将文件上传到我的谷歌驱动器从任何人使用JavaScript [英] Upload file to my google drive from anyone using javascript
问题描述
我是google api的新手。我可以从应用程序脚本执行此文件上传,并且通过该脚本上传的任何文件只会存储到我的驱动器中。
但是如何使用javascript来做到这一点。
谷歌示例: https://developers.google.com/drive / web / quickstart / quickstart-js
显示了如何执行此操作,但是文件会上传到授权该应用程序的同一用户的驱动器中。如何将它限制在我的驱动器上。
感谢
简单的答案是你不能用JavaScript。原因是JavaScript与OAuth2协同工作,这就要求您向用户请求访问您的数据的权限。
如果您想让它访问您的驱动器帐户,则必须将refreshtoken保存在某个位置,然后在加载脚本时发送该信息。 JavaScript是客户端,所以任何检查页面上的代码的人都可以获得他们需要的所有信息,以便随你的驱动器帐户进行任何他们想做的事情。安全明智,这是一个坏主意。
我建议您考虑使用像PHP这样的服务器端脚本语言。您可能需要考虑服务帐户。请注意:所有内容都归服务帐户所有,因此您必须授予服务帐户访问您的Google云端硬盘文件的权限,否则您需要将驱动器文件移至服务帐户。如果您不希望服务帐户拥有可以使用普通Oauth2保存刷新令牌的文件,然后将其存储在服务器端代码中,则不会是尽可能多的安全风险。
I am new to google api. I am able to do this file upload from app script and any file which is uploaded through that script get stored to my drive only. But how to do this using javascript. Example on google : https://developers.google.com/drive/web/quickstart/quickstart-js shows how to do this but file gets uploaded to the same user's drive who is authorizing the app. How to restrict it to my drive only. Thanks
Simple answer is you cant with JavaScript. The reason being is that JavaScript works with OAuth2 this requires that you ask the user permission to access your data.
If you want to have it access your drive account you would have to save the refreshtoken some place and then send that when ever the script was loaded. JavaScript is client sided so anyone that checked the code on the page would then have all the information they needed to do what ever they wanted with your drive account. Security wise that's a bad idea.
I recommend you look into using a server sided scripting language like PHP. You might want to consider a service account. Note: everything will be owned by the service account so you will either have to give the Service account access to your Google Drive files or you will need to move your drive files to the Service account.
If you don't want the service account to have the files you could go with normal Oauth2 save the refresh token and then store it in the server sided code there wont be as much of security risk there.
这篇关于将文件上传到我的谷歌驱动器从任何人使用JavaScript的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
