Comments (10)
The Slides API, and hence this tool, only supports publicly hosted image URLs at the moment. Changing this to a enhancement request.
from md2googleslides.
It's perhaps beyond the scope of this project, but one option would be to upload the local files to Drive first, then have the imageUrl
field refer to the Drive media view, with the access token embedded as a query parameter.
Using the same API in python, the code looks something like
# upload to Drive
response = drive_service.files().create(media_body=local_image_filename).execute()
url_with_auth = drive_service.files().get_media(fileId=response['id']).uri + '&access_token=%s' % credentials.token
slides_service.batchUpdate(body={'requests': [{
'createImage': {
'url': url_with_auth,
}
}]})
from md2googleslides.
Google Slides stores the original URL of the inserted images and exposes that data to collaborators, so that approach could lead to the access token being shared more broadly than desired. You could instead temporarily make the image world-readable, avoiding the need for the access token, but that isn't the most secure and not every G Suite user is allowed to share files outside their domain.
from md2googleslides.
Yep, have this change ready locally, but because the access token is leaked I need to find a different solution. Unless the Slides API changes to support specifying images by Drive ID instead of URL (have an open feature request for it,) all the other solutions I can think involve converting this into a hosted service. That has its own set of issues though and likely won't happen any time soon.
from md2googleslides.
Got it. I hadn't realized that the url persists after the image is uploaded. I'm not familiar enough with Google's access tokens... I take it they persist for longtime? Can we request a shorter expiration?
Using a short-lived token seems slightly less-bad than temporarily making the image world-readable since you don't have to worry about domain restrictions on sharing publicly and the script's untimely death won't leave resources dangling in the wild.
from md2googleslides.
It is a short-lived token -- about 1hr. But still, it's still a bit too long and too risky to expose, particularly since there was a recent PR to allow custom templates and the full drive scope is needed for that. That token can be very powerful, even if just for that short period of time.
from md2googleslides.
One hacky solution I'm playing around with:
- Get a list of current collaborators
- Revoke all permissions on the destination slides
- Request a new OAuth token (and don't store it) -- separate from the "normal" one to do steps 1 & 2
- Generate the slides
- Revoke the OAuth token from step 3 (GET https://accounts.google.com/o/oauth2/revoke?token=..., no need to be logged in)
- Restore collaborators
It's.... not pretty. @sqrrrl do you have a link to the open feature request in Slides API? This seems like such an oversight!
from md2googleslides.
I'm also considering using something like file.io, but am a little concerned about uploading data to a 3P. Maybe doable with an explicit opt-in (CLI flag --use-fileio), will see...
from md2googleslides.
Oooooh, found a nice little hack :)
Drive has a nice feature that if you try to download a file with the access_token in the query parameter, it redirects to a locked domain (ephemeral domain with auth encrypted and signed in the URL). That URL is safe to use since it's valid only for the particular file and doesn't directly expose the access token.
So logic becomes:
- Upload file
- Request download in client w/access_token but don't follow redirect
- Capture the redirect URL and use that in as the image source URL
Yay :)
from md2googleslides.
Previous mentioned hack isn't viable (can't rely on it long term.)
Ended up using https://file.io for ephemeral hosting with an explicit ack on the command line (--use-fileio). Fixed in master, will be in next release (0.5). Should get around to pushing that shortly.
from md2googleslides.
Related Issues (20)
- Dependency Dashboard
- Thanks
- HTML Element: img
- file.io: Too many requests (429) HOT 2
- Feature Request: allow for having headers start at H2 or H3 instead of H1
- Project dead? HOT 4
- Getting a 'Error 400: invalid_request' on first invocation HOT 7
- [SyncRepoSettings bot] - Invalid config file
- Can't install on macOS 13 HOT 1
- I fixed all issues! Use my fork HOT 2
- I got this project working on macOS 13 but the owners of this repo won't merge the changes
- Mmwk
- this app tried to access sensitive info in your google account. to keep your account safe, google blocked this access HOT 1
- 2023 - is this Project Dead?
- Hhhh
- Is this still maintained? HOT 1
- ERR_INVALID_ARG_TYPE(name, 'string', value)
- error in documentation about code block font sizes
- 2fa? HOT 1
- Oauth blocked access HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from md2googleslides.