I've been tasked with creating a system to store employee paperwork for the HR department. We are deeply entrenched in the Google Docs Platform (all our documents are made and served via Google Apps), and I already have a time clock program built on Google Apps Script running on our internal google site and pulling from google Sheets for data. This new task, however, will contain much more sensitive data that should be stored in an encrypted manner and served after two factor-authentication is used.
TL;DR: I need help to create a system to serve web pages in an encrypted manner and using two-factor authentication within the Google Docs Ecosystem.
Here is some psuedo code I thought might help describe what I am looking for:
CODE.GS
//CONSTANT VARIABLES
var adminList = ['[email protected]',
'[email protected]',
'[email protected]'];
function doGet() {
var htmlTemplate = HtmlService.createTemplateFromFile('Login_Prompt');
var htmlOutput = htmlTemplate.evaluate().setSandboxMode(HtmlService.SandboxMode.IFRAME).setTitle('Login to HR Module');
return htmlOutput;
}
function processLogin(username)
{
if(adminList.indexOf(username) > -1)
{
var htmlTemplate = HtmlService.createTemplateFromFile('Admin_Page');
var htmlOutput = htmlTemplate.evaluate().setSandboxMode(HtmlService.SandboxMode.IFRAME).setTitle('HR Management Module');
return htmlOutput;
}
else
{
var htmlTemplate = HtmlService.createTemplateFromFile('User Page');
var htmlOutput = htmlTemplate.evaluate().setSandboxMode(HtmlService.SandboxMode.IFRAME).setTitle('Employee Profile');
return htmlOutput;
}
}Login-Prompt.HTML
<!DOCTYPE html>
<html>
<head>
<base target="_top">
</head>
<body>
<h4>HR Management Console</h4>
<p>Please log into this system using your Google Account Credentials</p>
<form>
Username: <input type="text" size = "6">
Password: <input type="password" size = "4">
<button>Submit</button>
</form>
</body>
</html>User_Page.html
<!DOCTYPE html>
<html>
<head>
<base target="_top">
</head>
<body>
<h4> Welcome, User!</h4>
<h5>Profile</h5>
<ul>
<li>Sensitive information 1</li>
<li>Sensitive information 2</li>
<li>Sensitive information 3</li>
<li>Sensitive information 4</li>
</ul>
<button>Update your profile</button>
<!-Open Form to access and edit personal data->
<h5> Documents</h5>
<ul>
<li>Document 1</li>
<li>Document 2</li>
<li>Document 3</li>
<li>Document 4</li>
</ul>
<button>upload a document</button>
<!-Open Form to upload HR Documents->
</body>
</html>Admin_Page.html
<!DOCTYPE html>
<html>
<head>
<base target="_top">
</head>
<body>
<p>Welcome, Manager!</p>
<p>Users:</p>
<ul>
<li>LastName, FirstName 1 <button>Edit</button></li>
<li>LastName, FirstName 2 <button>Edit</button></li>
<li>LastName, FirstName 3 <button>Edit</button></li>
</ul>
</body>
</html>How can I implement encryption and two factor authentication to this process. Is this possible to do in the Google Docs ecosystem using Google Apps Script?
I think we are going to go with a MySQL Database hosted in Cloud SQL with an SSL certificate. As long as the the SSL line is intact, I think Google Appscript's embedded security measures should be enough for us. Thanks all for helping us to think through this one!