UNPKG

request/lib/oauth.js

Version:

3.95 kBJavaScriptView Raw

1'use strict'
2
3var url = require('url')
, qs = require('qs')
, caseless = require('caseless')
, uuid = require('node-uuid')
, oauth = require('oauth-sign')
, crypto = require('crypto')
9
10
11function OAuth (request) {
this.request = request
this.params = null
14}
15
16OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
var oa = {}
for (var i in _oauth) {
  oa['oauth_' + i] = _oauth[i]
}
if (!oa.oauth_version) {
  oa.oauth_version = '1.0'
}
if (!oa.oauth_timestamp) {
  oa.oauth_timestamp = Math.floor( Date.now() / 1000 ).toString()
}
if (!oa.oauth_nonce) {
  oa.oauth_nonce = uuid().replace(/-/g, '')
}
if (!oa.oauth_signature_method) {
  oa.oauth_signature_method = 'HMAC-SHA1'
}
33
var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key
delete oa.oauth_consumer_secret
delete oa.oauth_private_key
37
var token_secret = oa.oauth_token_secret
delete oa.oauth_token_secret
40
var realm = oa.oauth_realm
delete oa.oauth_realm
delete oa.oauth_transport_method
44
var baseurl = uri.protocol + '//' + uri.host + uri.pathname
var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
47
oa.oauth_signature = oauth.sign(
  oa.oauth_signature_method,
  method,
  baseurl,
  params,
  consumer_secret_or_private_key,
  token_secret)
55
if (realm) {
  oa.realm = realm
}
59
return oa
61}
62
63OAuth.prototype.buildBodyHash = function(_oauth, body) {
if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method || 'HMAC-SHA1') < 0) {
  this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +
    ' signature_method not supported with body_hash signing.'))
}
68
var shasum = crypto.createHash('sha1')
shasum.update(body || '')
var sha1 = shasum.digest('hex')
72
return new Buffer(sha1).toString('base64')
74}
75
76OAuth.prototype.concatParams = function (oa, sep, wrap) {
wrap = wrap || ''
78
var params = Object.keys(oa).filter(function (i) {
  return i !== 'realm' && i !== 'oauth_signature'
}).sort()
82
if (oa.realm) {
  params.splice(0, 0, 'realm')
}
params.push('oauth_signature')
87
return params.map(function (i) {
  return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap
}).join(sep)
91}
92
93OAuth.prototype.onRequest = function (_oauth) {
var self = this
self.params = _oauth
96
var uri = self.request.uri || {}
  , method = self.request.method || ''
  , headers = caseless(self.request.headers)
  , body = self.request.body || ''
  , qsLib = self.request.qsLib || qs
102
var form
  , query
  , contentType = headers.get('content-type') || ''
  , formContentType = 'application/x-www-form-urlencoded'
  , transport = _oauth.transport_method || 'header'
108
if (contentType.slice(0, formContentType.length) === formContentType) {
  contentType = formContentType
  form = body
}
if (uri.query) {
  query = uri.query
}
if (transport === 'body' && (method !== 'POST' || contentType !== formContentType)) {
  self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +
    'and content-type ' + formContentType))
}
120
if (!form && typeof _oauth.body_hash === 'boolean') {
  _oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())
}
124
var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)
126
switch (transport) {
  case 'header':
    self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))
    break
131
  case 'query':
    var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')
    self.request.uri = url.parse(href)
    self.request.path = self.request.uri.path
    break
137
  case 'body':
    self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')
    break
141
  default:
    self.request.emit('error', new Error('oauth: transport_method invalid'))
}
145}
146
147exports.OAuth = OAuth

1	`'use strict'`
2
3	`var url = require('url')`
4	`, qs = require('qs')`
5	`, caseless = require('caseless')`
6	`, uuid = require('node-uuid')`
7	`, oauth = require('oauth-sign')`
8	`, crypto = require('crypto')`
9
10
11	`function OAuth (request) {`
12	`this.request = request`
13	`this.params = null`
14	`}`
15
16	`OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {`
17	`var oa = {}`
18	`for (var i in _oauth) {`
19	`oa['oauth_' + i] = _oauth[i]`
20	`}`
21	`if (!oa.oauth_version) {`
22	`oa.oauth_version = '1.0'`
23	`}`
24	`if (!oa.oauth_timestamp) {`
25	`oa.oauth_timestamp = Math.floor( Date.now() / 1000 ).toString()`
26	`}`
27	`if (!oa.oauth_nonce) {`
28	`oa.oauth_nonce = uuid().replace(/-/g, '')`
29	`}`
30	`if (!oa.oauth_signature_method) {`
31	`oa.oauth_signature_method = 'HMAC-SHA1'`
32	`}`
33
34	`var consumer_secret_or_private_key = oa.oauth_consumer_secret \|\| oa.oauth_private_key`
35	`delete oa.oauth_consumer_secret`
36	`delete oa.oauth_private_key`
37
38	`var token_secret = oa.oauth_token_secret`
39	`delete oa.oauth_token_secret`
40
41	`var realm = oa.oauth_realm`
42	`delete oa.oauth_realm`
43	`delete oa.oauth_transport_method`
44
45	`var baseurl = uri.protocol + '//' + uri.host + uri.pathname`
46	`var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))`
47
48	`oa.oauth_signature = oauth.sign(`
49	`oa.oauth_signature_method,`
50	`method,`
51	`baseurl,`
52	`params,`
53	`consumer_secret_or_private_key,`
54	`token_secret)`
55
56	`if (realm) {`
57	`oa.realm = realm`
58	`}`
59
60	`return oa`
61	`}`
62
63	`OAuth.prototype.buildBodyHash = function(_oauth, body) {`
64	`if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method \|\| 'HMAC-SHA1') < 0) {`
65	`this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +`
66	`' signature_method not supported with body_hash signing.'))`
67	`}`
68
69	`var shasum = crypto.createHash('sha1')`
70	`shasum.update(body \|\| '')`
71	`var sha1 = shasum.digest('hex')`
72
73	`return new Buffer(sha1).toString('base64')`
74	`}`
75
76	`OAuth.prototype.concatParams = function (oa, sep, wrap) {`
77	`wrap = wrap \|\| ''`
78
79	`var params = Object.keys(oa).filter(function (i) {`
80	`return i !== 'realm' && i !== 'oauth_signature'`
81	`}).sort()`
82
83	`if (oa.realm) {`
84	`params.splice(0, 0, 'realm')`
85	`}`
86	`params.push('oauth_signature')`
87
88	`return params.map(function (i) {`
89	`return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap`
90	`}).join(sep)`
91	`}`
92
93	`OAuth.prototype.onRequest = function (_oauth) {`
94	`var self = this`
95	`self.params = _oauth`
96
97	`var uri = self.request.uri \|\| {}`
98	`, method = self.request.method \|\| ''`
99	`, headers = caseless(self.request.headers)`
100	`, body = self.request.body \|\| ''`
101	`, qsLib = self.request.qsLib \|\| qs`
102
103	`var form`
104	`, query`
105	`, contentType = headers.get('content-type') \|\| ''`
106	`, formContentType = 'application/x-www-form-urlencoded'`
107	`, transport = _oauth.transport_method \|\| 'header'`
108
109	`if (contentType.slice(0, formContentType.length) === formContentType) {`
110	`contentType = formContentType`
111	`form = body`
112	`}`
113	`if (uri.query) {`
114	`query = uri.query`
115	`}`
116	`if (transport === 'body' && (method !== 'POST' \|\| contentType !== formContentType)) {`
117	`self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +`
118	`'and content-type ' + formContentType))`
119	`}`
120
121	`if (!form && typeof _oauth.body_hash === 'boolean') {`
122	`_oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())`
123	`}`
124
125	`var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)`
126
127	`switch (transport) {`
128	`case 'header':`
129	`self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))`
130	`break`
131
132	`case 'query':`
133	`var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')`
134	`self.request.uri = url.parse(href)`
135	`self.request.path = self.request.uri.path`
136	`break`
137
138	`case 'body':`
139	`self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')`
140	`break`
141
142	`default:`
143	`self.request.emit('error', new Error('oauth: transport_method invalid'))`
144	`}`
145	`}`
146
147	`exports.OAuth = OAuth`