gristlabs_grist-core/app/gen-server
Paul Fitzpatrick dd8d2e18f5 (core) add an access token mechanism to help with attachments in custom widgets
Summary:
With this, a custom widget can render an attachment by doing:
```
const tokenInfo = await grist.docApi.getAccessToken({readOnly: true});
const img = document.getElementById('the_image');
const id = record.C[0];  // get an id of an attachment
const src = `${tokenInfo.baseUrl}/attachments/${id}/download?auth=${tokenInfo.token}`;
img.setAttribute('src', src)
```

The access token expires after a few mins, so if a user right-clicks on an image
to save it, they may get access denied unless they refresh the page. A little awkward,
but s3 pre-authorized links behave similarly and it generally isn't a deal-breaker.

Test Plan: added tests

Reviewers: dsagal

Reviewed By: dsagal

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D3488
2022-07-19 11:55:18 -04:00
..
entity (core) Polishing upgrade plan UI 2022-06-29 18:28:37 +02:00
lib (core) add an access token mechanism to help with attachments in custom widgets 2022-07-19 11:55:18 -04:00
migration (core) add a yarn run cli tool, and add a sqlite gristify option 2022-07-14 12:00:30 -04:00
ApiServer.ts (core) Faster builds all around. 2022-07-04 10:42:40 -04:00
sqlUtils.ts (core) fix bug where sharing doc with everyone@ as viewer made it unlisted for site viewers 2021-10-28 12:48:31 -04:00