Closed th0rgall closed 2 years ago
louisbarclay
commented
2 years ago @th0rgall FYI I found a way to use a Google Script to do this instead of relying on the Google Sheets API and having to get an API key etc.
You can see that happening here: https://github.com/louisbarclay/nudge/blob/master/sync-lib/sync-hidees-dev.js
It's safe since it uses the Script of a new account which has nothing going on apart from having access to the Google Sheet that manages hidees.
th0rgall
commented
2 years ago @louisbarclay interesting solution!
That hides the key. But I didn't think the API key was unsafe in terms of access, I believe the one I used could only be used to read publicly accessible sheets.
I was mostly concerned about a bad actor running off with the key to deplete it's request quota, which would break Nudge's updating and/or drive you into costs, however unlikely that is. I hadn't looked up what kind of rate limits existed for Google Cloud apps with the API key. Do you know if the Google Script has the same limits? I guess so.
If for some reason I (or someone else) would want to experiment with changing/adding columns in the a "development" sheet, I think I'd keep using my old sync-hidees.js from this PR as long as it remains compatible. Otherwise I'd have to look into create a Google Script of my own.
Fixes https://github.com/louisbarclay/nudge/issues/118, which was also one cause of
yarn devcrashing.I removed the GetSheetDone dependency since it's an abandoned project relying on the deprecated Google Sheets v3 API (see https://github.com/giladaya/get-sheet-done/issues/9).
The Google Sheets v4 API is JSON-based, and for Nudge's use case there was no need for a simplified wrapper. The pure API works well with the existing code. Unfortunately, v4 requires a Google API key to access the sheets. Thus, this key will need to be bundled with the client for it to work as expected. I'm not yet sure what risks (API quota limits etc) are involved with this.
Todo: