Adding some oauth support, tested with Twitter.

request · Nov 12, 2011 · bf906de · bf906de
1 parent 5f80577
commit bf906de
Show file tree

Hide file tree

Showing 4 changed files with 207 additions and 0 deletions.
diff --git a/main.js b/main.js
@@ -20,6 +20,8 @@ var http = require('http')
   , stream = require('stream')
   , qs = require('querystring')
   , mimetypes = require('./mimetypes')
+  , oauth = require('./oauth')
+  , uuid = require('./uuid')
   ;
 
 try {
@@ -162,6 +164,60 @@ Request.prototype.request = function () {
   if (self.onResponse) self.on('error', function (e) {self.onResponse(e)})
   if (self.callback) self.on('error', function (e) {self.callback(e)})
 
+  if (self.form) {
+    self.headers['content-type'] = 'application/x-www-form-urlencoded; charset=utf-8'
+    self.body = qs.stringify(self.form).toString('utf8')
+  }
+
+  if (self.oauth) {
+    var form
+    if (self.headers['content-type'] && 
+        self.headers['content-type'].slice(0, 'application/x-www-form-urlencoded'.length) ===
+          'application/x-www-form-urlencoded' 
+       ) {
+      form = qs.parse(self.body)
+    } 
+    if (self.uri.query) {
+      form = qs.parse(self.uri.query)
+    } 
+    if (!form) form = {}
+    var oa = {}
+    for (i in form) oa[i] = form[i]
+    for (i in self.oauth) oa['oauth_'+i] = self.oauth[i]
+    if (!oa.oauth_version) oa.oauth_version = '1.0'
+    if (!oa.oauth_timestamp) oa.oauth_timestamp = Math.floor( (new Date()).getTime() / 1000 ).toString()
+    if (!oa.oauth_nonce) oa.oauth_nonce = uuid().replace(/-/g, '')
+
+    oa.oauth_signature_method = 'HMAC-SHA1'
+
+    var consumer_secret = oa.oauth_consumer_secret
+    delete oa.oauth_consumer_secret
+    var token_secret = oa.oauth_token_secret
+    delete oa.oauth_token_secret
+
+    var baseurl = self.uri.protocol + '//' + self.uri.host + self.uri.pathname
+    var signature = oauth.hmacsign(self.method, baseurl, oa, consumer_secret, token_secret)
+
+    // oa.oauth_signature = signature
+    for (i in form) {
+      if ( i.slice(0, 'oauth_') in self.oauth) {
+        // skip 
+      } else {
+        delete oa['oauth_'+i]
+      }
+    }
+    self.headers.authorization = 
+      'OAuth '+Object.keys(oa).sort().map(function (i) {return i+'="'+encodeURIComponent(oa[i])+'"'}).join(',')
+    self.headers.authorization += ',oauth_signature="'+encodeURIComponent(signature)+'"'  
+
+    // oauth_consumer_key: 'GDdmIQH6jhtmLUypg82g'
+    // , oauth_nonce: '9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8'
+    // , oauth_signature_method: 'HMAC-SHA1'
+    // , oauth_token: '8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc'
+    // , oauth_timestamp: '1272323047'
+    // , oauth_verifier: 'pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY'
+    // , oauth_version: '1.0'
+  }
 
   if (self.uri.auth && !self.headers.authorization) {
     self.headers.authorization = "Basic " + toBase64(self.uri.auth.split(':').map(function(item){ return qs.unescape(item)}).join(':'))

diff --git a/oauth.js b/oauth.js
@@ -0,0 +1,23 @@
+var crypto = require('crypto')
+  , qs = require('querystring')
+  ;
+
+function sha1 (key, body) {
+  return crypto.createHmac('sha1', key).update(body).digest('base64')
+}
+
+function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret, body) {
+  // adapted from https://dev.twitter.com/docs/auth/oauth
+  var base = 
+    httpMethod + "&" +
+    encodeURIComponent(  base_uri ) + "&" +
+    Object.keys(params).sort().map(function (i) {
+      // big WTF here with the escape + encoding but it's what twitter wants
+      return encodeURIComponent(qs.escape(i)) + "%3D" + encodeURIComponent(qs.escape(params[i]))
+    }).join("%26")
+  var key = consumer_secret + '&'
+  if (token_secret) key += token_secret
+  return sha1(key, base)
+}
+
+exports.hmacsign = hmacsign
diff --git a/tests/test-oauth.js b/tests/test-oauth.js
@@ -0,0 +1,109 @@
+var hmacsign = require('../oauth').hmacsign
+  , assert = require('assert')
+  , qs = require('querystring')
+  , request = require('../main')
+  ;
+
+function getsignature (r) {
+  var sign
+  r.headers.authorization.slice('OAuth '.length).replace(/,\ /g, ',').split(',').forEach(function (v) {
+    if (v.slice(0, 'oauth_signature="'.length) === 'oauth_signature="') sign = v.slice('oauth_signature="'.length, -1)
+  })
+  return decodeURIComponent(sign)
+}
+
+// Tests from Twitter documentation https://dev.twitter.com/docs/auth/oauth
+
+var reqsign = hmacsign('POST', 'https://api.twitter.com/oauth/request_token', 
+  { oauth_callback: 'http://localhost:3005/the_dance/process_callback?service_provider_id=11'
+  , oauth_consumer_key: 'GDdmIQH6jhtmLUypg82g'
+  , oauth_nonce: 'QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk'
+  , oauth_signature_method: 'HMAC-SHA1'
+  , oauth_timestamp: '1272323042'
+  , oauth_version: '1.0'
+  }, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98")
+
+console.log(reqsign)
+console.log('8wUi7m5HFQy76nowoCThusfgB+Q=')
+assert.equal(reqsign, '8wUi7m5HFQy76nowoCThusfgB+Q=')
+
+var accsign = hmacsign('POST', 'https://api.twitter.com/oauth/access_token',
+  { oauth_consumer_key: 'GDdmIQH6jhtmLUypg82g'
+  , oauth_nonce: '9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8'
+  , oauth_signature_method: 'HMAC-SHA1'
+  , oauth_token: '8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc'
+  , oauth_timestamp: '1272323047'
+  , oauth_verifier: 'pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY'
+  , oauth_version: '1.0'
+  }, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", "x6qpRnlEmW9JbQn4PQVVeVG8ZLPEx6A0TOebgwcuA")
+
+console.log(accsign)
+console.log('PUw/dHA4fnlJYM6RhXk5IU/0fCc=')
+assert.equal(accsign, 'PUw/dHA4fnlJYM6RhXk5IU/0fCc=')
+
+var upsign = hmacsign('POST', 'http://api.twitter.com/1/statuses/update.json', 
+  { oauth_consumer_key: "GDdmIQH6jhtmLUypg82g"
+  , oauth_nonce: "oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y"
+  , oauth_signature_method: "HMAC-SHA1"
+  , oauth_token: "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw"
+  , oauth_timestamp: "1272325550"
+  , oauth_version: "1.0"
+  , status: 'setting up my twitter 私のさえずりを設定する'
+  }, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA")
+
+console.log(upsign)
+console.log('yOahq5m0YjDDjfjxHaXEsW9D+X0=')
+assert.equal(upsign, 'yOahq5m0YjDDjfjxHaXEsW9D+X0=')
+
+
+var r = request.post(
+  { url: 'https://api.twitter.com/oauth/request_token'
+  , oauth: 
+    { callback: 'http://localhost:3005/the_dance/process_callback?service_provider_id=11'
+    , consumer_key: 'GDdmIQH6jhtmLUypg82g'
+    , nonce: 'QP70eNmVz8jvdPevU3oJD2AfF7R7odC2XJcn4XlZJqk'
+    , timestamp: '1272323042'
+    , version: '1.0'
+    , consumer_secret: "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98"
+    }
+  })
+
+console.log(getsignature(r))
+assert.equal(reqsign, getsignature(r))
+
+var r = request.post(
+  { url: 'https://api.twitter.com/oauth/access_token'
+  , oauth:  
+    { consumer_key: 'GDdmIQH6jhtmLUypg82g'
+    , nonce: '9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8'
+    , signature_method: 'HMAC-SHA1'
+    , token: '8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc'
+    , timestamp: '1272323047'
+    , verifier: 'pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY'
+    , version: '1.0'
+    , consumer_secret: "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98"
+    , token_secret: "x6qpRnlEmW9JbQn4PQVVeVG8ZLPEx6A0TOebgwcuA" 
+    }
+  })
+
+console.log(getsignature(r))
+assert.equal(accsign, getsignature(r))
+
+var r = request.post(
+  { url: 'http://api.twitter.com/1/statuses/update.json' 
+  , oauth: 
+    { consumer_key: "GDdmIQH6jhtmLUypg82g"
+    , nonce: "oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y"
+    , signature_method: "HMAC-SHA1"
+    , token: "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw"
+    , timestamp: "1272325550"
+    , version: "1.0"
+    , consumer_secret: "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98"
+    , token_secret: "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA"
+    }
+  , form: {status: 'setting up my twitter 私のさえずりを設定する'} 
+  })
+
+console.log(getsignature(r))
+assert.equal(upsign, getsignature(r))
+
diff --git a/uuid.js b/uuid.js
@@ -0,0 +1,19 @@
+module.exports = function () {
+  var s = [], itoh = '0123456789ABCDEF';
+
+  // Make array of random hex digits. The UUID only has 32 digits in it, but we
+  // allocate an extra items to make room for the '-'s we'll be inserting.
+  for (var i = 0; i <36; i++) s[i] = Math.floor(Math.random()*0x10);
+
+  // Conform to RFC-4122, section 4.4
+  s[14] = 4;  // Set 4 high bits of time_high field to version
+  s[19] = (s[19] & 0x3) | 0x8;  // Specify 2 high bits of clock sequence
+
+  // Convert to hex chars
+  for (var i = 0; i <36; i++) s[i] = itoh[s[i]];
+
+  // Insert '-'s
+  s[8] = s[13] = s[18] = s[23] = '-';
+
+  return s.join('');
+}