Proxy Google Docs List May 2026

// ------- OAuth2 (interactive) ------- const oauthCreds = JSON.parse(await readFile(oauthPath, "utf8")); const client_id, client_secret, redirect_uris = oauthCreds.installed

// ────────────────────────────────────────────────────────────── // 1️⃣ Helper: create an authenticated Google API client // ────────────────────────────────────────────────────────────── async function getAuthClient() path.join(__dirname, "oauth-client.json");

const docs = response.data.files.map((f) => ( id: f.id, name: f.name, createdTime: f.createdTime, modifiedTime: f.modifiedTime, owner: f.owners?.[0]?.displayName ?? "unknown" )); Proxy Google Docs List

fetch('http://localhost:3000/list-docs') .then(r => r.json()) .then(data => console.log(`You have $data.count docs`); data.docs.forEach(doc => console.log(`$doc.name (ID: $doc.id)`)); ) .catch(console.error); Because the proxy already handled authentication, no Google credentials ever touch the browser – a big win for security. 8️⃣ Security & Production Tips | Concern | Recommendation | |---------|----------------| | Secret storage | Never commit service-account.json , oauth-client.json , or oauth-token.json to Git. Use environment variables ( GOOGLE_APPLICATION_CREDENTIALS ) or a secret‑manager (AWS Secrets Manager, GCP Secret Manager). | | Rate limiting | Add a simple IP‑based limiter ( express-rate-limit ) to protect the endpoint from abuse. | | CORS | If you plan to call the proxy from another domain, enable CORS only for allowed origins ( app.use(cors(origin: 'https://my-app.example.com')) ). | | HTTPS | In production, terminate TLS at your load balancer or reverse proxy (NGINX, Cloudflare). Never expose the proxy over plain HTTP on the public internet. | | Scopes | Grant the least privileged scope ( drive.readonly ). If you need edit capabilities later, expand scopes deliberately. | | Pagination | The example uses pageSize: 1000 . For very large accounts, implement nextPageToken handling to stream results. | | Logging | Strip any personally‑identifiable information before writing logs to external services. | | Monitoring | Hook the /healthz endpoint into your monitoring stack (Prometheus, Datadog, etc.). | 9️⃣ Alternate implementations (quick cheats) | Language | Minimal snippet (only the list request) | |----------|------------------------------------------| | Python (Flask) | Show code```python\nfrom flask import Flask, jsonify\nfrom google.oauth2 import service_account\nfrom googleapiclient.discovery import build\n\napp = Flask( name )\n

// ------- Service‑account (no user interaction) ------- try const saKey = await readFile(saPath, "utf8"); const auth = new google.auth.GoogleAuth( credentials: JSON.parse(saKey), scopes: ["https://www.googleapis.com/auth/drive.readonly"] ); console.log("🔑 Using Service‑Account credentials"); return auth.getClient(); catch (e) console.warn("⚠️ Service‑account not found or invalid – falling back to OAuth2"); // ------- OAuth2 (interactive) ------- const oauthCreds =

res.json( count: docs.length, docs ); catch (err) console.error("❌ Error while listing Docs:", err); res.status(500).json( error: "Failed to fetch Google Docs list", details: err.message ); );

const app = express(); const PORT = process.env.PORT || 3000; | | HTTPS | In production, terminate TLS

const __filename = fileURLToPath(import.meta.url); const __dirname = path.dirname(__filename);