UNPKG

request/lib/oauth.js

Version:

4.13 kBJavaScriptView Raw

1'use strict'
2
3var url = require('url')
4var qs = require('qs')
5var caseless = require('caseless')
6var uuid = require('uuid')
7var oauth = require('oauth-sign')
8var crypto = require('crypto')
9var Buffer = require('safe-buffer').Buffer
10
11function OAuth (request) {
12  this.request = request
13  this.params = null
14}
15
16OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
17  var oa = {}
18  for (var i in _oauth) {
19    oa['oauth_' + i] = _oauth[i]
20  }
21  if (!oa.oauth_version) {
22    oa.oauth_version = '1.0'
23  }
24  if (!oa.oauth_timestamp) {
25    oa.oauth_timestamp = Math.floor(Date.now() / 1000).toString()
26  }
27  if (!oa.oauth_nonce) {
28    oa.oauth_nonce = uuid().replace(/-/g, '')
29  }
30  if (!oa.oauth_signature_method) {
31    oa.oauth_signature_method = 'HMAC-SHA1'
32  }
33
34  var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key // eslint-disable-line camelcase
35  delete oa.oauth_consumer_secret
36  delete oa.oauth_private_key
37
38  var token_secret = oa.oauth_token_secret // eslint-disable-line camelcase
39  delete oa.oauth_token_secret
40
41  var realm = oa.oauth_realm
42  delete oa.oauth_realm
43  delete oa.oauth_transport_method
44
45  var baseurl = uri.protocol + '//' + uri.host + uri.pathname
46  var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
47
48  oa.oauth_signature = oauth.sign(
49    oa.oauth_signature_method,
50    method,
51    baseurl,
52    params,
53    consumer_secret_or_private_key, // eslint-disable-line camelcase
54    token_secret // eslint-disable-line camelcase
55  )
56
57  if (realm) {
58    oa.realm = realm
59  }
60
61  return oa
62}
63
64OAuth.prototype.buildBodyHash = function (_oauth, body) {
65  if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method || 'HMAC-SHA1') < 0) {
66    this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +
67      ' signature_method not supported with body_hash signing.'))
68  }
69
70  var shasum = crypto.createHash('sha1')
71  shasum.update(body || '')
72  var sha1 = shasum.digest('hex')
73
74  return Buffer.from(sha1).toString('base64')
75}
76
77OAuth.prototype.concatParams = function (oa, sep, wrap) {
78  wrap = wrap || ''
79
80  var params = Object.keys(oa).filter(function (i) {
81    return i !== 'realm' && i !== 'oauth_signature'
82  }).sort()
83
84  if (oa.realm) {
85    params.splice(0, 0, 'realm')
86  }
87  params.push('oauth_signature')
88
89  return params.map(function (i) {
90    return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap
91  }).join(sep)
92}
93
94OAuth.prototype.onRequest = function (_oauth) {
95  var self = this
96  self.params = _oauth
97
98  var uri = self.request.uri || {}
99  var method = self.request.method || ''
100  var headers = caseless(self.request.headers)
101  var body = self.request.body || ''
102  var qsLib = self.request.qsLib || qs
103
104  var form
105  var query
106  var contentType = headers.get('content-type') || ''
107  var formContentType = 'application/x-www-form-urlencoded'
108  var transport = _oauth.transport_method || 'header'
109
110  if (contentType.slice(0, formContentType.length) === formContentType) {
111    contentType = formContentType
112    form = body
113  }
114  if (uri.query) {
115    query = uri.query
116  }
117  if (transport === 'body' && (method !== 'POST' || contentType !== formContentType)) {
118    self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +
119      'and content-type ' + formContentType))
120  }
121
122  if (!form && typeof _oauth.body_hash === 'boolean') {
123    _oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())
124  }
125
126  var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)
127
128  switch (transport) {
129    case 'header':
130      self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))
131      break
132
133    case 'query':
134      var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')
135      self.request.uri = url.parse(href)
136      self.request.path = self.request.uri.path
137      break
138
139    case 'body':
140      self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')
141      break
142
143    default:
144      self.request.emit('error', new Error('oauth: transport_method invalid'))
145  }
146}
147
148exports.OAuth = OAuth

1	`'use strict'`
2
3	`var url = require('url')`
4	`var qs = require('qs')`
5	`var caseless = require('caseless')`
6	`var uuid = require('uuid')`
7	`var oauth = require('oauth-sign')`
8	`var crypto = require('crypto')`
9	`var Buffer = require('safe-buffer').Buffer`
10
11	`function OAuth (request) {`
12	`this.request = request`
13	`this.params = null`
14	`}`
15
16	`OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {`
17	`var oa = {}`
18	`for (var i in _oauth) {`
19	`oa['oauth_' + i] = _oauth[i]`
20	`}`
21	`if (!oa.oauth_version) {`
22	`oa.oauth_version = '1.0'`
23	`}`
24	`if (!oa.oauth_timestamp) {`
25	`oa.oauth_timestamp = Math.floor(Date.now() / 1000).toString()`
26	`}`
27	`if (!oa.oauth_nonce) {`
28	`oa.oauth_nonce = uuid().replace(/-/g, '')`
29	`}`
30	`if (!oa.oauth_signature_method) {`
31	`oa.oauth_signature_method = 'HMAC-SHA1'`
32	`}`
33
34	`var consumer_secret_or_private_key = oa.oauth_consumer_secret \|\| oa.oauth_private_key // eslint-disable-line camelcase`
35	`delete oa.oauth_consumer_secret`
36	`delete oa.oauth_private_key`
37
38	`var token_secret = oa.oauth_token_secret // eslint-disable-line camelcase`
39	`delete oa.oauth_token_secret`
40
41	`var realm = oa.oauth_realm`
42	`delete oa.oauth_realm`
43	`delete oa.oauth_transport_method`
44
45	`var baseurl = uri.protocol + '//' + uri.host + uri.pathname`
46	`var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))`
47
48	`oa.oauth_signature = oauth.sign(`
49	`oa.oauth_signature_method,`
50	`method,`
51	`baseurl,`
52	`params,`
53	`consumer_secret_or_private_key, // eslint-disable-line camelcase`
54	`token_secret // eslint-disable-line camelcase`
55	`)`
56
57	`if (realm) {`
58	`oa.realm = realm`
59	`}`
60
61	`return oa`
62	`}`
63
64	`OAuth.prototype.buildBodyHash = function (_oauth, body) {`
65	`if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method \|\| 'HMAC-SHA1') < 0) {`
66	`this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +`
67	`' signature_method not supported with body_hash signing.'))`
68	`}`
69
70	`var shasum = crypto.createHash('sha1')`
71	`shasum.update(body \|\| '')`
72	`var sha1 = shasum.digest('hex')`
73
74	`return Buffer.from(sha1).toString('base64')`
75	`}`
76
77	`OAuth.prototype.concatParams = function (oa, sep, wrap) {`
78	`wrap = wrap \|\| ''`
79
80	`var params = Object.keys(oa).filter(function (i) {`
81	`return i !== 'realm' && i !== 'oauth_signature'`
82	`}).sort()`
83
84	`if (oa.realm) {`
85	`params.splice(0, 0, 'realm')`
86	`}`
87	`params.push('oauth_signature')`
88
89	`return params.map(function (i) {`
90	`return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap`
91	`}).join(sep)`
92	`}`
93
94	`OAuth.prototype.onRequest = function (_oauth) {`
95	`var self = this`
96	`self.params = _oauth`
97
98	`var uri = self.request.uri \|\| {}`
99	`var method = self.request.method \|\| ''`
100	`var headers = caseless(self.request.headers)`
101	`var body = self.request.body \|\| ''`
102	`var qsLib = self.request.qsLib \|\| qs`
103
104	`var form`
105	`var query`
106	`var contentType = headers.get('content-type') \|\| ''`
107	`var formContentType = 'application/x-www-form-urlencoded'`
108	`var transport = _oauth.transport_method \|\| 'header'`
109
110	`if (contentType.slice(0, formContentType.length) === formContentType) {`
111	`contentType = formContentType`
112	`form = body`
113	`}`
114	`if (uri.query) {`
115	`query = uri.query`
116	`}`
117	`if (transport === 'body' && (method !== 'POST' \|\| contentType !== formContentType)) {`
118	`self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +`
119	`'and content-type ' + formContentType))`
120	`}`
121
122	`if (!form && typeof _oauth.body_hash === 'boolean') {`
123	`_oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())`
124	`}`
125
126	`var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)`
127
128	`switch (transport) {`
129	`case 'header':`
130	`self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))`
131	`break`
132
133	`case 'query':`
134	`var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')`
135	`self.request.uri = url.parse(href)`
136	`self.request.path = self.request.uri.path`
137	`break`
138
139	`case 'body':`
140	`self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')`
141	`break`
142
143	`default:`
144	`self.request.emit('error', new Error('oauth: transport_method invalid'))`
145	`}`
146	`}`
147
148	`exports.OAuth = OAuth`