ziolko / spreadapi Goto Github PK

Hi, any idea why I'm having trouble getting a response when using curl? It works fine with wget and Postman.

curl -L -X POST 'https://script.google.com/macros/s/hidden/exec' --data-raw '{"method": "GET", "sheet": "data", "key": "a_good_password"}'

As a response I get "Sorry, the file you have requested does not exist."

Hi,

great idea!

I have one issue. When I call the POST /exec from Postman, it works fine but from other clients (e.g. vscode REST client), I get a 302 Moved Temporarily error.

Request from VS Code REST Client addon:

POST https://script.google.com/macros/s/AKfycbwb6hPJrEOQEqNsjGnSzdlGdhDcd2EXj5yikvOA_H9ihwAWtHE/exec HTTP/1.1
content-type: application/json

{
	"sheet": "Sample POC Data",
	"key": "<KEY HERE>"
}

I get this:

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Thu, 05 Dec 2019 08:45:46 GMT
Location: https://script.googleusercontent.com/macros/echo?user_content_key=GVQyW_b65XMDMRb0c05WbTG8LR-Cg3p40p4IDcritM1YMHb-SaOrNLlo08h7oTh8fCU8xJ6UKZKqII0FqeGrH0yGE8MAsj0km5_BxDlH2jW0nuo2oDemN9CCS2h10ox_1xSncGQajx_ryfhECjZEnNrBxTLIR-OmuNHHNkCylqmg0bzgBRVsbxJtmTQPCEGHgiNvdOheAhNkiN6ji3JQ_qOIp7sEUsJ2&lib=MgGipqB0Vlrps_mc891bgMHc7neZF186U
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
Connection: close
Transfer-Encoding: chunked

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://script.googleusercontent.com/macros/echo?user_content_key=GVQyW_b65XMDMRb0c05WbTG8LR-Cg3p40p4IDcritM1YMHb-SaOrNLlo08h7oTh8fCU8xJ6UKZKqII0FqeGrH0yGE8MAsj0km5_BxDlH2jW0nuo2oDemN9CCS2h10ox_1xSncGQajx_ryfhECjZEnNrBxTLIR-OmuNHHNkCylqmg0bzgBRVsbxJtmTQPCEGHgiNvdOheAhNkiN6ji3JQ_qOIp7sEUsJ2&amp;lib=MgGipqB0Vlrps_mc891bgMHc7neZF186U">here</A>.
</BODY>
</HTML>

Still works from Postman though:

Any idea why this is happening?

Would it be possible to, as the title says, extend the current authentication system to restrict what columns a given user can read/write to? The use case I'm thinking of is a simple inventory tracking spreadsheet that has name, quantity, and isInStock columns, where isInStock just uses a spreadsheet formula to check if quantity != 0. It would be nice to scope access to just the name and isInStock data, without returning the raw quantity in the API response.

Thanks for making this very nice script, by the way! I came here from Hacker News when searching for info about using Google Sheets as a simple backend.

I'm trying to use this spreadapi on one of my project but I'm encountering this error.

Status :401
code:unauthorized

I've followed your demo on youtube but it still won't work . Any idea on what I might not be doing right?

I have been using this for awhile but was migrating to a new sheet when suddenly stuff stopped working. One of the only changes was that our sheet was renamed from test_sheet to TEST_SHEET.

Started looking into the causes of the 401's being returned and I think it's because we do a .toLowercase() on the sheet names coming in, but I don't see where we lowercase them when setting a User's permissions, nor in the documentation for Google's actual API.

I think it should be safe to simply remove this .toLowercase() call, unless I'm missing something 😅

Hi. Currently isStrongKey only considers the following special characters: !@#$%^&* . This excludes many possible ASCII special characters. I recommend you update the regex to:

^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[\x20-\x2F\x3A-\x40\x5B-\x60\x7B-\x7E])(?=.{8,})

I have included several ranges from this table: http://www.asciitable.com/

Context in https://news.ycombinator.com/item?id=40014730#40047999

Looking at the code, we are able to handle multiple actions in a single request, by sending an array in the request body instead. Example:

curl -L \
    --data '[{ "method": "POST", "sheet": "Sheet1", "payload": { "username": "John", "age": 25 } }, { "method": "GET", "sheet": "Sheet1" }]' \
    "https://script.google.com/macros/s/$APP_ID/exec"

However, this was not documented in the documentation page.

This seems like a really handy feature, should this be documented somewhere?

As an aside, I almost created a PR to tweak handlePost to handle an array instead of an object 😆

Hi,

I love your project and would like to port this to Clasp. I can either create a PR in this repo or I can fork and maintain a different repo.

I am not sure if this is the direction you would want to take the project so please let me know if this can be a possibility.

Thanks.

Hi, first I want to thank you for making this lovely library.

I think a slight change to the documentation would be helpful: the existing newsletter example uses two external dependencies: Bulma and jQuery. They are fine tools, but it would be beneficial to have a very, very simple example that you can get working just by cutting and pasting. I think people might be also be interested in an example using Cloudflare workers.

I am happy to write both examples and submit a pull request, but it's not clear to me how to make an edit for the documentation. Would you be receptive to such a pull request?

Hi,

thanks a lot for your project. Unfortunately I realized today that your documentation at https://spreadapi.com/ is down. Is it possible to bring the documentation up again?

For all fellow Spread-API users:
You can access the last version of the documentation via the Internet Archive -> https://web.archive.org/web/20210527031526/https://spreadapi.com/

Thanks a lot,
Tilo