I am new to google api. I am able to do this file upload from app script and any file which is uploaded through that script get stored to my drive only.
But how to do this using javascript.
Example on google : https://developers.google.com/drive/web/quickstart/quickstart-js
shows how to do this but file gets uploaded to the same user's drive who is authorizing the app. How to restrict it to my drive only.
Thanks
Simple answer is you cant with JavaScript. The reason being is that JavaScript works with OAuth2 this requires that you ask the user permission to access your data.
If you want to have it access your drive account you would have to save the refreshtoken some place and then send that when ever the script was loaded. JavaScript is client sided so anyone that checked the code on the page would then have all the information they needed to do what ever they wanted with your drive account. Security wise that's a bad idea.
I recommend you look into using a server sided scripting language like PHP. You might want to consider a service account. Note: everything will be owned by the service account so you will either have to give the Service account access to your Google Drive files or you will need to move your drive files to the Service account.
If you don't want the service account to have the files you could go with normal Oauth2 save the refresh token and then store it in the server sided code there wont be as much of security risk there.
Related
We are creating an app where every user has a designated dropbox folder which is located in a dropbox folder created only for the app. The user should have only access to his own folder.
The problem is with the created API access token you have access to all folders of all users. In our app we are able to restrict the access so the user has only access to his own folder but because the access token must be hard coded into the web app anyone could eventually get hold of it. With the access token they would have access to all user folders (and the client data would be unsecured).
So there are two possibilities:
We access Dropbox via PHP and restrict the access. The app gets the user folder per AJAX and the PHP script handles the restrictions. But there is no possibility to access Dropbox via PHP (in API v2).
The data is stored on the users own Dropbox accounts, but we don't want the users to need an own Dropbox account to get access to our app functionalities. And the company should always have access to all user folders.
Is there any possibility to encrypt and hide the access token in the javascript code? Or are there other ways to solve this problem?
As noted in the comments, you can't just hide the access token in JavaScript. While you can make it more difficult for an attacker to extract the token, you can't make it impossible. (Client-side apps, such as in browser JavaScript, fundamentally can't keep secrets.)
A few other notes:
But there is no possibility to access Dropbox via PHP (in API v2).
This isn't really true. While Dropbox does not offer an official PHP SDK for Dropbox API v2, you can still access Dropbox API v2 from PHP either using the HTTPS endpoints directly, or using a third party library.
The data is stored on the users own Dropbox accounts, but we don't want the users to need an own Dropbox account to get access to our app functionalities
The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. Accessing a single account like this isn't recommended.
I have a webpage through which my users, using a mobile phone, can take pictures and upload them (hopefully) to the Google Cloud (I've got a JSON file, a platform project and an associated storage bucket, as well as all the login details).
However, I'm pretty new to all this and need to know how I'd get the file (coming from a standard <input file="" name="fileupload"/> ) to the Google Cloud space, and also to retrieve the URI of the file. Given that it's an asp.net webpage, I have access to Javascript and C#.
Thanks!
I have a couple of suggestions for you. We have other customers that have solutions which are similar to this architecture and so your proposed solution is good.
Google Cloud Storage (GCS) has a feature called Signed URLs. This allows you to generate a secure URL to an object in a GCS bucket. My colleague wrote the C# sample for this:
https://cloud.google.com/storage/docs/access-control#signing-code-csharp
There's a method in here that you can reuse GetSigningURL.
Each time a user requests the web page, you should generate a Signed URL and use this as the destination URL for the file upload location in your HTML.
If your HTML is generated by ASP.NET (MVC, Web Forms, Web Page), then you can make the call to GetSigningURL when the page is generated server-side. If not, you should wrap the C# code in a Web API and then you could use, e.g. jQuery ($.ajax), to call it from your client.
You may run your ASP.NET code on Google Cloud Platform using either Windows on Google Compute Engine or using Custom Runtimes on Google App Engine.
Full disclosure: I'm a Googler working in cloud as a Strategic Customer Engineer.
We are looking to create a project for access to a specific folder with Read only permission.
My question is when creating the project what ways are there to limit access and permission in the project itself?
Can this be done? and is it through the enable APIs. I have done some reading on this and I cannot find a conclusive answer.
What APIs would I need enabled to apply this.
I will not be in control of any scripts, this will be a project for web application.
The scenario of what we have is Many thousands of files with in google drive, we want to give access to a specific folder and not have the ability to go through the rest of our google drive. They will be using Javascript to download files from this and upload automatically in to a system at there end, they are looking to use the Google drive API to do this.
Look forward to your replys opinions and direction on this.
Many thanks
you cannot do this at the project console level. you are missing info like how the webapp authenticates the user or whether the drive api calls are server side or client side. but in either case what you need is to never use the drive owner account and simply share that folder readonly public or to specific emails.
for a more detailed answer you need to explain much better the scenario.
So I'm making a website. I need to submit a form to a server to be processed. This is required to process login information. This server-side script needs to access a plain-text file which is stored on my Google Drive in order to confirm that the user input is valid. The only way that I know how to access a file on Google Drive is through Google Apps Script.
Is there a way to handle forms on the server-side that are submitted from another website with HTML or JavaScript in Google Apps Script? or Is there a way to use PHP with Google Apps Script? or Is there another more efficient way that I can access and write to files on my Google Drive directly from my website?
You can make an HTTP request to an Apps Script and get a response back. Take a look at the Content Service. Google also has a PHP Client API that you can use. You would need to use the Drive Service.
I've been searching a while and I can't figure this out.
I need to know if it possible and how to create an web app to allow someone to download a certain file (introducing on First and Last Name) stored on a Google drive Account. The issue is that this files has to be private in Drive.
Is this possible? If it is based on PHP, Javascript or jQuery better.
I know that I need Google Drive API, but which certificates should I use?
Thank you very much!
The Google Drive API uses OAuth2 for authorization. Most apps have the user go through the OAuth2 flow, so that app can access files in their Drive. If instead you want the users to download private files from your Drive, you can go through the OAuth2 flow once and then store the credentials so that they can be used for all users.