Limited number of users that can access a shared file in dropbox - dropbox

I am using dropbox API to host my documents
Is there a limited number of users that can access simultanately to a file hosted in dropbox ?

I don't think so, no.
What do you mean when you say you're using the Dropbox API to host your documents? Are others accessing the document through the API somehow or just through a browser (hitting a share link)?
In the latter case, you should familiarize yourself with Dropbox's per-day bandwidth limits on share links.

Related

Cloud Storage customer access best practices

Let's say I have a use case where users can buy mp3 files inside an app. The objects are stored in GCP Cloud Storage . What is the best practice to deliver those objects only to the users that purchased the files?
After researching the topic I came up with three solutions:
Client calls a REST (e.g. one running inside App Engine) service. This service downloads the files from Cloud Storage and then sends them back to the client.
Instead of sending the files via the REST call, I could send the download URL (from Cloud Storage) to the client. This would be more cost efficient, however this sounds like a security concern to me as anyone who simply monitors his network could capture the URL.
Creating a (time-limited) signed url to allow the user the download
Obviously a permission check would have to happen first, e.g. a database that contains if user X purchased mp3 Y.
This problem could also be applied to Azure Blob Storage or AWS S3...
In your use case, you have a constant:
You need a backend to authenticate the user (for example Authentication performed with Cloud Identity Platform and hosted on App Engine or Cloud Run
You need to check the list of MP3 that it has bought (stored in Firestore for example)
And then, you need to allow him to download the file. On this last point I recommend you to generated a signedURL. Download URL exists only in Firebase area (maybe your project is a firebase projet?) but it's the same thing than signerURL. Finally I don't recommend you the #1 proposal. It will work, but in case of long download (because network is poor), the connexion will be interrupted after 60 seconds. And this will keep your AppEngine up for nothing (and you will pay for this...).

Download files from a specific user's drive with google drive api

Is there a way to download files from a specific google drive, by using the google drive api? Currently i can only read the drive of the google user logged in.
Inorder to access data owned by someone on Google drive you need their permission. You can't just access my files unless I let you. The most common method for this is oauth2 but you can also use a service account.
Now if I set a file to public you would be able to read it using an API key but I would have to give you the file id.

Full access Google Drive API

For Google Drive API, the drive.file scope seems to give only access to the files created by the app. Is there a scope for Google Drive that gives access to the entire drive? Thanks
You may refer with this documentation. Full access to all files in the user's Drive (https://www.googleapis.com/auth/drive) may be necessary for some apps. An app designed to sync files, for instance, needs this level of access to Drive. Apps with special needs related to listing or reorganizing files might need full scope.
Check the sample code in this GitHub page.
Try this scope :
Google Drive
This will bring Full permissive scope to access all of a user's files

Accessing a public google drive without authentication using Corona sdk

I have two public folders in my google drive and I want my app to be able read images from one folder and read and write images to another folder. Is there a way to do this using the google api or any GET method and hopefully without needing to authorize or authenticate the user's google account? Thank you!
It's a cross platform application being developed in Lua using the Corona sdk
Unfortunately, you cannot access a particular drive without any authentication/authorization.
Every request your application sends to the Drive API must include an
authorization token. The token also identifies your application to
Google.
Same question was also raised in this SO post.
But there is an alternative if you go further in the answer of the SO post. This link maybe useful if you want to try the alternative.

Allowing read and write access to Google Drive files to unauthenticated clients

We have been working on a web service (http://www.genomespace.org/) that allows computational biology tools that implement our REST API to, among other things, read and write files stored on "The Cloud".
Our default file storage is a common Amazon S3 bucket, but we now allow users to mount their own private S3 bucket as well as files on Dropbox.
We are now trying to enable similar functionality for Google Drive and have run into some problems unique to Google Drive that we have not encountered with S3 or Dropbox.
Only way to allow clients that are not Google-authenticated to read files unobtrusively is to make the files "Public". Our preference would be that once the user has authorized access to our application via OAuth2, the user files could remain "Private" in Google Drive.
However, even though the user has already authorized our web service to offline access to their "Private" files, we have not found a way to generate a URL that a client authorized by our system can use to GET the file directly without the client being logged into Google as well.
The closest we have come to this functionality has been to change the file permissions to "Anyone with Link", except that for files greater than 20MB Google insists on returning an intermediate web page warning that the file has not been scanned for viruses. In addition to having to mess with file permissions, this would break our existing clients. Only when the file is "Public" and we utilize URLs of the form https://googledrive.com/host/PARENT_FOLDER_ID/FILENAME can non-Google clients read the files without interference.
Have not found any way for clients that are not Google-authenticated to upload a file to Google Drive. Our API allows our authorized clients to PUT files directly to the backing file storage using URLs provided by our server. However, even if a folder is marked "Public", the client requires Google authentication credentials to save to Google Drive. We could deal with both of these issues with intermediate hops through our system (e.g., our web server would first download the file from Google Drive and then allow the client to GET it) however this would be woefully inefficient and, hopefully, unnecessary. These problems have been discussed multiple times before on stackoverflow (e.g. here and here and have read the responses very carefully, but have not seen any recent discussion.
The Google folks direct their API users to post on stackoverflow for support, so I am hoping for a fresh look from insiders.
The general answer is: dont make the drive requests through the user's browser. Insead do everything from your servers. You are the one having the (refresh) tokens for users, so you should make all requests like a proxy between the user and Drive. Same for downloading, you download it and return to the user. As long as you use each drive's token there shouldnt be rate limit/quota issues.