从谷歌Apps脚本服务JSON作为＆QUOT;用户访问Web的应用程序和QUOT; [英] Serving JSON from Google Apps Script as "user accessing the web-app"

问题描述

试图服务由谷歌Apps脚本是谁发出请求用户做出的JSON请求。想了一会儿后，我意识到，这可不行，因为服务脚本需要被授权为谁称他为用户运行，所以调用脚本就必须添加一些授权信息，它不和我不知道如何添加该信息（实际上是我的问题：哪些信息添加到HTTP请求，并从那里得到它）。

但是，尽管如此，当我打电话的服务器从浏览器中，它的工作原理，因为浏览器（在我登录到我的谷歌帐户）发送正确的信息在HTTP请求来证明其有代理权。

这个问题是主题相关的问题<一href=\"http://stackoverflow.com/questions/11475972/how-to-use-google-apps-script-contentservice-as-a-rest-server\">How使用谷歌Apps脚本作为contentService的一个REST服务器，但给出的答案是有，我不想要什么：被调用的JSON-Server不应我的帐户下运行，但该帐户调用用户之下，利用用户资源（ScriptDb中，驱动器，...）。
所以，问题是：如何提供从一个脚本，从谷歌帐户运行另一个脚本的信息，使这一其他脚本可以在该帐户中运行？我知道，使用天然气库，解决了问题，但我想它作为JSON的客户端/服务器（主要是中分离出依赖）。要添加一些code（保持堆栈溢出的灵运行），我的客户：

Trying to serve a JSON request made by a Google Apps Script as the user who is making the request. After thinking for a while, I realized that this cannot work, because the serving script needs to be authorized to run as the user who calls him, so the calling script would have to add some authorization info, which it doesn't, and I have no idea how to add that information (that is actually my question: which information to add to the http-request, and from where to get it).

But, nevertheless, when I call that server from within the browser, it works because the browser (in which I am logged into my Google account) sends the right info in the http-request to prove that it is authorized.

This question is somehow related to the question How to use Google Apps Script ContentService as a REST server, but the answer given there is exactly what I don't want: The invoked JSON-Server should not run under my account, but under the account of the invoking user and use that users resources (scriptdb, drive, ...). So the question is: How to provide that information from one script run from a Google-account to another script, so that this other script can run within that account? I know that using gas-libraries solves that issue, but I would like to have it as JSON-client/server (Mainly to decouple dependencies). To add some code (to keep the Stack Overflow-spirit running), my client:

var scriptUrl="https://script.google.com/macros/s/paperlapapp1231231/exec";
function callIt (nm, args) {
  var a=[nm];
  for (x in args) {
    a.push(args[x]);
  }
  return Utilities.jsonParse(UrlFetchApp.fetch(scriptUrl+"?args="
       +encodeURIComponent(Utilities.jsonStringify(a))).getContentText());
}
function testFunction (p1, p2, p3) { // this is the proxy
  return callIt ("testFunction", arguments);
}
// Testroutine
function callTest() {
  var r=testFunction (9, "XXXlala", {"dudu":1, "dada":"xxx"});
  Logger.log ("r="+Utilities.jsonStringify(r));
}

我的服务器：

function doGet(request) {
  var ret=null;
  try {
    Logger.log ("I got called with "+JSON.stringify(request));
    var args=JSON.parse(decodeURIComponent (request.parameters.args));
    ret=ContentService.createTextOutput(
            JSON.stringify(this[args.shift()].apply (this, args)))
         .setMimeType(ContentService.MimeType.JSON);
  }
  catch (e) {
    ret=ContentService.createTextOutput(JSON.stringify(e))
          .setMimeType(ContentService.MimeType.JSON);
  }
  return ret;
}
function testFunction (p1, p2, p3) { // this is the implementation
  var s="testing called p1="+p1+", p2="+p2+", p3="+p3;
  Logger.log (s);
  return {testingResult:s};
}

编辑：

研究出了解决办法，但需要一个Chrome扩展程序和中间代理服务器。见code。在 https://bitbucket.org/pbhd/gas -rest-服务器作为呼叫用户

Worked out a solution, but requires a Chrome extension and an intermediate proxy server. See code at https://bitbucket.org/pbhd/gas-rest-server-as-calling-user

推荐答案

编辑：这是以前不可能，因为我的回答如下反映。
但是，谷歌现在是否允许此，请参阅执行API
https://developers.google.com/apps-script/execution / REST / V1 /脚本/运行

This was not possible before, as my answer below reflects. However, Google does allow this now, see Execution API https://developers.google.com/apps-script/execution/rest/v1/scripts/run

它不可能做到这一点从谷歌Apps脚本。如果我理解正确的是你正在调用另一个谷歌Apps脚本使用的URLFetch。

Its not possible to do that from Google Apps Script. If I understand it correctly you are calling another Google Apps Script with urlFetch.

由于谷歌Apps脚本不具备OAuth范围不能进行身份验证的呼叫。你只能调用发布为web应用程序服务的匿名的因此将下所有者权限始终运行。

Since Google Apps Script doesn't have an oAuth scope you can't make an authenticated call. You can only call a webapp service published as anonymous thus will run always under owner permissions.

您不能与图书馆做任何除非最初的剧本也被称为与用户的权限，而不是所有者。

You can't do it with libraries either unless the initial script is also called with user permissions and not owner.

这篇关于从谷歌Apps脚本服务JSON作为＆QUOT;用户访问Web的应用程序和QUOT;的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！