使用 javascript 将文件从任何人上传到我的谷歌驱动器

2022-01-10 00:00:00 google-drive-api javascript

我是谷歌 API 的新手.我能够从应用程序脚本上传此文件,并且通过该脚本上传的任何文件都仅存储到我的驱动器中.但是如何使用javascript做到这一点.谷歌示例:https://developers.google.com/drive/web/quickstart/quickstart-js显示如何执行此操作,但文件会上传到授权该应用程序的同一用户的驱动器.如何将其限制在我的驱动器上.谢谢

I am new to google api. I am able to do this file upload from app script and any file which is uploaded through that script get stored to my drive only. But how to do this using javascript. Example on google : https://developers.google.com/drive/web/quickstart/quickstart-js shows how to do this but file gets uploaded to the same user's drive who is authorizing the app. How to restrict it to my drive only. Thanks

推荐答案

简单的答案是你不能使用 JavaScript.原因是 JavaScript 与 OAuth2 一起使用,这需要您请求用户许可才能访问您的数据.

Simple answer is you cant with JavaScript. The reason being is that JavaScript works with OAuth2 this requires that you ask the user permission to access your data.

如果您想让它访问您的驱动器帐户,您必须将刷新令牌保存在某个地方,然后在加载脚本时发送它.JavaScript 是客户端的,因此任何检查页面上的代码的人都将获得他们需要的所有信息,以使用您的驱动器帐户做任何他们想做的事情.出于安全考虑,这是个坏主意.

If you want to have it access your drive account you would have to save the refreshtoken some place and then send that when ever the script was loaded. JavaScript is client sided so anyone that checked the code on the page would then have all the information they needed to do what ever they wanted with your drive account. Security wise that's a bad idea.

我建议您考虑使用像 PHP 这样的服务器端脚本语言.您可能需要考虑一个服务帐户.注意:一切都将归服务帐户所有,因此您必须授予服务帐户访问您的 Google Drive 文件的权限,或者您需要将驱动器文件移动到服务帐户.

I recommend you look into using a server sided scripting language like PHP. You might want to consider a service account. Note: everything will be owned by the service account so you will either have to give the Service account access to your Google Drive files or you will need to move your drive files to the Service account.

如果您不希望服务帐户拥有您可以使用普通 Oauth2 保存的文件,请保存刷新令牌,然后将其存储在服务器端代码中,那里不会有太多的安全风险.

If you don't want the service account to have the files you could go with normal Oauth2 save the refresh token and then store it in the server sided code there wont be as much of security risk there.

相关文章