feat: add public token links for Drive API files and breadcrumb navigation

- Add permanent public tokens unique to each file (no auth required)
- Add /drive/api/public/<file_id>?token=<token> endpoint for public download
- Add /drive/api/token/<file_id> to get public URL for a file
- Copy link now fetches public URL with token for API files
- Add breadcrumb navigation support for Google Drive API folders
- Track folder path via query params for back navigation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

drive_routes.py

@@ -332,11 +332,18 @@ def browse_drive_api(folder_id):
     if not service: return redirect(url_for('drive.drive_manager'))
     title = request.args.get('title', 'My Drive')
 
+    # Build breadcrumbs from query param (JSON encoded list)
+    breadcrumbs_param = request.args.get('breadcrumbs', '[]')
+    try:
+        breadcrumbs = json.loads(breadcrumbs_param)
+    except:
+        breadcrumbs = []
+
     # For initial page load, just render the template (files loaded via AJAX)
     return render_template('drive_browser.html',
                            source={'id': 'api', 'name': title},
                            items=[],  # Empty - loaded via AJAX
-                           breadcrumbs=[],
+                           breadcrumbs=breadcrumbs,
                            is_api=True,
                            folder_id=folder_id,
                            lazy_load=True)
@@ -520,6 +527,90 @@ def api_download_file(file_id):
 
 # ==================== PUBLIC ACCESS ROUTES (No Auth Required) ====================
 
+def generate_api_file_token(file_id, user_id):
+    """Generate a permanent unique token for a Google Drive API file."""
+    import hashlib
+    secret = current_app.config.get('SECRET_KEY', 'default-secret')
+    data = f"api:{file_id}:{user_id}:{secret}"
+    return hashlib.sha256(data.encode()).hexdigest()[:24]
+
+
+@drive_bp.route('/drive/api/public/<file_id>')
+def public_api_download(file_id):
+    """
+    Public endpoint: Download a Google Drive API file without authentication.
+    Requires a valid token unique to the file.
+
+    Usage: /drive/api/public/<file_id>?token=<token>
+    """
+    token = request.args.get('token')
+    if not token:
+        return "Missing token parameter", 401
+
+    # Find which user owns this token by checking all users with google_token
+    conn = get_db_connection()
+    users = conn.execute('SELECT id, google_token FROM users WHERE google_token IS NOT NULL').fetchall()
+    conn.close()
+
+    valid_user = None
+    for user in users:
+        expected_token = generate_api_file_token(file_id, user['id'])
+        if token == expected_token:
+            valid_user = user
+            break
+
+    if not valid_user:
+        return "Invalid or expired token", 403
+
+    # Build drive service for this user
+    try:
+        import json
+        from google.oauth2.credentials import Credentials
+        from googleapiclient.discovery import build
+
+        token_info = json.loads(valid_user['google_token'])
+        SCOPES = ['https://www.googleapis.com/auth/drive.readonly']
+        creds = Credentials.from_authorized_user_info(token_info, SCOPES)
+        service = build('drive', 'v3', credentials=creds)
+
+        meta = get_file_metadata(service, file_id)
+        if not meta:
+            return "File not found", 404
+
+        filename = meta['name']
+        cache_dir = os.path.join(current_app.config['UPLOAD_FOLDER'], 'drive_cache')
+        if not os.path.exists(cache_dir):
+            os.makedirs(cache_dir)
+
+        from werkzeug.utils import secure_filename
+        safe_name = secure_filename(filename)
+        file_path = os.path.join(cache_dir, safe_name)
+
+        if not os.path.exists(file_path):
+            with open(file_path, 'wb') as f:
+                download_file_to_stream(service, file_id, f)
+
+        return send_from_directory(cache_dir, safe_name, as_attachment=False)
+    except Exception as e:
+        return f"Error: {e}", 500
+
+
+@drive_bp.route('/drive/api/token/<file_id>')
+@login_required
+def get_api_file_token(file_id):
+    """Get the public access token for a specific Google Drive API file."""
+    if not current_user.google_token:
+        return jsonify({'error': 'Not connected to Google Drive'}), 401
+
+    token = generate_api_file_token(file_id, current_user.id)
+    public_url = url_for('drive.public_api_download', file_id=file_id, token=token, _external=True)
+
+    return jsonify({
+        'token': token,
+        'public_url': public_url
+    })
+
+
 def generate_public_token(source_id, user_id):
     """Generate a simple token for public access."""
     import hashlib

templates/drive_browser.html

@@ -356,14 +356,20 @@
         <nav aria-label="breadcrumb">
             <ol class="breadcrumb">
                 <li class="breadcrumb-item"><a href="/drive_manager"><i class="bi bi-cloud me-1"></i>Drives</a></li>
-                {% if source.id == 'api' %}
+                {% if is_api %}
+                <li class="breadcrumb-item"><a href="/drive/api/browse/root?title=My Drive">My Drive</a></li>
+                {% for crumb in breadcrumbs %}
+                <li class="breadcrumb-item"><a href="/drive/api/browse/{{ crumb.id }}?title={{ crumb.name }}&breadcrumbs={{ crumb.trail | tojson | urlencode }}">{{ crumb.name }}</a></li>
+                {% endfor %}
+                {% if folder_id != 'root' and not breadcrumbs %}
                 <li class="breadcrumb-item active">{{ source.name }}</li>
+                {% endif %}
                 {% else %}
                 <li class="breadcrumb-item"><a href="/drive/browse/{{ source.id }}">{{ source.name }}</a></li>
-                {% endif %}
                 {% for crumb in breadcrumbs %}
                 <li class="breadcrumb-item active">{{ crumb.name }}</li>
                 {% endfor %}
+                {% endif %}
             </ol>
         </nav>
 
@@ -596,7 +602,9 @@
         lazyLoad: {{ 'true' if lazy_load is defined and lazy_load else 'false' }},
         sourceId: '{{ source.id }}',
         folderId: '{{ folder_id if folder_id is defined else "" }}',
-        subpath: '{{ current_subpath if current_subpath is defined else "" }}'
+        sourceName: '{{ source.name }}',
+        subpath: '{{ current_subpath if current_subpath is defined else "" }}',
+        breadcrumbs: {{ breadcrumbs | tojson }}
     };
 
     // Lazy loading state
@@ -608,6 +616,17 @@
         itemCount: 0
     };
 
+    // Build folder URL with breadcrumb tracking for API
+    function buildFolderUrl(folderId, folderName) {
+        if (CONFIG.isApi) {
+            // Build new breadcrumb trail
+            const newTrail = [...CONFIG.breadcrumbs, { id: CONFIG.folderId, name: CONFIG.sourceName }];
+            const breadcrumbsParam = encodeURIComponent(JSON.stringify(newTrail));
+            return `/drive/api/browse/${folderId}?title=${encodeURIComponent(folderName)}&breadcrumbs=${breadcrumbsParam}`;
+        }
+        return `/drive/browse/${CONFIG.sourceId}/${folderId}`;
+    }
+
     // Navigation with loader
     function navigate(url) {
         document.getElementById('loader').classList.add('active');
@@ -641,10 +660,25 @@
         localStorage.setItem('driveViewMode', view);
     }
 
-    // Copy file link
-    function copyFileLink(path, btn) {
-        const fullUrl = window.location.origin + path;
-        navigator.clipboard.writeText(fullUrl).then(() => {
+    // Copy file link - for API files, get public token first
+    async function copyFileLink(path, btn) {
+        let urlToCopy = window.location.origin + path;
+
+        // For API files, get the public token URL
+        if (CONFIG.isApi && path.includes('/drive/api/download/')) {
+            const fileId = path.split('/drive/api/download/')[1];
+            try {
+                const response = await fetch(`/drive/api/token/${fileId}`);
+                if (response.ok) {
+                    const data = await response.json();
+                    urlToCopy = data.public_url;
+                }
+            } catch (e) {
+                console.error('Failed to get public token:', e);
+            }
+        }
+
+        navigator.clipboard.writeText(urlToCopy).then(() => {
             const originalHtml = btn.innerHTML;
             btn.innerHTML = '<i class="bi bi-check"></i>';
             btn.style.background = '#198754';
@@ -679,7 +713,7 @@
 
         if (CONFIG.isApi) {
             link = item.type === 'folder'
-                ? `/drive/api/browse/${item.path}`
+                ? buildFolderUrl(item.path, item.name)
                 : `/drive/api/open/${item.path}`;
 
             // For API files, use download endpoint for copy link