From be37dff4bd394ec17fc5379e0084426e8d6a4921 Mon Sep 17 00:00:00 2001 From: varconstant <32683624+libozh@users.noreply.github.com> Date: Tue, 5 Jun 2018 09:28:47 -0400 Subject: [PATCH] exclude default port according to RFC5894 section-3.4.1.2 --- index.js | 18 +++++++++++++++++- test.js | 30 +++++++++++++++++++++++++++++- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index dadcba9..710fbad 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,6 @@ var crypto = require('crypto') , qs = require('querystring') + , url = require('url') ; function sha1 (key, body) { @@ -10,6 +11,17 @@ function rsa (key, body) { return crypto.createSign("RSA-SHA1").update(body).sign(key, 'base64'); } +function excludeDefaultPort (base_uri) { + var parsed = url.parse(base_uri); + if (parsed.port) { + if ((parsed.protocol == "http:" && parsed.port == "80") + || (parsed.protocol == "https:" && parsed.port == "443")) { + parsed.host = parsed.hostname; + } + } + return url.format(parsed); +} + function rfc3986 (str) { return encodeURIComponent(str) .replace(/!/g,'%21') @@ -48,6 +60,10 @@ function generateBase (httpMethod, base_uri, params) { // adapted from https://dev.twitter.com/docs/auth/oauth and // https://dev.twitter.com/docs/auth/creating-signature + // Exclude HTTPS for port 443, HTTP for port 80 + // https://tools.ietf.org/html/rfc5849#section-3.4.1.2 + var newBaseUri = excludeDefaultPort (base_uri) + // Parameter normalization // http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2 var normalized = map(params) @@ -72,7 +88,7 @@ function generateBase (httpMethod, base_uri, params) { var base = [ rfc3986(httpMethod ? httpMethod.toUpperCase() : 'GET'), - rfc3986(base_uri), + rfc3986(newBaseUri), rfc3986(normalized) ].join('&') diff --git a/test.js b/test.js index a884727..90b70b0 100644 --- a/test.js +++ b/test.js @@ -28,11 +28,25 @@ var accsign = hmacsign('POST', 'https://api.twitter.com/oauth/access_token', , oauth_verifier: 'pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY' , oauth_version: '1.0' }, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", "x6qpRnlEmW9JbQn4PQVVeVG8ZLPEx6A0TOebgwcuA") - + console.log(accsign) console.log('PUw/dHA4fnlJYM6RhXk5IU/0fCc=') assert.equal(accsign, 'PUw/dHA4fnlJYM6RhXk5IU/0fCc=') +var accsign2 = hmacsign('POST', 'https://api.twitter.com:443/oauth/access_token', +{ oauth_consumer_key: 'GDdmIQH6jhtmLUypg82g' +, oauth_nonce: '9zWH6qe0qG7Lc1telCn7FhUbLyVdjEaL3MO5uHxn8' +, oauth_signature_method: 'HMAC-SHA1' +, oauth_token: '8ldIZyxQeVrFZXFOZH5tAwj6vzJYuLQpl0WUEYtWc' +, oauth_timestamp: '1272323047' +, oauth_verifier: 'pDNg57prOHapMbhv25RNf75lVRd6JDsni1AJJIDYoTY' +, oauth_version: '1.0' +}, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", "x6qpRnlEmW9JbQn4PQVVeVG8ZLPEx6A0TOebgwcuA") + +console.log(accsign2) +console.log('PUw/dHA4fnlJYM6RhXk5IU/0fCc=') +assert.equal(accsign2, 'PUw/dHA4fnlJYM6RhXk5IU/0fCc=') + var upsign = hmacsign('POST', 'http://api.twitter.com/1/statuses/update.json', { oauth_consumer_key: "GDdmIQH6jhtmLUypg82g" , oauth_nonce: "oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y" @@ -47,6 +61,20 @@ console.log(upsign) console.log('yOahq5m0YjDDjfjxHaXEsW9D+X0=') assert.equal(upsign, 'yOahq5m0YjDDjfjxHaXEsW9D+X0=') +var upsign2 = hmacsign('POST', 'http://api.twitter.com:80/1/statuses/update.json', + { oauth_consumer_key: "GDdmIQH6jhtmLUypg82g" + , oauth_nonce: "oElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y" + , oauth_signature_method: "HMAC-SHA1" + , oauth_token: "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw" + , oauth_timestamp: "1272325550" + , oauth_version: "1.0" + , status: 'setting up my twitter 私のさえずりを設定する' + }, "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98", "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA") + +console.log(upsign2) +console.log('yOahq5m0YjDDjfjxHaXEsW9D+X0=') +assert.equal(upsign2, 'yOahq5m0YjDDjfjxHaXEsW9D+X0=') + // handle objects in params (useful for Wordpress REST API) var upsign = hmacsign('POST', 'http://wordpress.com/wp-json', { oauth_consumer_key: "GDdmIQH6jhtmLUypg82g"