谷歌驱动器 api 上传和显示 JWT 认证

Question

I want to upload files into my google drive account with Node.JS but while uploading the files I want to create a folder for these files and give a specific access to some emails to view them into my google drive account, the basic scenario is i have a form which i upload for example 3 files (video,pdf,image), then i made a multiselect input field that put 3 emails inside then i click upload, i want only these 3 emails to display this folder and everyone with other email cannot view the files therefor my login system is JsonWebToken ( JWT ) so is it possible to do this, I just want to upload files to google driver and then my frontend checks who has logged in with JWT token access then display these files in the frontend.

I made this code but i cannot find a way to add a file and then add a permission to this file who can view these files:

const { google } = require('googleapis');
const googleScope = ['https://www.googleapis.com/auth/drive']
const googleKey = process.env.GOOGLE_KEY;
const fs = require('fs')
const express = require('express');
const router = express.Router();

const Multer = require("multer");


const authenticateGoogle = () => {
  const auth = new google.auth.GoogleAuth({
    keyFile: __dirname + "/book-375320-56d9bd2b6239.json",
    scopes: googleScope,
  });
  return auth;
};

const multer = Multer({
  storage: Multer.diskStorage({
    destination: function (req, file, callback) {
      callback(null, `${__dirname}/fff`);
    },
    filename: function (req, file, callback) {
      callback(null, file.fieldname + "_" + Date.now() + "_" + file.originalname);
    },
  }),
  limits: {
    fileSize: 5 * 1024 * 1024,
  },
});

const uploadToGoogleDrive = async (file , auth ) => {
    const fileMetadata = {
      name: file.originalname,
      parents: ["1PLzjikkBXnSpBNi7OZxh3-XhEAIji_94"]
    };
  
    const media = {
      mimeType: file.mimetype,
      body: fs.createReadStream(file.path),
    };
  
    const driveService = google.drive({ version: "v3", auth });
  
    const response = await driveService.files.create({
      requestBody: fileMetadata,
      media: media,
      fields: "id",
    });
    return response;
};


const deleteFile = (filePath) => {
    fs.unlink(filePath, () => {
      console.log("file deleted");
    });
};

router.post("/uploadGD", multer.single("file") , async (req , res , next ) => {
    try {
      if (!req.file) {
        res.status(400).send("No file uploaded.");
        return;
      }
      const auth = authenticateGoogle();
      const response = await uploadToGoogleDrive(req.file, auth);
      deleteFile(req.file.path);
      res.status(200).json({ response });
    } catch (err) {
      console.log(err);
}});

module.exports = router;

I expect to upload files with permissions that who can view my files and then get JWT token and if the JWT token has the same email as the permission files he can view it inside the frontend.

Answer 1

Your code appears to be using service account authorization. Which also implies that you have granted your service account access to the folder in question.

This means it will be up to your code to decide who has access.

I would suggest that in your login system you simply add a new claim to the user which your code can use to decide if this person has access.

How you do this is hard to know without understanding more about the Login to system used by your users.

either way this is not something a service account can do so its up to you too implement within your own system.