A secure, access-controlled document management system for formal organizational documents with Google Drive integration.
- Google OAuth 2.0 authentication
- Email domain-based authorization
- Google Drive integration for document storage
- Service account authentication for Google Drive API
- JWT-based session management
- Modular architecture
- Rust (latest stable version)
- Google Cloud Project with:
- OAuth 2.0 credentials for user authentication
- Service account for Google Drive API access
- Google Drive API enabled
- Go to Google Cloud Console
- Create OAuth 2.0 credentials
- Add authorized redirect URI:
http://localhost:3000/callback - Note your Client ID and Client Secret
- Create a service account in Google Cloud Console
- Download the JSON key file
- Save it as
service_account.jsonin the parent directory - Share your Google Drive folder with the service account email
Create config.toml in the project root:
[server]
host = "0.0.0.0"
port = 3000
[jwt]
secret = "your-secret-key-change-this"
expiry_hours = 24
[google_oauth]
client_id = "your-oauth-client-id"
client_secret = "your-oauth-client-secret"
redirect_uri = "http://localhost:3000/callback"
allowed_email_domain = "oneamongus.ca"
[google_drive]
service_account_key_path = "./service_account.json"
shared_drive_id = "" # Optional: leave empty for My Drive
documents_index_file_id = "your-csv-file-id-from-google-drive"Create a documents.csv file with the following format and upload it to Google Drive:
organ,category,number,language,file_id,created_at,updated_at
C,RES,001,cn,1abc...xyz,2026-01-06T00:04:41Z,2026-01-06T00:04:41Z
A,DEC,002,en,2def...uvw,2026-01-07T10:30:00Z,2026-01-07T10:30:00ZFields:
organ: Organization unit (e.g., A, C)category: Document category (e.g., RES, DEC)number: Document number (e.g., 001, 002)language: Language code (e.g., cn, en)file_id: Google Drive file IDcreated_at: ISO 8601 timestampupdated_at: ISO 8601 timestamp
To get a Google Drive file ID:
- Right-click the file in Google Drive
- Select "Get link"
- The file ID is the long string in the URL:
https://drive.google.com/file/d/FILE_ID_HERE/view
Native
# Check for errors
cargo check
# Build the project
cargo build
# Run the application
cargo runDocker
# Run directly
docker build -t oau-interdocrep .
docker run -d -v ./config.toml:/app/config.toml -v ./service_account.json:/app/service_account.json -p 3000:3000 oau-interdocrep
# Run with docker-compose
docker compose up -dThe server will start on http://localhost:3000
Documents are accessed via semantic URLs:
http://localhost:3000/{organ}/{category}/{number}
Examples:
http://localhost:3000/C/RES/001http://localhost:3000/A/DEC/002
The application includes an admin interface to browse and search files in your Google Drive:
- Navigate to
http://localhost:3000/admin - Sign in with your authorized email
- You can:
- Browse folders by clicking on them
- Search files by name
- Copy file IDs to clipboard (for adding to documents.csv)
- View file metadata (size, modified date, etc.)
This makes it easy to find file IDs without manually navigating Google Drive!
- Navigate to a document URL or admin page
- If not authenticated, you'll be redirected to Google OAuth
- Sign in with an email from the allowed domain
- You'll be redirected back to the original page
- Documents will be streamed from Google Drive
src/
├── main.rs # Application entry point
├── config.rs # Configuration management
├── auth.rs # Authentication and authorization
├── google_drive.rs # Google Drive API integration
├── document.rs # Document management
└── admin.rs # Admin interface for browsing Drive
config.toml # Configuration file (not in git)
service_account.json # Service account key (not in git)
CRITICAL: Before pushing to GitHub, ensure these files are NOT committed:
config.toml- Contains all sensitive credentialsservice_account.json- Google service account private key
jwt.secret- JWT signing key (use strong random string)google_oauth.client_id- OAuth client IDgoogle_oauth.client_secret- OAuth client secretgoogle_drive.shared_drive_id- Your Drive IDgoogle_drive.documents_index_file_id- Your Sheets ID
- Copy
config.toml.exampletoconfig.toml - Replace all placeholder values with your actual credentials
- Generate a strong JWT secret:
openssl rand -base64 32 - Never commit the actual
config.tomlorservice_account.json
- Use HTTPS (not HTTP)
- Generate strong JWT secret (32+ characters)
- Regularly rotate service account keys
- Review and limit service account permissions
- Enable Google Cloud audit logging
- Use environment variables for secrets (optional alternative to config.toml)
The admin interface (/admin) is the easiest way to manage your documents:
- Browse Files: Navigate through your Google Drive folder structure
- Search: Find files by name using the search box
- Copy File IDs: Click the "Copy ID" button next to any file to copy its ID
- Add to CSV: Use the copied file ID in your
documents.csv
Method 1: Using Admin Interface (Recommended)
- Upload the PDF to Google Drive
- Share it with the service account (if not in shared drive)
- Navigate to
http://localhost:3000/admin - Search or browse to find your file
- Click "Copy ID" to copy the file ID
- Add an entry to
documents.csvon Google Drive with the file ID - Restart the application to reload the document list
Method 2: Manual
- Upload the PDF to Google Drive
- Share it with the service account
- Get the file ID from the URL
- Add an entry to
documents.csvon Google Drive - Restart the application to reload the document list
Edit config.toml and restart the application.
- Ensure
config.tomlexists in the project root - Check file permissions
- Verify
service_account.jsonpath is correct - Ensure the service account has access to the files
- Check that Google Drive API is enabled
- Verify the document exists in
documents.csv - Check that the file ID is correct
- Ensure the service account has access to the file
- Verify OAuth credentials are correct
- Check that the redirect URI matches
- Ensure the user's email domain is allowed