twitst4tz

twitter statistics web application
Log | Files | Refs | README | LICENSE

oauth.js (4136B)

      1 'use strict'
      2 
      3 var url = require('url')
      4 var qs = require('qs')
      5 var caseless = require('caseless')
      6 var uuid = require('uuid/v4')
      7 var oauth = require('oauth-sign')
      8 var crypto = require('crypto')
      9 var Buffer = require('safe-buffer').Buffer
     10 
     11 function OAuth (request) {
     12   this.request = request
     13   this.params = null
     14 }
     15 
     16 OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
     17   var oa = {}
     18   for (var i in _oauth) {
     19     oa['oauth_' + i] = _oauth[i]
     20   }
     21   if (!oa.oauth_version) {
     22     oa.oauth_version = '1.0'
     23   }
     24   if (!oa.oauth_timestamp) {
     25     oa.oauth_timestamp = Math.floor(Date.now() / 1000).toString()
     26   }
     27   if (!oa.oauth_nonce) {
     28     oa.oauth_nonce = uuid().replace(/-/g, '')
     29   }
     30   if (!oa.oauth_signature_method) {
     31     oa.oauth_signature_method = 'HMAC-SHA1'
     32   }
     33 
     34   var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key // eslint-disable-line camelcase
     35   delete oa.oauth_consumer_secret
     36   delete oa.oauth_private_key
     37 
     38   var token_secret = oa.oauth_token_secret // eslint-disable-line camelcase
     39   delete oa.oauth_token_secret
     40 
     41   var realm = oa.oauth_realm
     42   delete oa.oauth_realm
     43   delete oa.oauth_transport_method
     44 
     45   var baseurl = uri.protocol + '//' + uri.host + uri.pathname
     46   var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
     47 
     48   oa.oauth_signature = oauth.sign(
     49     oa.oauth_signature_method,
     50     method,
     51     baseurl,
     52     params,
     53     consumer_secret_or_private_key, // eslint-disable-line camelcase
     54     token_secret // eslint-disable-line camelcase
     55   )
     56 
     57   if (realm) {
     58     oa.realm = realm
     59   }
     60 
     61   return oa
     62 }
     63 
     64 OAuth.prototype.buildBodyHash = function (_oauth, body) {
     65   if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method || 'HMAC-SHA1') < 0) {
     66     this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +
     67       ' signature_method not supported with body_hash signing.'))
     68   }
     69 
     70   var shasum = crypto.createHash('sha1')
     71   shasum.update(body || '')
     72   var sha1 = shasum.digest('hex')
     73 
     74   return Buffer.from(sha1, 'hex').toString('base64')
     75 }
     76 
     77 OAuth.prototype.concatParams = function (oa, sep, wrap) {
     78   wrap = wrap || ''
     79 
     80   var params = Object.keys(oa).filter(function (i) {
     81     return i !== 'realm' && i !== 'oauth_signature'
     82   }).sort()
     83 
     84   if (oa.realm) {
     85     params.splice(0, 0, 'realm')
     86   }
     87   params.push('oauth_signature')
     88 
     89   return params.map(function (i) {
     90     return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap
     91   }).join(sep)
     92 }
     93 
     94 OAuth.prototype.onRequest = function (_oauth) {
     95   var self = this
     96   self.params = _oauth
     97 
     98   var uri = self.request.uri || {}
     99   var method = self.request.method || ''
    100   var headers = caseless(self.request.headers)
    101   var body = self.request.body || ''
    102   var qsLib = self.request.qsLib || qs
    103 
    104   var form
    105   var query
    106   var contentType = headers.get('content-type') || ''
    107   var formContentType = 'application/x-www-form-urlencoded'
    108   var transport = _oauth.transport_method || 'header'
    109 
    110   if (contentType.slice(0, formContentType.length) === formContentType) {
    111     contentType = formContentType
    112     form = body
    113   }
    114   if (uri.query) {
    115     query = uri.query
    116   }
    117   if (transport === 'body' && (method !== 'POST' || contentType !== formContentType)) {
    118     self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +
    119       'and content-type ' + formContentType))
    120   }
    121 
    122   if (!form && typeof _oauth.body_hash === 'boolean') {
    123     _oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())
    124   }
    125 
    126   var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)
    127 
    128   switch (transport) {
    129     case 'header':
    130       self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))
    131       break
    132 
    133     case 'query':
    134       var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')
    135       self.request.uri = url.parse(href)
    136       self.request.path = self.request.uri.path
    137       break
    138 
    139     case 'body':
    140       self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')
    141       break
    142 
    143     default:
    144       self.request.emit('error', new Error('oauth: transport_method invalid'))
    145   }
    146 }
    147 
    148 exports.OAuth = OAuth