Access public dropbox files (via shared link) without user authentication - json

I'm trying to integrate Dropbox into my web application in the following way:
Users can enter a Dropbox Share Link, i.e. a Dropbox folder that can be accessed by anyone, even without a dropbox account.
My application then grabs the images from the folder and displays them to all users of my application.
Now as far as I can tell, the Dropbox API doesn't allow this without sending the user through a full-blown OAuth process. But since the shared link is public anyway, I don't need (and don't want) access to the users Dropbox account.
Is there a way to access a shared link in a programmatic way (without parsing the DOM or similar hacks)? Maybe there is a query parameter on the shared link to retrieve the contents as JSON? If it exists, I didn't find any docs about it.
Surely I'm not the first one to try this, so please share your solutions!

No, there's no programmatic way to list folder contents from a share link. If you have a share link for a specific file, then you can convert the domain from www.dropbox.com to dl.dropboxusercontent.com, but this trick doesn't work on folders.

Related

Google Drive API permission to children files

We would like access to a client’s folder within their Google Drive and all files under that folder. This can either be a folder we create from the app or a folder the client picks.
The first approach I tried was to create the folder from the app.
The problem is that I am only able to list the folder itself, but NONE of the content. https://developers.google.com/drive/api/v3/folder
The second approach was to use the Google Picker API. There the
client can choose which folder(s) to give us access to. However we
can only get access to the folder, and none of the children
folders/files. https://developers.google.com/picker/docs
This seemed like an easy and straightforward use case. But can’t seem to find a solution in their documentation, or maybe I don’t comprehend some of the logic. A solution would be a way to either propagate the permission to all the files included in the folder it get’s picked or created… or to have the picker select all the children.

My preference is to continue with the Recommended scope https://www.googleapis.com/auth/drive.file . And it might be that the folder contains thousands of individual files multiple levels in, so it’s not a solution to manually pick the files. Any thoughts on this would be greatly appreciated, thank you!
A possible solution for your situation...
Is to create the folder in a shared drive.
Therefore, even though new files are added/updated/removed you will still be able to see all the updates and retrieve the information needed as you will have constant access to this folder.
Another solution which is more cumbersome...
Is to ask for user's permission and to re-authorize the application each time they are using it so in the case a new file is added you will have access to it.
Reference
Drive API v3 shared drives;
Drive API v3 manage shared drives.
The first approach I tried was to create the folder from the app. The problem is that I am only able to list the folder itself, but NONE of the content. https://developers.google.com/drive/api/v3/folder
The issue is probably the scope you authorized the user with. If you authorized with read only access your not going to be able to create you need full drive access to do that.
If you are using https://www.googleapis.com/auth/drive.file then you should create a folder with that and then create a file in the folder that i believe should work.
The second approach was to use the Google Picker API. There the client can choose which folder(s) to give us access to. However we can only get access to the folder, and none of the children folders/files. https://developers.google.com/picker/docs
There is no way to request access for a single folder or files. Its all or nothing really unless you use the https://www.googleapis.com/auth/drive.file scope which would only give you access to the files that your application created.

Access publicly shared OneDrive folder via API

I have a publicly shared OneDrive folder with some various sub-folders and files. I.e. I have shared it via a link, so anyone with this link can access them.
Is there a way I can access these files from either client-side JavaScript or some server-side code via a REST API of some sort? Without having to use any sort of user-specific credentials?
What I've been trying
I've been looking at the Accessing Shared Content page, and it looks like what I want, but can't figure out how to use it.
I've taken something that looks like an id from the shared URL, which looks to be a long hexadecimal number (which seems to be an id pointing at me?), an !, and then a number (which I assume has to do with the shared resource).
I've then tried to stick it in this URL:
https://api.onedrive.com/v1.0/shares/<id>/root?expand=children
But I get back a 400 Bad Request, so something isn't quite right...
I'm thinking maybe some sort of authentication is missing, but since the shared files are public, I don't users to have to login with their credentials, and can't of course use my own in code.
I've tried to register an app, where I get an application id (guid) and can generate Passwords and Key-Pairs. Was hoping maybe I could use that, but don't see in the API how and where to actually use those...
Goal
The shared folder contains sheet music for a choir, that I'm responsible for keeping updated (and OneDrive syncing is super handy here).
Some members aren't very computer savvy, so I'd like to make seeing and downloading these files as easy as possible. The shared link with a "go here to this other strange site and find the files there"-text sort of works, but I would much rather like to list the files directly in a member-only area of our website. Basically just "here are the files, click on one to download it".
Yes, you can use the REST API to access the contents of a folder.
The API is the one you mentioned, the shares API. However, it sounds like you are perhaps using the wrong ID.
The most straightforward way to do this is to follow the instructions to encode the actual sharing URL into a token. This way you create a base64 encoded version of the sharing link, append a "u!" to the front of that string, and then make the exact call you already mentioned. You'll get back a list of the files in the shared folder and you can go from there.
Here's an example of this:
Here's a sharing link to a folder in OneDrive with some photos in it.
https://1drv.ms/f/s!AtuAM_NacwVahiFpuMGS_BiQCwWu
To convert this URL into the API, you first base64 encode the URL and append u!
u!aHR0cHM6Ly8xZHJ2Lm1zL2YvcyFBdHVBTV9OYWN3VmFoaUZwdU1HU19CaVFDd1d1
Now you can use this URL as the sharing token, and expand children and thumbnails:
https://api.onedrive.com/v1.0/shares/u!aHR0cHM6Ly8xZHJ2Lm1zL2YvcyFBdHVBTV9OYWN3VmFoaUZwdU1HU19CaVFDd1d1/root?expand=children
Clicking on this bottom link should give you the JSON response, which includes the shared folder and the children inside the folder.

Directory sandboxed access for Google Drive / Dropbox API / RemoteStorage apps?

Is there a way to get sandboxed, user-selected directory access on any major file service without first getting read level access to their entire filesystem?
There's a lot of talk about "unhosted" static webapps that allow users to access their data from a 3rd party file service (Google Drive, Dropbox, their own server, etc.). The most notable effort I've found so far is remoteStorage.io, but there doesn't seem to be a way with any major provider to let the user select a directory and then use that as a sandbox without breaking their trust (i.e. getting read access to all their files first).
From the user's perspective, the webapp shouldn't have access to anything else on the remote file storage except the one folder the user grants it access to (for example, I might grant a text editor access to my FunnyJokes folder).
The current work around seems to be having the webapp force a specific folder name ahead of time ("this app wants access to /appname_notes"), but that rules out letting the user point it to where they may already have their notes.
Does anyone know of a nice way to do this with Google Drive, Dropbox, or the like?
The user experience that makes the most sense to me is something like...
User opens an unhosted webapp (for example, a basic text editor TextyApp). They click a button to connect with their data.
3rd party auth page appears (for example, Google Drive) and it says "The app TextyApp has requested read/write access to your files. Please select a directory to use."
Confirmation screen: "Grant read/write access to folder FunnyJokes for TextyApp?"
The page redirects back to the webapp with sandboxed accessed to the user-specified folder and the files within it.
This seems like how remote file storage should work, but I haven't found a way to do it yet. Any thoughts/suggestions would be great!
Cheers,
Adam
Edit: To clarify, I'm not talking about storing hidden "application data", but instead letting the user specify a particular directory to sandbox for use with a webapp that they may not want to give broader access to.
The Dropbox Apps API provides the ability to restrict any app using your API key to a single directory of your Dropbox account. So users could create an API key with access to a specific directory and then plug that into your app. However, that's not a user-friendly workflow.
I think the Dropbox Drop-Ins Chooser/Saver API might be close to what you want. The user is presented with a Dropbox file selection popup, and your app only gets access to the specific file(s) that the user selects.
With remoteStorage, sandboxed directory access is currently the default way for apps to request (and users to grant) access to the storage. However, users cannot manually select or enter custom directories during the connect phase.

How can we add a file to a user's files.list via the sdk?

We are having issues where sometimes a file that a user can access is not returned when the user issues a files.list. This can happen in many ways. For example, new members of a Google group will not see previously shared files, as described in this question. Moreover, acording to Google documentation there are other limits on sharing which can prevent shared files from appearing in the "Shared with me" view. Finally, a user can issue a files.delete on a file she doesn't own, and the file will disappear from files.list but will still exist.
What can a user do via the SDK alone to cause a file which she can access via files.get to appear in the list of files retrieved via files.list? We are using a service account which impersonates users; the user never authenticates to Google via a browser. A link in an email that the user needs to click won't work for us, unfortunately. Accessing the file via the Google Drive UI has the desired effect, but the analogous files.get call does not.
The Google Calendar API explicitly exposes a CalendarList interface where a user can issue an insert to add an existing calendar to her list. The Google Drive SDK seems like a hybrid Files/FilesList interface with some of the functionality missing (nothing like FilesList.insert) and some of the functionality mixed together (issuing a delete as a non-owner acts like FilesList.delete but issuing it as the owner acts like Files.delete).
If we can't manage the user's files list programmatically then it is not useful for our service. We could ignore the files.list call entirely and just start recursively performing children.list queries on all shared folders, but this is incredibly expensive (unless someone knows how to issue a single query which returns all the Files resources in a folder and not just the IDs of those resources).
Any help would be appreciated. We've been trying this many different ways and have been frustrated at every turn. Thanks!

Generate a URL for Google Drive publicly shared files and access them

I have a collection of PDF files on a Google Drive. I have shared them and I want to be able to link to them from a list on a web site. What I'd like to be able to do is work out the file name of the PDF using information in the list. As a simple example, if my list contains items 1, 2 and 3 I'd like to be able to upload PDF files 1.PDF 2.PDF and 3.PDF to Google Drive then have the web site just link to those when a link is clicked and show the PDF files in the browser.
So, I guess I could do this just by uploading the PDF to Google Drive and manually adding a link to PDF on the web site. However, what I want to do is generate the link programmatically so that when I have, say, 50 PDF files I don't have to keep getting the link from Google Drive and adding it to the web site. The site should just work out that item 50, say, in the list will link to 50.PDF, for example.
I've tried to get the file id using the API but that requires the authorization token to be generated and manual intervention to take place, so that won't work. At least, not at the point where the file is viewed because the viewer is anonymous.
So my questions are:
Is it possible to work out what a file name will be on the drive using just something like an item number in a list?
I guess that there are maybe some other options - for example, when I add the items to the list on the web site programmatically, I could go and locate the google drive file manually using a web application and link it using the file id at that point. I could store the ID in a database - however, would any anonymous user then be able to just click on the file link on the web site and view the file?
Finally, can anyone think of another way to do this?
Any help would be appreciated! :)
Is it possible for you to use a service account? You can authorize the app with an account dedicated to your app and user doesn't need to authorize and authenticate. The files you will be uploading will be managed under the service account's Drive.
You can learn more about service accounts on https://developers.google.com/accounts/docs/OAuth2ServiceAccount
If you have implementation specific questions, please ask.