Can I use a Google Drive spreadsheet as if it were (similar to) a MySQL database?
I'm thinking of using it as a player database for an HTML/JavaScript web game. The player's username, password, and score among other things would be saved in the database. It would be really interesting if it could actually work, however it of course has to be secure and private so that no player (or anyone on the internet for that matter) can access it except the owner of the spreadsheet which would be me for example.
I know that Google Apps Script allows a user to access their own spreadsheet and read/write to it, but is there a way that I could allow other users to "save their score" to MY spreadsheet WITHOUT giving them permission to view/edit the spreadsheet directly?
Also, i'm assuming PHP/Python/some other server-side language would have to be used in order to hide my account info which I also assume would be needed to open and close the connection with my spreadsheet.
Anyways, I'm just wondering if this is feasible.. literally turning a Google Drive spreadsheet into a database that players can update their score to but not have direct access to it.
This may be a stupid idea, so your opinions are welcome!
Thanks in advance!
This is the right way to do it.
Another post explaining the same idea.
Essentially, we publish the spreadsheet and query it using a "select"-like syntax. For instance:
this query which reads something like:
https://spreadsheets.google.com/tq?tqx=out:html&tq=select+B,C,I&key=phNtm3LmDZEObQ2itmSqHIA
This is for querying data (reading). For inserting, you can use google forms (create a form, see its html and submit using a http post request). I have not explored update yet.
And yes, this has to be done server side.
Answers saying you need an extra server or oauth are incorrect.
Just publish an appscript (anonymous public) service using your permissions. For all operations always pass the username and password thus you validate users on every call. Call the service from client js using ajax.
Store it in scriptdb [update: scriptDb is deprecated now]. If you use spreadsheet for storage it will get slow with many rows.
In any case it will be slow if you use appscript.
Without a server-side service that implements another authentication layer for client libraries and use Google auth to talk to Drive, this is not possible.
Related
I've made a simple webapp that is going to show some data in a table, which will be updated weekly.
This update it done in the backend with some python code, that scrapes and alters some data, before putting it in a SQLite database.
After doing some reading I learned that to deliver that data to my webapp I should make a API with Flask, that can take that data and deliver it to the JS in my webapp in form of JSON, which then can use the data to populate the table. However, I should secure my API with username and pw. But as its a JS frontend that will retrieve data from the API, there is really no point, as the username and pw will have to be hardcoded into JS, which then can be read by the users. (I think)
Should I expose my API to everyone, or is this not the way to go to be able to use SQLite data as a backend for my webapp? I am fine keeping the API to a GET only.
You are correct, it is pointless for you to secure your API. Securing an API is only needed in certain circumstances.
If you are accessing data that you don't want anybody to see, perhaps through a backend call, then it would make sense to add in some form of security (normally an API key or Authorisation tokens in your request headers).
However, if you are making calls from your front-end (i.e. client side) to a backend API, then there is no point putting additional security there as the user can already see the request and already has access to the data the API is returning - so by securing it you are achieving nothing.
Normally, if the page the user is visiting contains sensitive data that you don't want everyone to see, you would take steps to secure your website instead (for example protecting it with a login for username and password before you can access that page). If you were to take this approach, where the website is protected by username and password, then you can update the API to make sure it does not respond to requests where the user is not authenticated (e.g. by generating a session token or something unique for each logged in user).
If you have a look around on websites that have lots of free data available, you will find they all have front end API calls that are completely unsecured (because it is pointless if the data is already free to access). Some websites do take steps to try to make sure it is their own website that is calling the API, but even then it is a bit pointless as web scrapers can always extract the data from the HTML.
Take a look at this page which outlines authentication headers. This simpler route is to hard code the header info in Flask to make it a little more secure. You could also try the more involved route of reading header info from your db. What's currently working for me to read from postgres db is below so you may modify it slightly for sqlite.
def valid():
headers = request.headers
auth = headers.get("X-Api-Key")
user = User.query.filter_by(apikey=auth).first_or_404()
print('from search of db ',user,'',auth)
return str(user)
As you mentioned, you plan to show a public data - then it can be used even
without authentication. Otherwise I think it can take too much unnecessary time spent on that.
As you have just a simple and single table from database, I believe that you don't need an API. You can just create HTML template and render it with data. Some examples can be found here and few more here.
I am working on a project where I run a web page from a local server using Xampp. In the web page I have a button which when clicked produces an array of 24 elements. I want this array to be written to my online google sheet.
My Question:
1)Can I post data from a web page running on a local server like Xampp to an online server like google sheet?
2)If yes, then is it possible to do it with php and javascript without any jquery?
3)If it is possible please show me the right path.
I am new to web development. Please help me. Thank you in advance for helping.
Yes it is possible to post data from your localhost as long as you have an internet connection.
to do such things I recommend you to read Sheets API Guides
You will also find there a sample code to write data to a spreadsheet on this page
Still an API key is required for public spreadsheets for other requests you need to use OAuth 2.0 as told here
If the request requires authorization (such as a request for an individual's private data), then the application must provide an OAuth
2.0 token with the request. The application may also provide the API key, but it doesn't have to.
If the request doesn't require authorization (such as a request for public data), then the application must provide either the API key
or an OAuth 2.0 token, or both—whatever option is most convenient for
you.
also as an advice and if you know javascript you could use Google App Script to get Started, after validating the implementation of the library into your project and console you will find built-in functions.
I'm having some difficulties in figuring out the best way to do this:
Using Google Analytics API, or similar Google API, I would like to track a user's activity from the moment they access the page until they reach an end page, which is gonna show them back some charts with THEIR activity on my website. (Nothing too detailed, just how long they've been on each page, how many session etc.)
So far, I've managed follow the Embed API example to access THE USER's Google Analytics account and draw a chart by asking for permission, however when it comes to showing data from MY account I just can't seem to figure it out.
I want my website to automatically use my account (or service account) and draw some charts from my google analytics data and show it to every user.
What would be the best way to approach this? I've read something about access tokens but I don't know if that's the solution. Moreover, my hosting is a shared host and I don't think it allows installing Python Modules like in this example.
Cheers for the help!
If you want to show the user your data, you will have to perform the authentication on the server side. There is no way around this. It is after all, your account's data that they are accessing.
If you are unable to install Google's client library, you need to:
Get an access token using cURL (see how here)
Use that access token to perform server side authentication for the user (see how here)
The user should now be able to access your site without logging in, and see YOUR data.
I am creating a google chrome extension. I have a background script from which I want to send and retrieve some data from MongoDB database. How do I do that? I'm new in chrome extension development.
YES. It's possible. But, It's not a good idea to expose a database to the public internet at all. Implement a REST like method in your backend code and authorize calls to it using some web standard auth scheme, such as OAuth or HTTP Basic auth. Hitting the DB directly is way too dangerous. You can receive/send data from DB accordingly. Saying That if you still want to go ahead here's a link to help you with that For full REST capabilities, consider using an external REST Interface such as Sleepy.Mongoose.
I am trying to set up a simple set up as follows:
Have a mobile app with a page consisting of 4 lines (4 html paragraph lines (I am using phonegap)).
I want to use a web page from which I will input the data for those 4 lines. This information is sent to a server and that server transfers this information to that app on that mobile phone. Now, those 4 lines on the mobile phone is filled with the new information.
Similarly user inputs information on another page consisting of 10 lines of li (list). This information is again sent to the server and to the web page where the information is displayed.
I can almost feel the "internet police guys" getting all hyped and ready to vote this question down. But please understand that I have been on this site and various forums desperate to find a tutorial to guide me to do this and not able to find.
I am trying to use ajax to perform this setup. Confused how I would be using the php file. Information such as password n username is going to go in that php file to connect to the server. But php is a server side script thus needs to sit at the public_html folder. How do I use the php file from my desktop? Write a separate javascript to access it?
It is the concept that is confusing me. I am familiar with html,js,php.
I would appreciate any guidance or maybe a link to a tutorial which would help me to do the concept I mentioned. Thanks for listening.
You will need to create an API using PHP. This API is uploaded to your server and is considered "RESTful". Google a tutorial for what fits your needs. You can set all sorts of rules in this API such as requiring any requests to have an ID or access token.
Since you are using PhoneGap, your HTML and JS files rest on the device, so you will need to allow permissions to your API from anywhere. For this you will have to speak to your host provider about unless you know how to configure it yourself (some providers restrict what you want to do by default as an extra security precaution against XSS attacks).
Next, you can either use jQuery, or you can write some AJAX calls by writing the JavaScript yourself.
The most efficient way for this to work is to send JSON objects to and from the API. You will include a "command" in the JSON when you are sending from your app. On the PHP side, you will retrieve this command and use the rest of the data included in your JSON object to process the request. Your API will need to encode a JSON object for return (such as a user's profile information).
Here is a basic PHP API tutorial to get you going that explains some of the features of a RESTful API: PHP API
Here is a simple AJAX function (you will probably want to make this much more modular): AJAX
As broad as your question is, it seems like the best/easiest thing for you to do will be for you to first create a PHP webpage that will access a SQL database to perform the record updating. Actually, this should serve all of your needs for your mobile users assuming you don't need push notifications for live data updates.
I am assuming, since you are using phone gap, that you are more comfortable with web languages. After you get the webpage fully operational, then you should start building your app based on that exact same SQL database. With mobile app development there are a lot more "what if's" (what if the phone rings, what if the app is running in the background, what if there is no cellular service, etc...)
It is always easier to start with what you know and build on that, rather than starting with a new development platform and troubleshooting as problems arise.