| 1 | 'use strict'
|
|---|
| 2 |
|
|---|
| 3 | var url = require('url')
|
|---|
| 4 | var qs = require('qs')
|
|---|
| 5 | var caseless = require('caseless')
|
|---|
| 6 | var uuid = require('uuid/v4')
|
|---|
| 7 | var oauth = require('oauth-sign')
|
|---|
| 8 | var crypto = require('crypto')
|
|---|
| 9 | var Buffer = require('safe-buffer').Buffer
|
|---|
| 10 |
|
|---|
| 11 | function OAuth (request) {
|
|---|
| 12 | this.request = request
|
|---|
| 13 | this.params = null
|
|---|
| 14 | }
|
|---|
| 15 |
|
|---|
| 16 | OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
|
|---|
| 17 | var oa = {}
|
|---|
| 18 | for (var i in _oauth) {
|
|---|
| 19 | oa['oauth_' + i] = _oauth[i]
|
|---|
| 20 | }
|
|---|
| 21 | if (!oa.oauth_version) {
|
|---|
| 22 | oa.oauth_version = '1.0'
|
|---|
| 23 | }
|
|---|
| 24 | if (!oa.oauth_timestamp) {
|
|---|
| 25 | oa.oauth_timestamp = Math.floor(Date.now() / 1000).toString()
|
|---|
| 26 | }
|
|---|
| 27 | if (!oa.oauth_nonce) {
|
|---|
| 28 | oa.oauth_nonce = uuid().replace(/-/g, '')
|
|---|
| 29 | }
|
|---|
| 30 | if (!oa.oauth_signature_method) {
|
|---|
| 31 | oa.oauth_signature_method = 'HMAC-SHA1'
|
|---|
| 32 | }
|
|---|
| 33 |
|
|---|
| 34 | var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key // eslint-disable-line camelcase
|
|---|
| 35 | delete oa.oauth_consumer_secret
|
|---|
| 36 | delete oa.oauth_private_key
|
|---|
| 37 |
|
|---|
| 38 | var token_secret = oa.oauth_token_secret // eslint-disable-line camelcase
|
|---|
| 39 | delete oa.oauth_token_secret
|
|---|
| 40 |
|
|---|
| 41 | var realm = oa.oauth_realm
|
|---|
| 42 | delete oa.oauth_realm
|
|---|
| 43 | delete oa.oauth_transport_method
|
|---|
| 44 |
|
|---|
| 45 | var baseurl = uri.protocol + '//' + uri.host + uri.pathname
|
|---|
| 46 | var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
|
|---|
| 47 |
|
|---|
| 48 | oa.oauth_signature = oauth.sign(
|
|---|
| 49 | oa.oauth_signature_method,
|
|---|
| 50 | method,
|
|---|
| 51 | baseurl,
|
|---|
| 52 | params,
|
|---|
| 53 | consumer_secret_or_private_key, // eslint-disable-line camelcase
|
|---|
| 54 | token_secret // eslint-disable-line camelcase
|
|---|
| 55 | )
|
|---|
| 56 |
|
|---|
| 57 | if (realm) {
|
|---|
| 58 | oa.realm = realm
|
|---|
| 59 | }
|
|---|
| 60 |
|
|---|
| 61 | return oa
|
|---|
| 62 | }
|
|---|
| 63 |
|
|---|
| 64 | OAuth.prototype.buildBodyHash = function (_oauth, body) {
|
|---|
| 65 | if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method || 'HMAC-SHA1') < 0) {
|
|---|
| 66 | this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +
|
|---|
| 67 | ' signature_method not supported with body_hash signing.'))
|
|---|
| 68 | }
|
|---|
| 69 |
|
|---|
| 70 | var shasum = crypto.createHash('sha1')
|
|---|
| 71 | shasum.update(body || '')
|
|---|
| 72 | var sha1 = shasum.digest('hex')
|
|---|
| 73 |
|
|---|
| 74 | return Buffer.from(sha1, 'hex').toString('base64')
|
|---|
| 75 | }
|
|---|
| 76 |
|
|---|
| 77 | OAuth.prototype.concatParams = function (oa, sep, wrap) {
|
|---|
| 78 | wrap = wrap || ''
|
|---|
| 79 |
|
|---|
| 80 | var params = Object.keys(oa).filter(function (i) {
|
|---|
| 81 | return i !== 'realm' && i !== 'oauth_signature'
|
|---|
| 82 | }).sort()
|
|---|
| 83 |
|
|---|
| 84 | if (oa.realm) {
|
|---|
| 85 | params.splice(0, 0, 'realm')
|
|---|
| 86 | }
|
|---|
| 87 | params.push('oauth_signature')
|
|---|
| 88 |
|
|---|
| 89 | return params.map(function (i) {
|
|---|
| 90 | return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap
|
|---|
| 91 | }).join(sep)
|
|---|
| 92 | }
|
|---|
| 93 |
|
|---|
| 94 | OAuth.prototype.onRequest = function (_oauth) {
|
|---|
| 95 | var self = this
|
|---|
| 96 | self.params = _oauth
|
|---|
| 97 |
|
|---|
| 98 | var uri = self.request.uri || {}
|
|---|
| 99 | var method = self.request.method || ''
|
|---|
| 100 | var headers = caseless(self.request.headers)
|
|---|
| 101 | var body = self.request.body || ''
|
|---|
| 102 | var qsLib = self.request.qsLib || qs
|
|---|
| 103 |
|
|---|
| 104 | var form
|
|---|
| 105 | var query
|
|---|
| 106 | var contentType = headers.get('content-type') || ''
|
|---|
| 107 | var formContentType = 'application/x-www-form-urlencoded'
|
|---|
| 108 | var transport = _oauth.transport_method || 'header'
|
|---|
| 109 |
|
|---|
| 110 | if (contentType.slice(0, formContentType.length) === formContentType) {
|
|---|
| 111 | contentType = formContentType
|
|---|
| 112 | form = body
|
|---|
| 113 | }
|
|---|
| 114 | if (uri.query) {
|
|---|
| 115 | query = uri.query
|
|---|
| 116 | }
|
|---|
| 117 | if (transport === 'body' && (method !== 'POST' || contentType !== formContentType)) {
|
|---|
| 118 | self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +
|
|---|
| 119 | 'and content-type ' + formContentType))
|
|---|
| 120 | }
|
|---|
| 121 |
|
|---|
| 122 | if (!form && typeof _oauth.body_hash === 'boolean') {
|
|---|
| 123 | _oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())
|
|---|
| 124 | }
|
|---|
| 125 |
|
|---|
| 126 | var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)
|
|---|
| 127 |
|
|---|
| 128 | switch (transport) {
|
|---|
| 129 | case 'header':
|
|---|
| 130 | self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))
|
|---|
| 131 | break
|
|---|
| 132 |
|
|---|
| 133 | case 'query':
|
|---|
| 134 | var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')
|
|---|
| 135 | self.request.uri = url.parse(href)
|
|---|
| 136 | self.request.path = self.request.uri.path
|
|---|
| 137 | break
|
|---|
| 138 |
|
|---|
| 139 | case 'body':
|
|---|
| 140 | self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')
|
|---|
| 141 | break
|
|---|
| 142 |
|
|---|
| 143 | default:
|
|---|
| 144 | self.request.emit('error', new Error('oauth: transport_method invalid'))
|
|---|
| 145 | }
|
|---|
| 146 | }
|
|---|
| 147 |
|
|---|
| 148 | exports.OAuth = OAuth
|
|---|
