AppsScriptPulse

Memoization in Apps Script with Cache Service

A generic Apps Script memoization function can be written to cache any function.

We’ve featured a couple of Apps Script optimisation techniques in the past. This example from Justin Poehnelt uses a technique found in many coding syntaxes of ‘memoization‘:

In computing, memoization or memoisation is an optimization technique used primarily to speed up computer programs by storing the results of expensive function calls to pure functions and returning the cached result when the same inputs occur again

For more background on when and why you might use ‘memorization’ you can read about Memorization [sic] in JavaScript. In the case of Google Apps Script developers have opportunities to integrate the built-in Cache Service and Properties Service to memorize function results in the context of the script, document or the user.

In the example provided in the source post by Justin it defaults to CacheService.getScriptCache() to store the memoized results but it would be easy to change this to CacheService.getUserCache() or CacheService.getDocumentCache(). With a little modification you could also include Properties Service.

To help you see how memoization works here’s a gist for both pure JavaScript and Apps Script techniques which you can copy and run in the Apps Script Editor. The results hopefully speak for themselves:

First run (cold start) and second run (warm start) with better performance for cached results first call

Source: Memoization in Apps Script | Justin Poehnelt

Changes to drive.google.com/uc URLs which break embedding images/files from Google Drive in your websites and AppSheet apps

Google Drive broke the ability to embed images with the /uc path. Here’s how to embed images from Google Drive in your website.

Previously Google Workspace developers could use a /uc path for embedding images and other files hosted in Google Drive. For example, images could be embedded in websites and emails using markup like:

<img src="https://drive.google.com/uc?export=view&id=1234567890abcdef" />

To my knowledge this was never an officially documented endpoint, but widely known about and shared within the community. Back in October 2023 Google announced Upcoming changes to third-party cookie requirements in Google Drive, which has started rolling out from the beginning of 2024.

The impact of this change is it breaks /uc embeds and these have started returning 403 errors. There is no reference to the /uc endpoint in the original announcement, which is why I think many people are only just finding out about the impact now. Google’s official guidance is to move to <iframe> with Google Drive publish and preview links. This post from Justin Poehnelt discusses the options and limitations for images.

There has also just been another announcement in the AppSheet community that Drive download URLs for embeddable content to be updated by May 1st, 2024. This is an extended window for AppSheet users and where possible Google will be emailing affected app owners where /uc urls have been detected. This announcement includes a link to a help page with tips for finding /uc occurrences in your AppSheet apps.

Source: Embed images from Google Drive in your website | Justin Poehnelt

Google Apps Script Service Account impersonation without downloading private service account keys 

Avoid downloading private service account keys by using impersonation in Apps Script to obtain access tokens.

For Google Workspace Admins you can gain super powers (and super responsibility) using Google Cloud project service accounts. A common scenario is using service accounts with domain-wide delegation to make API calls impersonating Google Workspace users. With this you can do things like set a user’s Gmail settings including signatures, authenticate as a user in Google Chat and much more.

A quick way to use a service account is to download a JSON key. The challenge then given the potential capabilities of service accounts is securely storing the JSON key. A alternative approach, which is explained in this post by Justin Poehnelt, is using Apps Script to create and fetch a short-lived credential for your service account.

Short-lived credentials are highly recommended for applications requiring robust security and precise access control for service accounts, reducing the attack surface and the risks with accidentally exposing static secrets.

You can find out more include code snippets/setup in Justin’s post which also links to the support documentation.

Source: Apps Script Service Account Impersonation | Justin Poehnelt