(core) add an access token mechanism to help with attachments in custom widgets

mirror of https://github.com/gristlabs/grist-core.git synced 2026-03-02 04:09:24 +00:00

Summary:
With this, a custom widget can render an attachment by doing:
```
const tokenInfo = await grist.docApi.getAccessToken({readOnly: true});
const img = document.getElementById('the_image');
const id = record.C[0];  // get an id of an attachment
const src = `${tokenInfo.baseUrl}/attachments/${id}/download?auth=${tokenInfo.token}`;
img.setAttribute('src', src)
```

The access token expires after a few mins, so if a user right-clicks on an image
to save it, they may get access denied unless they refresh the page. A little awkward,
but s3 pre-authorized links behave similarly and it generally isn't a deal-breaker.

Test Plan: added tests

Reviewers: dsagal

Reviewed By: dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D3488

This commit is contained in:

Paul Fitzpatrick

2022-07-19 11:39:49 -04:00

parent 5c0a250309

commit dd8d2e18f5

22 changed files with 551 additions and 34 deletions

									
										1

app/server/lib/ICreate.ts
									
												View File
												
				@@ -35,6 +35,7 @@ export interface ICreate {

				export interface ICreateActiveDocOptions {

				  safeMode?: boolean;

				  docUrl?: string;

				  docApiUrl?: string;

				  doc?: Document;

				}

(core) add an access token mechanism to help with attachments in custom widgets

1 app/server/lib/ICreate.ts Unescape Escape View File

1

app/server/lib/ICreate.ts

View File