How to do Google App script firestore connection - google-cloud-firestore

I am developing an addon for gmail and the data I need is in the firestore. Can they help me connect firestore with Google app script

The easiest way to use this library is to create a Google Service Account for your application and give it read/write access to your datastore. Giving a service account access to your datastore is like giving access to a user's account, but this account is strictly used by your script, not by a person.
If you don't already have a Firestore project you want to use, create one at the Firebase admin console.
To make a service account,
Open the Google Service Accounts page by clicking here.
Select your Firestore project, and then click "Create Service
Account."
For your service account's role, choose Datastore > Cloud Datastore
Owner.
Check the "Furnish a new private key" box and select JSON as your
key type.
When you press "Create," your browser will download a .json file
with your private key (private_key), service account email
(client_email), and project ID (project_id). Copy these values into
your Google Apps Script — you'll need them to authenticate with
Firestore.
[Bonus] It is considered best practice to make use of the Properties
Service to
store this sensitive information.
For more information on this Please refer this link.

Related

How can i do a PUT with an access key into a google storage bucket?

Is there way to do a PUT or POST into a Google Storage bucket with an API key
In the api explorer there is the ability to test this out with OAUTH and the API key, but the explorer doesn't allow me to use the api
Is this possible?
PUT https://www.googleapis.com/storage/v1/b/bucket/o/object&key="InsertSomeKey"
OR
https://www.googleapis.com/upload/storage/v1/b/bucket/o?uploadType=media&name=testobject&key="InsertSomeKey"
Not exactly, first of all, you need to authenticate the account that you need to connect, anyway, you must configure an account for access the bucket, like a user account or service account; then you cant make a petition, this is the API reference:
https://cloud.google.com/storage/docs/json_api/v1/
I suggested to do it by code, using the libraries:
https://cloud.google.com/storage/docs/reference/libraries

Implementing Firm-Wide settings for a Clio App

I am working on a multi-user Clio app that can automatically OCR every document stored in Clio. I would like to enable my app so that the OCR settings are configured once for the firm and not individually for each user.
How does Clio recommend implementing firm-wide settings?
I had thought about using the #DomainName.com part of the customer's email address but that feels brittle and seems like a good way to create a security issue.
Clio recommends that applications store their application specific settings in their own data store (ie Firebase or similiar would work). If you need to share settings across users in an account you can gain access to the account id via the users end point. The following request (ensure your application has the User Read scope set) should get you started.
GET "https://app.clio.com/api/v4/users/who_am_i?fields=id,account\{id\}"
This will return something like:
{"data":{"id":344855567,"account":{"id":809455327,"redacted":true}}
The account id will be the same for each user in the account, you can use this as your account key in storing account specific application settings in whatever data store you're using for your settings.

Google storage external authorization

I need to store my service data in Google Storage and let my users download files depending on their (users) access rights.
I've already made service that connects to Google Storage using server-centric mechanism, and transfers them to client-side, but I need client-side to go to Storage and download file without server-side.
I've tried to use temporary links for files, but I can't check, if user downloaded file or not to properly delete temporary link.
I've tried to look for oauth2 support, but it seems Google doesn't support oauth in such way (When my service decides to allow access or no).
The best solution is to generate tokens for users and if Google Storage would call my service before every file download.
How can I achieve that?

What are the minimum permissions needed by filepicker.io when integrating with Google Cloud Storage?

We are integrating filepicker.io with Google Cloud Storage (ie. asking filepicker to write the uploaded files to our Google Cloud Storage account). Their documentation is pretty clear, however I found that I have to give the service account "Editor" access to the whole project, which is a security concern for us (it means that if somebody gets access to the access tokens used by Filepicker, they can do whatever they want with our Google Cloud project instead of just having access to the file). Trying to use some more restrictive permissions (like "Storage Object Creator" + "Storage Object Viewer") makes Filepicker fail.
Had anyone managed to configure the Google Cloud Storage integration of Filepicker.io with something less than "Editor" access to the project?
Just wanted to note that in the mean time I implemented a workaround: I created a separate Google Cloud project and only gave "Storage Admin" access to that one to Filepicker. Then I gave permissions to the accounts from the other projects to use the given storage bucket from the "upload" project. So this way at least any token leaked on Filepicker's end is limited to accessing this "upload" project.
I just tested this and it seems that the minimum required role to store to GCS using Filestack/Filepicker is either the "Project Editor" role, or the "Storage Admin" role. I will submit a feature request to allow more varied role options.

google-cloud-storage: Obtaining ClientID and Client_Secret_Key by HTTP requests

I am developing a service which is suppose to browse all project IDs/buckets/objects for a particular google user.
I have created the projects using Google Console and able to get the device/user/verification-url etc..and able to get the access
and refersh tokens as well.
While I got these, I had to use the ClientID and Client_Secret_Key (which as a google user) I got to see in Google Console.
Ideally, I would like to obtain this information(ClientID and secret type) in backend by using some HTTP requests or may be by some
other means.
Is anybody aware of how to obtain these ?
Maybe you're looking for the concept of a Service Account?
A service account is like S3's Access Key ID and Secret Key -- rather than being a particular Google user's data, it's the application's data.