3 var url = require('url')
5 , caseless = require('caseless')
6 , uuid = require('uuid')
7 , oauth = require('oauth-sign')
8 , crypto = require('crypto')
11 function OAuth (request) {
12 this.request = request
16 OAuth.prototype.buildParams = function (_oauth, uri, method, query, form, qsLib) {
18 for (var i in _oauth) {
19 oa['oauth_' + i] = _oauth[i]
21 if (!oa.oauth_version) {
22 oa.oauth_version = '1.0'
24 if (!oa.oauth_timestamp) {
25 oa.oauth_timestamp = Math.floor( Date.now() / 1000 ).toString()
27 if (!oa.oauth_nonce) {
28 oa.oauth_nonce = uuid().replace(/-/g, '')
30 if (!oa.oauth_signature_method) {
31 oa.oauth_signature_method = 'HMAC-SHA1'
34 var consumer_secret_or_private_key = oa.oauth_consumer_secret || oa.oauth_private_key
35 delete oa.oauth_consumer_secret
36 delete oa.oauth_private_key
38 var token_secret = oa.oauth_token_secret
39 delete oa.oauth_token_secret
41 var realm = oa.oauth_realm
43 delete oa.oauth_transport_method
45 var baseurl = uri.protocol + '//' + uri.host + uri.pathname
46 var params = qsLib.parse([].concat(query, form, qsLib.stringify(oa)).join('&'))
48 oa.oauth_signature = oauth.sign(
49 oa.oauth_signature_method,
53 consumer_secret_or_private_key,
63 OAuth.prototype.buildBodyHash = function(_oauth, body) {
64 if (['HMAC-SHA1', 'RSA-SHA1'].indexOf(_oauth.signature_method || 'HMAC-SHA1') < 0) {
65 this.request.emit('error', new Error('oauth: ' + _oauth.signature_method +
66 ' signature_method not supported with body_hash signing.'))
69 var shasum = crypto.createHash('sha1')
70 shasum.update(body || '')
71 var sha1 = shasum.digest('hex')
73 return new Buffer(sha1).toString('base64')
76 OAuth.prototype.concatParams = function (oa, sep, wrap) {
79 var params = Object.keys(oa).filter(function (i) {
80 return i !== 'realm' && i !== 'oauth_signature'
84 params.splice(0, 0, 'realm')
86 params.push('oauth_signature')
88 return params.map(function (i) {
89 return i + '=' + wrap + oauth.rfc3986(oa[i]) + wrap
93 OAuth.prototype.onRequest = function (_oauth) {
97 var uri = self.request.uri || {}
98 , method = self.request.method || ''
99 , headers = caseless(self.request.headers)
100 , body = self.request.body || ''
101 , qsLib = self.request.qsLib || qs
105 , contentType = headers.get('content-type') || ''
106 , formContentType = 'application/x-www-form-urlencoded'
107 , transport = _oauth.transport_method || 'header'
109 if (contentType.slice(0, formContentType.length) === formContentType) {
110 contentType = formContentType
116 if (transport === 'body' && (method !== 'POST' || contentType !== formContentType)) {
117 self.request.emit('error', new Error('oauth: transport_method of body requires POST ' +
118 'and content-type ' + formContentType))
121 if (!form && typeof _oauth.body_hash === 'boolean') {
122 _oauth.body_hash = self.buildBodyHash(_oauth, self.request.body.toString())
125 var oa = self.buildParams(_oauth, uri, method, query, form, qsLib)
129 self.request.setHeader('Authorization', 'OAuth ' + self.concatParams(oa, ',', '"'))
133 var href = self.request.uri.href += (query ? '&' : '?') + self.concatParams(oa, '&')
134 self.request.uri = url.parse(href)
135 self.request.path = self.request.uri.path
139 self.request.body = (form ? form + '&' : '') + self.concatParams(oa, '&')
143 self.request.emit('error', new Error('oauth: transport_method invalid'))
147 exports.OAuth = OAuth