如何使用(Google)身份验证保护GAS网站? [英] How to protect GAS web site with (Google) authentication?
问题描述
我有正在工作的Google Application Script项目部署为Web应用程序.一切都按要求进行.
I have working Google Application Script project deployed as Web application. Everything works as desired.
但是.我意识到我需要为每个用户个性化该网站.我正在使用Google电子表格作为后端数据存储解决方案.我想要一种简单但安全的用户身份验证方法.当然,我想到了Google.
But. I realized that I need to personalized the site for each user. I am using Google spreadsheets as backend data storage solution. I wanted simple but secure way of user authentication. Of course Google came to my mind.
- 将Google登录集成到您的网络应用中在我看来有点复杂
- 因为我可以使用内置功能来自行部署网站
我正在使用 G Suite帐户的免费版(我是管理员)来运行我的Web应用程序.所以我用这些设置部署了Web应用程序
I am using Legacy free edition of G Suite account (I am the admin) to run my web application. So I deployed the web application with these settings
- 以用户身份访问网络应用程序执行
- 谁有权访问具有Google帐户的任何人
现在,我能够识别正在访问Web应用程序的用户-我从 Session.getActiveUser().getEmail(); 收到了他们的电子邮件.然后,我想将其所有数据"保存到在他们自己的"电子表格中.当我使用 DriveApp.createFile(fileName,'Hello,world!')保存文件时,该文件将保存在其Google光盘上.我希望所有应用程序数据都在我的光盘上.
Now I was able to identify the user accessing the web application - I got their email from Session.getActiveUser().getEmail(); perfect. Then I want to save all their "data" in 'their own' spreadsheet. When I save a file using DriveApp.createFile(fileName, 'Hello, world!') the file is save on their Google disc. I want all the application data to be on my disc.
因此,我创建了一个新项目-库-并将其部署为库,并通过电子邮件将其传递给它,因为它将是文件名.如果我以自己的身份访问网络-这两个项目的所有者,则该方法有效.如果我以其他人的身份访问网络,则会收到此错误.很抱歉,从存储中读取时发生服务器错误.错误代码NOT_FOUND .我创建了另一个 SO问题来解决此问题,实际上它看起来是一个错误.
So I created a new project - library - and deployed as library and passed it the email because it will be the file name. It works if I access the web as me - owner of both projects. If I access the web as someone else I got this error We're sorry, a server error occurred while reading from storage. Error code NOT_FOUND. I created another SO question for this issue and actually it looks like it is a bug.
然后我将这些库作为具有这些设置的Web应用程序部署
Then I deployed the library as a web application with these settings
- 像我一样执行
- 谁可以访问任何人,我也尝试过使用Google帐户的任何人
我可以肯定,我不是唯一一个寻求有效解决方案的人,该解决方案如何为我的GAS网站创建某种身份验证之王.
I am sure I am not the only one looking for working solution how to create some king of authentication for my GAS web.
有人可以建议您如何在您的网站上做到吗?
Could anyone suggest how you do it on your site?
推荐答案
有3种方法可对您的WebApp上的用户进行身份验证.
There are 3 ways to authenticate a user on your webApp.
-
将Google登录信息集成到您的网络应用程序(推荐)
以用户身份访问网络应用程序,并使用 Session.getActiveUser().getEmail(); 检索用户电子邮件(此方法有效,但用户必须允许访问他们使用webApp和GAS项目的帐户限制了可以访问的用户数量)
Execute as User accessing the web app and use Session.getActiveUser().getEmail(); to retrieve the user email (It works but the users must allow access to their account to use the webApp and GAS projects limit the number of users which can have access)
制作您自己的登录表单,验证用户在您自己的数据库中的使用权,并使用HTML/Javascript存储令牌(因为GAS不允许您创建Cookie)(不建议这样做,它并不安全)
Make your own login form, validate users usign your own database, and store a token using HTML/Javascript (since GAS does not allow you to create cookies) (Not recommended, it is not really secure)
我建议您使用Google登录选项,但是由于您说过它有点复杂,因此可以使用第二个选项(以用户身份执行该应用程序)来解决创建文件的问题在您的Google光盘而不是用户的光盘上,您有2个选择:
I would recommend to use the Google-sign-in option, but since you said you considered it a bit complicated, then you can use the second option (Execute the app as the user) and for the problem of creating a file on your google disc instead of the user's disc you have 2 options:
-
在您的Google光盘上创建一个文件夹,并将其公开或使用您的webApp与帐户共享,然后更改代码,以便在您的文件夹中创建文件.
Create a folder on your google disc and make it public or share it with the accounts using your webApp, then change your code so files are created on your folder.
var myFolder = DriveApp.getFolderById('123');myFolder.createFile(fileName,'Hello,world!');
如果您不想共享该文件夹,则将其设为私有,然后创建另一个webApp,该应用程序将在您的文件夹中执行读/写文件的操作,然后将其发布为以我的身份执行>,然后使用 fetch(URL)从第一个webApp调用此第二个webApp;方法.
If you do not want to share the folder, then make it private, create a second webApp which do the read/write files stuff on your folder and then publish it as executes as me, then call this second webApp from the first webApp using the fetch(URL); method.
https://developers.google.com/apps-script/reference/url-fetch/url-fetch-app
这篇关于如何使用(Google)身份验证保护GAS网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
