他人Dropbox的訪問令牌上傳到我的文件夾

Question

我計劃有一個服務器程序獲取我的Dropbox帳戶的訪問令牌，並傳遞給

客戶端程序uplaod我的Dropbox文件夾中。客戶端不需要DB帳戶或登錄，並且能夠將文件發送到我的DB文件夾（因此不使用OAuth ...）。類似的東西來：

this 和this

，但沒有用戶上傳到服務器的第一個，即，一旦用戶獲得訪問令牌，它們直接上傳到數據庫。

我試着使用Apache的HttpClient 4.3模擬瀏覽器來執行獲得請求令牌，發送登錄，信息獲得存取權限的道理，但得到通過後的文件貼在上傳到表單。錯誤是HTTP 400錯誤的請求......

    executing request:GET https://www.dropbox.com/login HTTP/1.1 
    ---------------------------------------- 
    HTTP/1.1 200 OK 
    Request Token: moiejtzdLqTA_0sh3gQyNZAI 

    executing request:POST https://www.dropbox.com/login HTTP/1.1 
    ---------------------------------------- 
    HTTP/1.1 200 OK 
    Access Token: 5Ot52QKDbDPSsL1ApU4MIapJ 

    executing request:POST https://dl-web.dropbox.com/upload? 

    name=sample.jpg&dest=upload&cookie_t=5Ot52QKDbDP....SsJ&t=5Ot5...apJ HTTP/1.1 
    ---------------------------------------- 
    HTTP/1.1 400 Bad Request 

我用火狐LiveHttpHeader捕捉標題爲我做的登錄和上傳文件，並看到了文件上傳其實就是做這個職位（並在代碼反映）：

 

https://dl-web.dropbox.com/chunked_upload? 
    name=tmp1.jpg 
    &chunk=0 
    &chunks=1 
    &bjar=W3sic2Vzc1..............Q%253D%253D 
    &blid=AAAw4tn................2cDxA 
    &cookie_t=32yq........nw6c34o 
    &dest= 
    &t=32yqVof........c34o 
    &reported_total_size=5611 
    &upload_id=1BKGRRP5TpCEjcWSu5tmpQ 
    &offset=0 
 

所以apparrently我錯過了一些PARAM但無法弄清楚什麼。訪問令牌似乎是有效的，因爲我可以在從httpclinet發佈到https://www.dropbox.com/home的回報中看到我的帳戶信息，但上傳根本無法工作。任何人都有類似的經驗，並獲得HTTP 400錯誤？ .... 非常感謝 ！

某些代碼如下：

構造和主（）：

    // constructor ... 
     public HttpClientExample() { 
      gcookies = new BasicCookieStore(); 
      globalConfig = RequestConfig.custom() 
        .setCookieSpec(CookieSpecs.BEST_MATCH) 
        .build(); 

      // Create local HTTP context 
      ghttpContext = HttpClientContext.create(); 
      ghttpContext.setCookieStore(gcookies); 

      // 
      redirectStrategy = new LaxRedirectStrategy(); // for http redirect ... 
      httpclient = HttpClients.custom() 
        .setDefaultRequestConfig(this.globalConfig) 
        .setDefaultCookieStore(this.gcookies) 
        .setRedirectStrategy(redirectStrategy) 
        .build();  
     } // constructor ... 

     public static void main(String[] args) throws Exception { 

      HttpClientExample myhttp = new HttpClientExample(); 
      try { 

        this.localConfig = RequestConfig.copy(this.globalConfig) 
        .setCookieSpec(CookieSpecs.BROWSER_COMPATIBILITY) 
        .build(); 

       String requestToken = this.getRequestToken(httpclient, loginurl); 

       theAccessToken = this.postForAccessToken(requestToken, loginurl); 

       String localFileTopassIn = this.localPath ; 
       this.postToUpload(httpclient, this.theAccessToken, localFileTopassIn , this.dropboxFolderOnlyName); 


      } 

     } 

獲取請求令牌：

private String getRequestToken(HttpClient client, String theURL) throws Exception { 
    HttpGet httpget = new HttpGet(theURL); 
    httpget.setConfig(localConfig);  
    httpget.setHeader("Connection", "keep-alive"); 

    System.out.println("\nexecuting request:" + httpget.getRequestLine()); 


    // Create a custom response handler 
    ResponseHandler responseHandler = new ResponseHandler() { 

     public String handleResponse(final HttpResponse response) 
          throws ClientProtocolException, IOException { 
      int status = response.getStatusLine().getStatusCode(); 
      if (status >= 200) { // && status cookies = gcookies.getCookies(); 
    for (Cookie aCookie: cookies) { 
     String cookieName = aCookie.getName(); 
     if (!(cookieName.lastIndexOf(gvcString) == -1)) { 
      gvc = aCookie.getValue(); 
     } else if (!(cookieName.lastIndexOf(tString) == -1)) { 
      requestToken = aCookie.getValue(); 
     } 
    } 

    System.out.println("Request Token: " + requestToken); 
    return requestToken;   

} 

postForAccessToken：

private String postForAccessToken(HttpClient client, String requestToken, String theURL) throws Exception{ 
    /* 
    * Send a post together with request token and my login to get accessToken ... 
    */ 
    HttpPost httppost = new HttpPost(theURL); // loginurl); 
    httppost.setConfig(localConfig); 
    ghttpContext.setCookieStore(gcookies); 

    List params = new LinkedList(); 
    params.add(new BasicNameValuePair("login_email", myemail)); 
    params.add(new BasicNameValuePair("login_password", mypasswd)); 
    params.add(new BasicNameValuePair("t", requestToken)); 

    HttpEntity postentity = new UrlEncodedFormEntity(params); 
    httppost.setEntity(postentity); 

    System.out.println("\nexecuting request:" + httppost.getRequestLine()); 

    // Create a custom response handler 
    ResponseHandler responseHandler = new ResponseHandler() { 

     public String handleResponse(final HttpResponse response) 
          throws ClientProtocolException, IOException { 
      int status = response.getStatusLine().getStatusCode(); 
      if (status >= 200) { // && status cookies = gcookies.getCookies(); 
    for (Cookie aCookie: cookies) { 
     String cookieName = aCookie.getName(); 
     if (!(cookieName.lastIndexOf(tString) == -1)) { 
      theAccessToken = aCookie.getValue(); 
     } 
    } 

    System.out.println("Access Token: " + theAccessToken);  
    return theAccessToken; 
} 

postToUpload：

 

private String postToUpload(HttpClient client, String accessToken, String localFileInfo, String destPath) throws Exception{ 

    String bjarString = "bjar"; 
    String blidString = "blid"; 
    String bjar=null; 
    String blid=null; 
    List cookies = gcookies.getCookies(); 
    for (Cookie aCookie: cookies) { 
     String cookieName = aCookie.getName(); 
     if (!(cookieName.lastIndexOf(bjarString) == -1)) { 
      bjar = aCookie.getValue(); 
     } else if (!(cookieName.lastIndexOf(blidString) == -1)) { 
      blid = aCookie.getValue(); 
     } 
    } 

    String[] fileNameArry = localFileInfo.split("(\\\\|/)"); 
    String filename = fileNameArry[fileNameArry.length - 1]; // get the last part ... 

    URI uri = new URIBuilder() 
      .setScheme("https") 
      .setHost("dl-web.dropbox.com") 
      .setPath("/upload") 
      .setParameter("name", filename) 
      .setParameter("dest", destPath)   
      .setParameter("cookie_t", accessToken) 
      .setParameter("t", accessToken) 
      .build(); 

    HttpPost httppost = new HttpPost(uri); 
    httppost.setConfig(localConfig); 

    ghttpContext.setCookieStore(gcookies); 

    FileBody bin = new FileBody(new File(localFileInfo)); 
    StringBody comment = new StringBody("A binary file of some kind", ContentType.DEFAULT_BINARY); 

    HttpEntity reqEntity = MultipartEntityBuilder.create() 
      .addPart("bin", bin) 
      .addPart("comment", comment) 
      .build(); 

    httppost.setEntity(reqEntity); 

    // add header 
    httppost.setHeader("Host", "www.dropbox.com"); 
    httppost.setHeader("User-Agent", USER_AGENT); 
    httppost.setHeader("Accept", 
      "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); 
    httppost.setHeader("Connection", "keep-alive"); 
    httppost.setHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); 
    httppost.setHeader("Pragma", "no-cache"); 
    httppost.setHeader("Cache-Control", "no-cache"); 

    // add entity 
    System.out.println("\nexecuting request:" + httppost.getRequestLine()); 

    // Create a custom response handler 
    ResponseHandler responseHandler = new ResponseHandler() { 

     public String handleResponse(final HttpResponse response) 
          throws ClientProtocolException, IOException { 
      int status = response.getStatusLine().getStatusCode(); 
      if (status >= 200) { // && status

Answer 1

OAuth是使用Dropbox API的唯一方法。獲得OAuth訪問令牌（通過一次驗證（在本例中爲您的帳戶）後，您只需執行HTTP PUT至https://api-content.dropbox.com/1/files_put/auto/<path>的標頭Authorization: Bearer <token>以及正文中的文件內容。

注意，任何人誰擁有你的訪問令牌還可以刪除所有的文件，上傳自己的個人DVD收藏等，所以它不建議您共享訪問令牌。