nobuhito/OAuth2Invoker.gas.diff

## OAuth2Invoker.gas.diff
--- OAuth2Invoker.gs.org 2014-12-12 15:45:41 +0900
+++ OAuth2Invoker.gs     2014-12-12 15:46:04 +0900
@@ -1,7 +1,7 @@
 /**
 * Used for invoked Google App Engine services from Google Apps Script.
 */
-function OAuth2Invoker(email, pemBase64, scope){
+function OAuth2Invoker(email, pemBase64, scope, target){
   this.post = function(url, payload){
     var params = {
       method:'post',
@@ -28,13 +28,16 @@
       }
     }

+    var s = [];
     if(payload){
-      payload.payload = payload;
+      for (var i in payload) {
+        s.push(i + "=" + payload[i]);
+      }
     }

     Logger.log(params);

-    var response = UrlFetchApp.fetch(url, params);
+    var response = UrlFetchApp.fetch(url + "?" + s.join("&"), params);
     return response;
   }

@@ -64,9 +67,10 @@
     var exp = iat + 3600; //expire in 1 hour

     var jwtClaimSet = {
+      "sub": target,
       "iss":email,
       "scope":scope,
-      "aud":"https://accounts.google.com/o/oauth2/token", //this is always the value for google tokens
+      "aud":"https://www.googleapis.com/oauth2/v3/token", //this is always the value for google tokens
       exp: exp,
       iat: iat
     };
@@ -77,7 +81,7 @@
     var signedBase64 = sign(headerBase64 + '.' + jwtClaimBase64);
     var assertion = headerBase64 + '.' + jwtClaimBase64 + '.' + signedBase64;

-    var resp = UrlFetchApp.fetch("https://accounts.google.com/o/oauth2/token",{
+    var resp = UrlFetchApp.fetch("https://www.googleapis.com/oauth2/v3/token",{
       'method':'post',
       'payload' : {
         'grant_type':"urn:ietf:params:oauth:grant-type:jwt-bearer",
@@ -103,7 +107,7 @@
     } else {
       accessToken = requestAccessToken();
       var fiftyFiveMinutes = 3300;
-      CacheService.getPrivateCache().put(email + scope, accessToken, fiftyFiveMinutes);
+      //CacheService.getPrivateCache().put(email + scope, accessToken, fiftyFiveMinutes);
     }

     return accessToken;

## ファイル共有チェック.gas
function main() {
  var prop = PropertiesService.getScriptProperties();

  var myDomain = prop.getProperty('myDomain'); // チェックするドメインを指定
  if (myDomain == undefined) {
    Logger.log('Alert: スクリプトのプロパティにmyDomainをセットしてください');
    return undefined;
  }

  var pem64 = prop.getProperty('pem64');
  if (pem64 == undefined) {
    Logger.log('Alert: スクリプトのプロパティにpem64をセットしてください');
    return undefined;
  }

  var serviceAccount = prop.getProperty('serviceAccount');
  if (serviceAccount == undefined) {
    Logger.log('Alert: スクリプトのプロパティにserviceAccountをセットしてください');
    return undefined;
  }

  var api = "https://www.googleapis.com";
  var scope = [
    "https://www.googleapis.com/auth/drive",
    "https://www.googleapis.com/auth/drive.file",
    "https://www.googleapis.com/auth/drive.readonly",
    "https://www.googleapis.com/auth/drive.metadata.readonly",
    "https://www.googleapis.com/auth/drive.appdata",
    "https://www.googleapis.com/auth/drive.apps.readonly"
  ];

  var users = AdminDirectory.Users.list({domain: myDomain, maxResults: 500}).users;
  Logger.log("domain member: " + users.length + " users" )

  var shares = {};
  for (var i in users) {

    var target = users[i].primaryEmail;
    var userName = users[i].name.fullName

    var invoker = new OAuth2Invoker(serviceAccount, pem64, scope.join(" "), target);

    var items_options = {
      "q": "%27" + target + "%27+in+owners",
      "maxResults": 1000
    };
    var items_res = invoker.get(api + '/drive/v2/files', items_options);
    var items = JSON.parse(items_res).items;
    Logger.log(userName + ": " + items.length + " files");

    for (var i in items) {

      var fileName = items[i].title;

      var permissions_res = invoker.get(api + "/drive/v2/files/" + items[i].id + "/permissions");
      var permissions = JSON.parse(permissions_res).items;

      for (var j in permissions) {

        var email = permissions[j].emailAddress;

        if (email != undefined && email.split("@")[1] != myDomain) {
          if (!shares[userName]) { shares[userName] = {} }
          if (!shares[userName][fileName]) { shares[userName][fileName] = [] }
          shares[userName][fileName].push(email);
        }
      }
    }
  }

  Logger.log(shares);

}
	--- OAuth2Invoker.gs.org 2014-12-12 15:45:41 +0900
	+++ OAuth2Invoker.gs 2014-12-12 15:46:04 +0900
	@@ -1,7 +1,7 @@
	/**
	* Used for invoked Google App Engine services from Google Apps Script.
	*/
	-function OAuth2Invoker(email, pemBase64, scope){
	+function OAuth2Invoker(email, pemBase64, scope, target){
	this.post = function(url, payload){
	var params = {
	method:'post',
	@@ -28,13 +28,16 @@
	}
	}

	+ var s = [];
	if(payload){
	- payload.payload = payload;
	+ for (var i in payload) {
	+ s.push(i + "=" + payload[i]);
	+ }
	}

	Logger.log(params);

	- var response = UrlFetchApp.fetch(url, params);
	+ var response = UrlFetchApp.fetch(url + "?" + s.join("&"), params);
	return response;
	}

	@@ -64,9 +67,10 @@
	var exp = iat + 3600; //expire in 1 hour

	var jwtClaimSet = {
	+ "sub": target,
	"iss":email,
	"scope":scope,
	- "aud":"https://accounts.google.com/o/oauth2/token", //this is always the value for google tokens
	+ "aud":"https://www.googleapis.com/oauth2/v3/token", //this is always the value for google tokens
	exp: exp,
	iat: iat
	};
	@@ -77,7 +81,7 @@
	var signedBase64 = sign(headerBase64 + '.' + jwtClaimBase64);
	var assertion = headerBase64 + '.' + jwtClaimBase64 + '.' + signedBase64;

	- var resp = UrlFetchApp.fetch("https://accounts.google.com/o/oauth2/token",{
	+ var resp = UrlFetchApp.fetch("https://www.googleapis.com/oauth2/v3/token",{
	'method':'post',
	'payload' : {
	'grant_type':"urn:ietf:params:oauth:grant-type:jwt-bearer",
	@@ -103,7 +107,7 @@
	} else {
	accessToken = requestAccessToken();
	var fiftyFiveMinutes = 3300;
	- CacheService.getPrivateCache().put(email + scope, accessToken, fiftyFiveMinutes);
	+ //CacheService.getPrivateCache().put(email + scope, accessToken, fiftyFiveMinutes);
	}

	return accessToken;
	function main() {
	var prop = PropertiesService.getScriptProperties();

	var myDomain = prop.getProperty('myDomain'); // チェックするドメインを指定
	if (myDomain == undefined) {
	Logger.log('Alert: スクリプトのプロパティにmyDomainをセットしてください');
	return undefined;
	}

	var pem64 = prop.getProperty('pem64');
	if (pem64 == undefined) {
	Logger.log('Alert: スクリプトのプロパティにpem64をセットしてください');
	return undefined;
	}

	var serviceAccount = prop.getProperty('serviceAccount');
	if (serviceAccount == undefined) {
	Logger.log('Alert: スクリプトのプロパティにserviceAccountをセットしてください');
	return undefined;
	}

	var api = "https://www.googleapis.com";
	var scope = [
	"https://www.googleapis.com/auth/drive",
	"https://www.googleapis.com/auth/drive.file",
	"https://www.googleapis.com/auth/drive.readonly",
	"https://www.googleapis.com/auth/drive.metadata.readonly",
	"https://www.googleapis.com/auth/drive.appdata",
	"https://www.googleapis.com/auth/drive.apps.readonly"
	];

	var users = AdminDirectory.Users.list({domain: myDomain, maxResults: 500}).users;
	Logger.log("domain member: " + users.length + " users" )

	var shares = {};
	for (var i in users) {

	var target = users[i].primaryEmail;
	var userName = users[i].name.fullName

	var invoker = new OAuth2Invoker(serviceAccount, pem64, scope.join(" "), target);

	var items_options = {
	"q": "%27" + target + "%27+in+owners",
	"maxResults": 1000
	};
	var items_res = invoker.get(api + '/drive/v2/files', items_options);
	var items = JSON.parse(items_res).items;
	Logger.log(userName + ": " + items.length + " files");

	for (var i in items) {

	var fileName = items[i].title;

	var permissions_res = invoker.get(api + "/drive/v2/files/" + items[i].id + "/permissions");
	var permissions = JSON.parse(permissions_res).items;

	for (var j in permissions) {

	var email = permissions[j].emailAddress;

	if (email != undefined && email.split("@")[1] != myDomain) {
	if (!shares[userName]) { shares[userName] = {} }
	if (!shares[userName][fileName]) { shares[userName][fileName] = [] }
	shares[userName][fileName].push(email);
	}
	}
	}
	}

	Logger.log(shares);

	}