-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathoauth1.go
153 lines (135 loc) · 3.41 KB
/
oauth1.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package oauth1
import (
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"math/rand"
"net/http"
"net/url"
"regexp"
"sort"
"strconv"
"strings"
"time"
)
type Pair struct {
Key string
Value string
}
type Params []*Pair
func (p Params) Len() int { return len(p) }
func (p Params) Less(i, j int) bool {
if p[i].Key == p[j].Key {
return p[i].Value < p[j].Value
}
return p[i].Key < p[j].Key
}
func (p Params) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
func (p *Params) Add(pair *Pair) {
a := *p
n := len(a)
if n+1 > cap(a) {
s := make([]*Pair, n, 2*n+1)
copy(s, a)
a = s
}
a = a[0 : n+1]
a[n] = pair
*p = a
}
// isEncodable returns true if a given character should be percent-encoded
// according to RFC 3986.
func isEncodable(c byte) bool {
// return false if c is an unreserved character (see RFC 3986 section 2.3)
switch {
case (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'):
return false
case c >= '0' && c <= '9':
return false
case c == '-' || c == '.' || c == '_' || c == '~':
return false
}
return true
}
// Encode percent-encodes a string as defined in RFC 3986.
func Encode(s string) string {
var enc string
for _, c := range []byte(s) {
if isEncodable(c) {
enc += "%"
enc += string("0123456789ABCDEF"[c>>4])
enc += string("0123456789ABCDEF"[c&15])
} else {
enc += string(c)
}
}
return enc
}
func decode(s string) string {
dec, err := url.QueryUnescape(s)
if err != nil {
return s
}
return dec
}
var headerReg = regexp.MustCompile("^(?i)oauth\\s*(.*=.*(,.*=.*)*)$")
func GetParams(r *http.Request) (result Params) {
params := Params{}
for key, values := range r.URL.Query() {
if key != "oauth_signature" {
for _, value := range values {
params.Add(&Pair{Key: key, Value: value})
}
}
}
authHeader := ""
for _, value := range r.Header["Authorization"] {
authHeader += value
}
if authHeader != "" {
if match := headerReg.FindStringSubmatch(authHeader); match != nil {
for _, part := range strings.Split(match[1], ",") {
kv := strings.SplitN(part, "=", 2)
key := strings.TrimSpace(kv[0])
value := strings.TrimSpace(kv[1])
value = strings.Replace(value, `"`, "", -1) // No fnuts for you
params.Add(&Pair{Key: key, Value: decode(value)})
}
}
}
result = params
return
}
func GenerateSignature(r *http.Request, secret string) (result string, err error) {
params := GetParams(r)
sort.Sort(params)
sigBaseCol := []string{}
for _, param := range params {
if param.Key != "realm" && param.Key != "oauth_signature" {
sigBaseCol = append(sigBaseCol, Encode(param.Key)+"="+Encode(param.Value))
}
}
if r.URL.Path == "" {
r.URL.Path = "/"
}
hostAndPort := strings.Split(r.URL.Host, ":")
if len(hostAndPort) > 1 {
if r.URL.Scheme == "http" && hostAndPort[1] == "80" {
hostAndPort = []string{hostAndPort[0]}
} else if r.URL.Scheme == "https" && hostAndPort[1] == "443" {
hostAndPort = []string{hostAndPort[0]}
}
}
sigBaseStr := r.Method + "&" + Encode(r.URL.Scheme+"://"+strings.Join(hostAndPort, ":")+r.URL.Path) + "&" + Encode(strings.Join(sigBaseCol, "&"))
key := Encode(secret) + "&"
h := hmac.New(sha1.New, []byte(key))
h.Write([]byte(sigBaseStr))
result = base64.StdEncoding.EncodeToString(h.Sum(nil))
return
}
func GenerateNonce() string {
return strconv.FormatInt(rand.New(rand.NewSource(time.Now().UnixNano())).Int63(), 10)
}
func GenerateTimestamp() string {
return strconv.FormatInt(time.Now().Unix(), 10)
}