually copying tokens.
How to use:
picgo login- Browser Flow: This command opens your default browser for a secure login (PKCE). Once authorized, PicGo automatically saves your token.
- Manual Token: If you cannot open a browser (e.g., on a headless server), you can still log in manually using
picgo login [token]. - Logout: Run
picgo logoutto remove your credentials.
For plugin authors and Node.js users
- New Auth API: Use
picgo.cloud.login([token])andpicgo.cloud.logout()to manage authentication programmatically.
PicGo Config Sync
Keep your configuration synchronized across multiple devices with conflict resolution and optional End-to-End Encryption (E2EE).
How to use:
picgo config sync- Smart Sync: PicGo performs a 3-way merge (Snapshot + Local + Remote) to ensure no settings are lost.
- Conflict Resolution: If conflicts occur (e.g., you changed the same setting on two different computers), the CLI will present a diff tree and ask you to choose:
Use Local,Use Remote, orAbort. - Privacy First: Sensitive fields like your Cloud Token are never synced.
Encryption Options:
You can choose how your data is protected in the cloud:
picgo config sync --encrypt e2eeauto: Default behavior.sse(Server-Side Encryption): We use AES-256-GCM to encrypt your config on our servers. No PIN is required.e2ee(End-to-End Encryption): Uses PBKDF2 + AES-256-GCM. Your config is encrypted locally before uploading. A PIN will be required to decrypt it on other devices.
Breaking Changes
- Node.js v20.19.0+ is now required.
- If Authentication is enabled: If you configure a server secret (
--secretorsettings.server.secret), all clients (including plugins making requests to the local server) must provide the correct credentials. Unauthorized requests to/uploadwill receive a401 Unauthorizederror.