Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/drpaulbrewer/bugle

Hapi plugin for Google Drive Login with refresh token storage policy and drive API extensions from npm: decorated-google-drive
https://github.com/drpaulbrewer/bugle

google-drive-api hapi-plugin

Last synced: 7 months ago
JSON representation

Hapi plugin for Google Drive Login with refresh token storage policy and drive API extensions from npm: decorated-google-drive

Awesome Lists containing this project

README 

          
# bugle ![free image of a bugle](https://upload.wikimedia.org/wikipedia/en/1/13/Bugle_logo2.png)



A Hapi plugin for Google Drive Login with:



* refresh token storage policy

* hooked to create `.drive` on requests where available

* drive API extensions from npm: decorated-google-drive



## Usage



### Compatibility



* bugle@1 and bugle@2 work with hapi 16 but not hapi 17

* bugle >= 2.12 includes googleapis@58.0.0 for `request.drive`

* bugle >= 2.12 uses `npm:axios` for uploads, earlier versions use `npm:request`



### Installation



    npm i bugle -S



You also need grant and probably yar.



    npm i grant -S

    npm i yar -S



### Configuration



#### ./path/to/hapi/config/bugle.json



If you want to store encrypted refresh tokens for each user in their own Drive appDataFolder, where they can't change them and no one else will likely see

them, add the "refreshTokenStash" setting below. Otherwise that can be omitted.



    {

      "drive": {

          "refreshTokenStash": {

    	      "location": "appDataFolder",

	          "file": "r",

	          "key": "makeUpSomthingBetterThanThisForYourIronEncryptionKey"

	      }

       },

       "myRedirect": "/a/me", // where to send users who have logged in with Google Drive -- defaults to /a/me

       "useMeLevel": 2, // level from 0-4 to determine what to return from /a/me -- 0 is 404 (default), 1 is name+pic, 2 includes drive profile, 3 headers, 4 server info

       "loginHTMLFile": "/path/to/your/login.html", // optional HTML file to show at URL /a/login -- default provided

       "retryHTMLFile": "/path/to/your/retry.html"  // also optional

    }



#### ./path/to/hapi/config/grant.json



**Note:  bugle reads the grant config via `server.registrations.grant` **



Configure grant like this for an app that wants to:



* read/write its own files from the user's Google Drive

* read/write the secret appDataFolder on the user's Google Drive



```

{

    "server": {

        "protocol": "https",   // you do use https, dont you?

        "host": "example.com",

        "callback": "/a/googledrive",

        "transport": "session",

        "state": true

     },

     "google": {

        "key": "your-api-console-drive-client-id-goes-here",

        "secret": "your-api-console-drive-secret-goes-here"

        "scope": [

             "https://www.googleapis.com/auth/drive.file",

             "https://www.googleapis.com/auth/drive.appdata"

         ],

        "callback": "/a/googledrive",

        "custom_params": {

             "access_type": "offline"

        }

     }

}

```



Note:  Adding `"prompt": "consent"` to `custom_params` forces the Google app consent dialog every login, yielding new refresh tokens each time.

In documentation, though, it is suggested to reuse the old refresh tokens until they expire (6 mo?) by storing them somewhere safe.



#### ./path/to/hapi/config/yar.json



`isSameSite:false` turns off some cookie same site protection that was problematic with yar + chrome browser - use at own risk or omit



    {

       "cookieOptions": {

            "password": "changeThisPasswordToSomethingHardToGuessBecauseItEncryptsTheCookiesWithTheDriveTokens",

	        "isSecure": true,  // use true if you are using https

            "isSameSite": false  

         	}

    }



### Example Hapi Server



#### ./path/to/hapi/index.js



**Note: this requires some set up in Google API Console and the configuration files before it will work**



```js



// Minimal Example: Hapi server using yar-grant-bugle



// jshint esversion:6, strict:global, node:true



"use strict";



const Hapi = require('hapi');

const yar = require('yar');

const Grant = require('grant-hapi');

const grant = new Grant();

const server = new Hapi.Server();

const Boom = require('boom');

const bugle = require('bugle');



server.connection({port:8888});



server.register([

    // REQUIRED: (any session store - see ./examples/hapi-session)

    {

	register: yar,

	options: require('./config/yar.json')

    },

    // REQUIRED: grant, configured for Google Drive login

    {

	register: grant,

	options: require('./config/grant.json')

    },

    // REQUIRED: bugle, grabs google config from grant, and own config from bugle.json

    {

	register: bugle,

	options: require('./config/bugle.json')

    }

], function(err){

    if (err) throw new Error(err);



    server.start((err)=>{

	if (err) throw new Error(err);

	console.log("Server started at:", server.info.uri);

    });

});



```



## Features



* provides several routes under `/a` to deal with `/a/login`, `/a/logout`, `/a/googledriveretry` retries, `/a/me` Google Drive User's profile

* inherits route `/connect/google` as alternate login point from `grant`

* `request` decorated with `.drive` from [decorated-google-drive](https://github.com/DrPaulBrewer/decorated-google-drive) at `onPreAuth`

 * `req.drive` and `req.drive.x` are built from and on top of `npm:googleapis`

 * `req.drive` without the `.x` is a vanilla `npm:googleapis.drive` client

 * `req.drive.x` extensions know about

   * the appDataFolder via `req.drive.x.appDataFolder.method`

   * paths `req.drive.x.findPath('/some/nested/path/in/users/drive')`

   * how to make paths like `mkdir -p` does

   * creating upload URLs for later uploads, and doing resumable upload now for bigger files

   * more (see decorated-google-drive)

* `request.drive` will use `googleapis` to try to auto-update its Google Drive OAuth2 access_token from the OAuth2 refresh_token

* token/cookie management

   * updated Google Drive tokens are pushed out into the session cookie automatically at `onPostHandler`

   * new Google Drive OAuth2 refresh tokens can be stashed in the user's Drive appDataFolder in an encrypted file for safe keeping

   * subsequent `access_token` only logins will retrieve the stashed refresh_token as part of drive initialization



## Copyright



Copyright 2017 Paul Brewer, Economic and Financial Technology Consulting LLC 



## License: MIT



## No relation to Google, Inc.



This software is 3rd party software.



It is not a product of Google, Inc.



Google Drive[tm] is a trademark of Google, Inc.



npm: googleapis is a Google-provided nodejs client for Google APIs such as Google Drive, linked to/referenced from our code. License: Apache 2.0

A copy is not included herein, but running `npm install` may install one.