受到Onesrc(链接:https://www.onesrc.cn/p/how-to-call-api-for-onedrive-account-without-administrator.html)大佬的启发,出于发挥无管理员OneDrive的优势,写了个小程序,这种API调用方法有限制,可以列文件,上传下载,但是不能删除,而且基于静态链接也有一定的安全风险,有效期未知(估计也有几个小时吧!)

实际上就是FedAuth换取Token,如果用更高权限,也可以用selenium模拟登录后获取(也就多了删除,创建目录权限,依然不能跨目录操作).

操作方法,首先新建一个文件夹:

给文件夹Share权限,所有人可编辑.

替换示例程序中的url和shared_folder,大文件上传我使用了一个音乐文件,也需要替换.

import json

import os

import requests

# 权限列表(限定于分享的文件夹内)

#

# 列文件 Yes

# 上传文件 Yes

# 下载文件 Yes

# 删除文件 No

# 创建文件夹 No

url = "https://alumnibentley-my.sharepoint.com/:f:/g/personal/rita_odin_alumni_bentley_edu/EmGOHZZfTiRAqe6VmccZ5C8BDvQelTCL1jqDRkg6w1T4oQ?e=8iQeCu"

shared_folder = 'Files'

tenant = url.split('/')[2]

mail = url.split('/')[6]

response = requests.get(url)

cookies = response.cookies.get_dict()

print('提取 FedAuth:' + cookies['FedAuth'])

url = "https://" + tenant + "/personal/" + mail + "/_api/web/GetListUsingPath(DecodedUrl=@a1)/RenderListDataAsStream?@a1='/personal/" + mail + "/Documents'&RootFolder=/personal/" + mail + "/Documents/&TryNewExperienceSingle=TRUE"

headers = {

'Accept': 'application/json;odata=verbose',

'Content-Type': 'application/json;odata=verbose'

}

payload = {

"parameters": {

"__metadata": {"type": "SP.RenderListDataParameters"},

"RenderOptions": 136967,

"AllowMultipleValueFilterForTaxonomyFields": True,

"AddRequiredFields": True

}

}

response = requests.post(url, cookies=cookies, headers=headers, data=json.dumps(payload))

payload = json.loads(response.text)

token = payload['ListSchema']['.driveAccessToken'][13:]

api_url = payload['ListSchema']['.driveUrl'] + '/'

print('提取 AccessToken:' + token)

print('提取 api_url:' + api_url)

headers = {

'Authorization': 'Bearer ' + token

}

response = requests.get(api_url + 'root/', headers=headers)

folder_id = json.loads(response.text)['id']

print('提取 根目录ID:' + folder_id)

headers = {

'Authorization': 'Bearer ' + token

}

response = requests.get(api_url + 'root:/' + shared_folder + ':/children', headers=headers)

files = json.loads(response.text)['value']

print('列举目录内文件:')

for mfile in files:

print(' 文件 =>' + mfile['name'])

# 普通上传最大4MB

headers = {

'Authorization': 'Bearer ' + token,

'Content-Type': 'application/json'

}

response = requests.put(api_url + 'items/root:/' + shared_folder + '/460.txt:/content', headers=headers, data='Test')

file_id = json.loads(response.text)['id']

print('提取 文件ID:' + file_id)

headers = {

'Authorization': 'Bearer ' + token,

'Content-Type': 'application/json'

}

response = requests.get(api_url + 'items/' + file_id + '/content', headers=headers, allow_redirects=False)

download_link = response.headers['Location']

print('提取 文件下载直链:' + download_link)

# 多部份上传最大15G

headers = {

'Authorization': 'Bearer ' + token,

'Content-Type': 'application/json'

}

response = requests.post(api_url + 'items/root:/' + shared_folder + '/画纸上的戒指.mp3:/createUploadSession', headers=headers)

uploadUrl = json.loads(response.text)['uploadUrl']

file_size = os.path.getsize('画纸上的戒指.mp3')

with open('画纸上的戒指.mp3', "rb") as file:

while True:

data = file.read(1024 * 1024)

if not data:

file_id = json.loads(response.text)['id']

print('提取 文件ID:' + file_id)

break

headers = {

'Content-Length': str(len(data)),

'Content-Range': 'bytes ' + str(file.tell() - len(data)) + '-' + str(file.tell() - 1) + '/' + str(file_size)

}

print('正在上传:' + str(round((file.tell() * 100) / file_size, 2)) + '%')

response = requests.put(uploadUrl, headers=headers, data=data)

测试结果:

再说一次,只有主用户可以删除文件,在这个特殊API上传的文件在主用户下也可以随便挪动.

快速测试代码:

https://gist.github.com/nickfox-taterli/d0f5932e05ff2f2490f38c42f191406e

传入第一个参数是分享URL,第二个参数是对应的文件.

上传结果: