kami-parse-server/src/Adapters/Auth/OAuth1Client.js

var https = require('https'),
  crypto = require('crypto');
var Parse = require('parse/node').Parse;

var OAuth = function (options) {
  if (!options) {
    throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'No options passed to OAuth');
  }
  this.consumer_key = options.consumer_key;
  this.consumer_secret = options.consumer_secret;
  this.auth_token = options.auth_token;
  this.auth_token_secret = options.auth_token_secret;
  this.host = options.host;
  this.oauth_params = options.oauth_params || {};
};

OAuth.prototype.send = function (method, path, params, body) {
  var request = this.buildRequest(method, path, params, body);
  // Encode the body properly, the current Parse Implementation don't do it properly
  return new Promise(function (resolve, reject) {
    var httpRequest = https
      .request(request, function (res) {
        var data = '';
        res.on('data', function (chunk) {
          data += chunk;
        });
        res.on('end', function () {
          data = JSON.parse(data);
          resolve(data);
        });
      })
      .on('error', function () {
        reject('Failed to make an OAuth request');
      });
    if (request.body) {
      httpRequest.write(request.body);
    }
    httpRequest.end();
  });
};

OAuth.prototype.buildRequest = function (method, path, params, body) {
  if (path.indexOf('/') != 0) {
    path = '/' + path;
  }
  if (params && Object.keys(params).length > 0) {
    path += '?' + OAuth.buildParameterString(params);
  }

  var request = {
    host: this.host,
    path: path,
    method: method.toUpperCase(),
  };

  var oauth_params = this.oauth_params || {};
  oauth_params.oauth_consumer_key = this.consumer_key;
  if (this.auth_token) {
    oauth_params['oauth_token'] = this.auth_token;
  }

  request = OAuth.signRequest(request, oauth_params, this.consumer_secret, this.auth_token_secret);

  if (body && Object.keys(body).length > 0) {
    request.body = OAuth.buildParameterString(body);
  }
  return request;
};

OAuth.prototype.get = function (path, params) {
  return this.send('GET', path, params);
};

OAuth.prototype.post = function (path, params, body) {
  return this.send('POST', path, params, body);
};

/*
	Proper string %escape encoding
*/
OAuth.encode = function (str) {
  //       discuss at: http://phpjs.org/functions/rawurlencode/
  //      original by: Brett Zamir (http://brett-zamir.me)
  //         input by: travc
  //         input by: Brett Zamir (http://brett-zamir.me)
  //         input by: Michael Grier
  //         input by: Ratheous
  //      bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
  //      bugfixed by: Brett Zamir (http://brett-zamir.me)
  //      bugfixed by: Joris
  // reimplemented by: Brett Zamir (http://brett-zamir.me)
  // reimplemented by: Brett Zamir (http://brett-zamir.me)
  //             note: This reflects PHP 5.3/6.0+ behavior
  //             note: Please be aware that this function expects to encode into UTF-8 encoded strings, as found on
  //             note: pages served as UTF-8
  //        example 1: rawurlencode('Kevin van Zonneveld!');
  //        returns 1: 'Kevin%20van%20Zonneveld%21'
  //        example 2: rawurlencode('http://kevin.vanzonneveld.net/');
  //        returns 2: 'http%3A%2F%2Fkevin.vanzonneveld.net%2F'
  //        example 3: rawurlencode('http://www.google.nl/search?q=php.js&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:unofficial&client=firefox-a');
  //        returns 3: 'http%3A%2F%2Fwww.google.nl%2Fsearch%3Fq%3Dphp.js%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dcom.ubuntu%3Aen-US%3Aunofficial%26client%3Dfirefox-a'

  str = (str + '').toString();

  // Tilde should be allowed unescaped in future versions of PHP (as reflected below), but if you want to reflect current
  // PHP behavior, you would need to add ".replace(/~/g, '%7E');" to the following.
  return encodeURIComponent(str)
    .replace(/!/g, '%21')
    .replace(/'/g, '%27')
    .replace(/\(/g, '%28')
    .replace(/\)/g, '%29')
    .replace(/\*/g, '%2A');
};

OAuth.signatureMethod = 'HMAC-SHA1';
OAuth.version = '1.0';

/*
	Generate a nonce
*/
OAuth.nonce = function () {
  var text = '';
  var possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';

  for (var i = 0; i < 30; i++) text += possible.charAt(Math.floor(Math.random() * possible.length));

  return text;
};

OAuth.buildParameterString = function (obj) {
  // Sort keys and encode values
  if (obj) {
    var keys = Object.keys(obj).sort();

    // Map key=value, join them by &
    return keys
      .map(function (key) {
        return key + '=' + OAuth.encode(obj[key]);
      })
      .join('&');
  }

  return '';
};

/*
	Build the signature string from the object
*/

OAuth.buildSignatureString = function (method, url, parameters) {
  return [method.toUpperCase(), OAuth.encode(url), OAuth.encode(parameters)].join('&');
};

/*
	Retuns encoded HMAC-SHA1 from key and text
*/
OAuth.signature = function (text, key) {
  crypto = require('crypto');
  return OAuth.encode(crypto.createHmac('sha1', key).update(text).digest('base64'));
};

OAuth.signRequest = function (request, oauth_parameters, consumer_secret, auth_token_secret) {
  oauth_parameters = oauth_parameters || {};

  // Set default values
  if (!oauth_parameters.oauth_nonce) {
    oauth_parameters.oauth_nonce = OAuth.nonce();
  }
  if (!oauth_parameters.oauth_timestamp) {
    oauth_parameters.oauth_timestamp = Math.floor(new Date().getTime() / 1000);
  }
  if (!oauth_parameters.oauth_signature_method) {
    oauth_parameters.oauth_signature_method = OAuth.signatureMethod;
  }
  if (!oauth_parameters.oauth_version) {
    oauth_parameters.oauth_version = OAuth.version;
  }

  if (!auth_token_secret) {
    auth_token_secret = '';
  }
  // Force GET method if unset
  if (!request.method) {
    request.method = 'GET';
  }

  // Collect  all the parameters in one signatureParameters object
  var signatureParams = {};
  var parametersToMerge = [request.params, request.body, oauth_parameters];
  for (var i in parametersToMerge) {
    var parameters = parametersToMerge[i];
    for (var k in parameters) {
      signatureParams[k] = parameters[k];
    }
  }

  // Create a string based on the parameters
  var parameterString = OAuth.buildParameterString(signatureParams);

  // Build the signature string
  var url = 'https://' + request.host + '' + request.path;

  var signatureString = OAuth.buildSignatureString(request.method, url, parameterString);
  // Hash the signature string
  var signatureKey = [OAuth.encode(consumer_secret), OAuth.encode(auth_token_secret)].join('&');

  var signature = OAuth.signature(signatureString, signatureKey);

  // Set the signature in the params
  oauth_parameters.oauth_signature = signature;
  if (!request.headers) {
    request.headers = {};
  }

  // Set the authorization header
  var authHeader = Object.keys(oauth_parameters)
    .sort()
    .map(function (key) {
      var value = oauth_parameters[key];
      return key + '="' + value + '"';
    })
    .join(', ');

  request.headers.Authorization = 'OAuth ' + authHeader;

  // Set the content type header
  request.headers['Content-Type'] = 'application/x-www-form-urlencoded';
  return request;
};

module.exports = OAuth;