首頁 探索 說明
註冊 登入
Polybius
/
polybius.fyi
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 6d800b5a9b
分支列表 標籤列表
polybius.fyi
/
reveal.js
/
node_modules
/
oauth-sign
/
index.js

index.js 3.5 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. var crypto = require('crypto')
    2. 

  2.   , qs = require('querystring')
    3. 

  3.   ;
    4. 

  4. 

  5. function sha1 (key, body) {
    6. 

  6.   return crypto.createHmac('sha1', key).update(body).digest('base64')
    7. 

  7. }
    8. 

  8. 

  9. function rsa (key, body) {
    10. 

  10.   return crypto.createSign("RSA-SHA1").update(body).sign(key, 'base64');
    11. 

  11. }
    12. 

  12. 

  13. function rfc3986 (str) {
    14. 

  14.   return encodeURIComponent(str)
    15. 

  15.     .replace(/!/g,'%21')
    16. 

  16.     .replace(/\*/g,'%2A')
    17. 

  17.     .replace(/\(/g,'%28')
    18. 

  18.     .replace(/\)/g,'%29')
    19. 

  19.     .replace(/'/g,'%27')
    20. 

  20.     ;
    21. 

  21. }
    22. 

  22. 

  23. // Maps object to bi-dimensional array
    24. 

  24. // Converts { foo: 'A', bar: [ 'b', 'B' ]} to
    25. 

  25. // [ ['foo', 'A'], ['bar', 'b'], ['bar', 'B'] ]
    26. 

  26. function map (obj) {
    27. 

  27.   var key, val, arr = []
    28. 

  28.   for (key in obj) {
    29. 

  29.     val = obj[key]
    30. 

  30.     if (Array.isArray(val))
    31. 

  31.       for (var i = 0; i < val.length; i++)
    32. 

  32.         arr.push([key, val[i]])
    33. 

  33.     else if (typeof val === "object")
    34. 

  34.       for (var prop in val)
    35. 

  35.         arr.push([key + '[' + prop + ']', val[prop]]);
    36. 

  36.     else
    37. 

  37.       arr.push([key, val])
    38. 

  38.   }
    39. 

  39.   return arr
    40. 

  40. }
    41. 

  41. 

  42. // Compare function for sort
    43. 

  43. function compare (a, b) {
    44. 

  44.   return a > b ? 1 : a < b ? -1 : 0
    45. 

  45. }
    46. 

  46. 

  47. function generateBase (httpMethod, base_uri, params) {
    48. 

  48.   // adapted from https://dev.twitter.com/docs/auth/oauth and 
    49. 

  49.   // https://dev.twitter.com/docs/auth/creating-signature
    50. 

  50. 

  51.   // Parameter normalization
    52. 

  52.   // http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
    53. 

  53.   var normalized = map(params)
    54. 

  54.   // 1.  First, the name and value of each parameter are encoded
    55. 

  55.   .map(function (p) {
    56. 

  56.     return [ rfc3986(p[0]), rfc3986(p[1] || '') ]
    57. 

  57.   })
    58. 

  58.   // 2.  The parameters are sorted by name, using ascending byte value
    59. 

  59.   //     ordering.  If two or more parameters share the same name, they
    60. 

  60.   //     are sorted by their value.
    61. 

  61.   .sort(function (a, b) {
    62. 

  62.     return compare(a[0], b[0]) || compare(a[1], b[1])
    63. 

  63.   })
    64. 

  64.   // 3.  The name of each parameter is concatenated to its corresponding
    65. 

  65.   //     value using an "=" character (ASCII code 61) as a separator, even
    66. 

  66.   //     if the value is empty.
    67. 

  67.   .map(function (p) { return p.join('=') })
    68. 

  68.    // 4.  The sorted name/value pairs are concatenated together into a
    69. 

  69.    //     single string by using an "&" character (ASCII code 38) as
    70. 

  70.    //     separator.
    71. 

  71.   .join('&')
    72. 

  72. 

  73.   var base = [
    74. 

  74.     rfc3986(httpMethod ? httpMethod.toUpperCase() : 'GET'),
    75. 

  75.     rfc3986(base_uri),
    76. 

  76.     rfc3986(normalized)
    77. 

  77.   ].join('&')
    78. 

  78. 

  79.   return base
    80. 

  80. }
    81. 

  81. 

  82. function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret) {
    83. 

  83.   var base = generateBase(httpMethod, base_uri, params)
    84. 

  84.   var key = [
    85. 

  85.     consumer_secret || '',
    86. 

  86.     token_secret || ''
    87. 

  87.   ].map(rfc3986).join('&')
    88. 

  88. 

  89.   return sha1(key, base)
    90. 

  90. }
    91. 

  91. 

  92. function rsasign (httpMethod, base_uri, params, private_key, token_secret) {
    93. 

  93.   var base = generateBase(httpMethod, base_uri, params)
    94. 

  94.   var key = private_key || ''
    95. 

  95. 

  96.   return rsa(key, base)
    97. 

  97. }
    98. 

  98. 

  99. function plaintext (consumer_secret, token_secret) {
    100. 

  100.   var key = [
    101. 

  101.     consumer_secret || '',
    102. 

  102.     token_secret || ''
    103. 

  103.   ].map(rfc3986).join('&')
    104. 

  104. 

  105.   return key
    106. 

  106. }
    107. 

  107. 

  108. function sign (signMethod, httpMethod, base_uri, params, consumer_secret, token_secret) {
    109. 

  109.   var method
    110. 

  110.   var skipArgs = 1
    111. 

  111. 

  112.   switch (signMethod) {
    113. 

  113.     case 'RSA-SHA1':
    114. 

  114.       method = rsasign
    115. 

  115.       break
    116. 

  116.     case 'HMAC-SHA1':
    117. 

  117.       method = hmacsign
    118. 

  118.       break
    119. 

  119.     case 'PLAINTEXT':
    120. 

  120.       method = plaintext
    121. 

  121.       skipArgs = 4
    122. 

  122.       break
    123. 

  123.     default:
    124. 

  124.      throw new Error("Signature method not supported: " + signMethod)
    125. 

  125.   }
    126. 

  126. 

  127.   return method.apply(null, [].slice.call(arguments, skipArgs))
    128. 

  128. }
    129. 

  129. 

  130. exports.hmacsign = hmacsign
    131. 

  131. exports.rsasign = rsasign
    132. 

  132. exports.plaintext = plaintext
    133. 

  133. exports.sign = sign
    134. 

  134. exports.rfc3986 = rfc3986
    135. 

  135. exports.generateBase = generateBase
    136. 

  136.