如何使用 Meteor.js 通过 oauth 1.0 向 500px api 发出经过身份验证的请求
How to make an authenticated request to 500px api via oauth 1.0 using Meteor.js
我需要通过 oauth 1.0 向 500px api 发出经过身份验证的请求。我一直在关注这个 guide 并以几种不同的方式实施了所描述的工作流程,但我一直在 statusCode: 401...
.
OAuth 请求的构造方式如下:
这里是我到目前为止的尝试:
尝试 #1:
likePhoto (id) {
let crypto = Npm.require('crypto'),
consumerKey = '-',
consumerSecret = '-',
accessToken = Meteor.user().services.Fivehundredpx.accessToken,
accessTokenSecret = Meteor.user().services.Fivehundredpx.accessTokenSecret,
url = 'https://api.500px.com/v1/photos/231034201/vote?vote=1',
date = new Date,
method = 'POST';
// Note that the keys are in alphabetical order
let reqObj = {
oauth_consumer_key: consumerKey,
oauth_nonce: Math.random().toString(36).replace(/[^a-z]/, '').substr(2),
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: Math.floor(date.getTime() / 1000),
oauth_token: accessToken,
oauth_version: '1.0'
};
// construct a param=value& string and uriEncode
let paramsStr = '';
for (let i in reqObj) {
paramsStr += "&" + i + "=" + reqObj[i];
}
// yank off that first "&"
paramsStr = paramsStr.substr(1);
let sigBaseStr = method + "&" + encodeURIComponent(url) + "&" + encodeURIComponent(paramsStr);
consumerSecret += "&" + accessTokenSecret;
let hashedBaseStr = crypto.createHmac('sha1', consumerSecret).update(sigBaseStr).digest('base64');
// Add oauth_signature to the request object
reqObj.oauth_signature = encodeURIComponent(hashedBaseStr);
let authorization = 'OAuth ';
for (let i in reqObj) {
authorization += i + '="'+ reqObj[i] + '",';
}
console.log(authorization);
Meteor.http.call(method, url,
{headers: {
Authorization: authorization,
}},
function (error, result) {
console.log(result || error);
});
}
尝试 #2:
likePhoto (id) {
const oauthSignature = require('oauth-signature');
let date = new Date;
let httpMethod = 'POST',
url = 'https://api.500px.com/v1/photos/231034201/vote?vote=1',
parameters = {
oauth_consumer_key : '',
oauth_nonce : Math.random().toString(36).replace(/[^a-z]/, '').substr(2),
oauth_signature_method : 'HMAC-SHA1',
oauth_timestamp : Math.floor(date.getTime() / 1000),
oauth_token : Meteor.user().services.Fivehundredpx.accessToken,
oauth_version : '1.0',
},
consumerSecret = '',
tokenSecret = Meteor.user().services.Fivehundredpx.accessTokenSecret,
// generates a RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hash
encodedSignature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret),
// generates a BASE64 encode HMAC-SHA1 hчash
signature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret,
{ encodeSignature: false});
// construct a param=value& string and uriEncode
let paramsStr = '';
for (let i in parameters) {
paramsStr += "&" + i + "=" + parameters[i];
}
// Add oauth_signature to the request object
parameters.oauth_signature = encodedSignature;
let authorization = 'OAuth ';
for (let i in parameters) {
authorization += i + '="'+ parameters[i] + '",';
}
console.log(authorization);
HTTP.call(httpMethod, url,
{
headers: {
'Authorization': authorization,
}
},
function (error, result) {
console.log(result || error);
});
}
尝试 #3:
function oAuthBaseString(method, url, params, key, token, timestamp, nonce) {
return method
+ '&' + percentEncode(url)
+ '&' + percentEncode(genSortedParamStr(params, key, token, timestamp, nonce));
}
function oAuthSigningKey(consumer_secret, token_secret) {
return consumer_secret + '&' + token_secret;
}
function oAuthSignature(base_string, signing_key) {
var signature = hmac_sha1(base_string, signing_key);
return percentEncode(signature);
}
// Percent encoding
function percentEncode(str) {
return encodeURIComponent(str).replace(/[!*()']/g, (character) => {
return '%' + character.charCodeAt(0).toString(16);
});
}
// HMAC-SHA1 Encoding, uses jsSHA lib
var jsSHA = require('jssha');
function hmac_sha1(string, secret) {
let shaObj = new jsSHA("SHA-1", "TEXT");
shaObj.setHMACKey(secret, "TEXT");
shaObj.update(string);
let hmac = shaObj.getHMAC("B64");
return hmac;
}
// Merge two objects
function mergeObjs(obj1, obj2) {
for (var attr in obj2) {
obj1[attr] = obj2[attr];
}
return obj1;
}
// Generate Sorted Parameter String for base string params
function genSortedParamStr(params, key, token, timestamp, nonce) {
// Merge oauth params & request params to single object
let paramObj = mergeObjs(
{
oauth_consumer_key : key,
oauth_nonce : nonce,
oauth_signature_method : 'HMAC-SHA1',
oauth_timestamp : timestamp,
oauth_token : token,
oauth_version : '1.0'
},
params
);
// Sort alphabetically
let paramObjKeys = Object.keys(paramObj);
let len = paramObjKeys.length;
paramObjKeys.sort();
// Interpolate to string with format as key1=val1&key2=val2&...
let paramStr = paramObjKeys[0] + '=' + paramObj[paramObjKeys[0]];
for (var i = 1; i < len; i++) {
paramStr += '&' + paramObjKeys[i] + '=' + percentEncode(decodeURIComponent(paramObj[paramObjKeys[i]]));
}
return paramStr;
}
likePhoto (id) {
const btoa = require('btoa');
// Get acces keys
const consumerKey = '-',
consumerSecret = '-',
accessToken = Meteor.user().services.Fivehundredpx.accessToken,
accessTokenSecret = Meteor.user().services.Fivehundredpx.accessTokenSecret;
// timestamp as unix epoch
let timestamp = Math.round(Date.now() / 1000);
// nonce as base64 encoded unique random string
let nonce = btoa(consumerKey + ':' + timestamp);
// generate signature from base string & signing key
let httpMethod = 'POST';
let baseUrl = 'https://api.500px.com/v1/photos/231034201/vote?vote=1';
let reqParams = '';
let baseString = oAuthBaseString(httpMethod, baseUrl, reqParams, consumerKey, accessToken, timestamp, nonce);
let signingKey = oAuthSigningKey(consumerSecret, accessTokenSecret);
let signature = oAuthSignature(baseString, signingKey);
// return interpolated string
let authorization = 'OAuth ' +
'oauth_consumer_key="' + consumerKey + '", ' +
'oauth_nonce="' + nonce + '", ' +
'oauth_signature="' + signature + '", ' +
'oauth_signature_method="HMAC-SHA1", ' +
'oauth_timestamp="' + timestamp + '", ' +
'oauth_token="' + accessToken + '", ' +
'oauth_version="1.0"';
console.log(authorization);
HTTP.call(httpMethod, baseUrl,
{headers: {
Authorization: authorization,
}},
function (error, result) {
console.log(result || error);
});
}
我正在使用这个 api client 进行测试,所有请求都工作正常。所以这应该是我这边的一个错误,尽管我使用了类似的工作流程和代码来实现另一个 OAuth 1.0 身份验证请求并且它有效。
错误信息:
{
statusCode: 401,
content: '',
headers:
{ date: 'Mon, 09 Oct 2017 05:27:17 GMT',
'content-type': 'text/html',
'transfer-encoding': 'chunked',
connection: 'close',
status: '401 Unauthorized',
'x-xss-protection': '1; mode=block',
'x-content-type-options': 'nosniff',
'cache-control': 'no-cache',
'set-cookie':
[ 'device_uuid=4b97d884-b24e-413c-90ee-60d11e7f2ad7; path=/; expires=Fri, 09 Oct 2037 05:27:17 -0000',
'_hpx1=BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJWE2MDVmYmUyZjBkODlmNGFhYmM5MjM5OGEwNjU2NzI5BjsAVEkiCWhvc3QGOwBGIhJhcGkuNTAwcHguY29t--aa2897a2b8ee32b650e0d830d51882e5ac8208cb; domain=.500px.com; path=/; HttpOnly' ],
'x-request-id': '7e13f562-2525-472c-9b80-9870905e6eea',
'x-runtime': '0.011553',
'x-rack-cache': 'invalidate, pass',
server: 'api20-ovh-bhs'
},
data: null
}
我终于弄明白了这个问题,这是对我有用的代码。
import crypto from 'crypto';
import OAuth from 'oauth-1.0a';
const oauth = OAuth({
consumer: {
key: '<YOUR-KEY>',
secret: '<YOUR-KEY-SECRET>'
},
signature_method: 'HMAC-SHA1',
hash_function: function(base_string, key) {
return crypto.createHmac('sha1', key).update(base_string).digest('base64');
}
});
likePhoto: function (id) {
const future = new Future();
const requestData = {
url: `https://api.500px.com/v1/photos/${id}/vote?vote=1`,
method: 'POST'
};
const token = {
key: Meteor.user().services.Fivehundredpx.accessToken,
secret: Meteor.user().services.Fivehundredpx.accessTokenSecret
};
HTTP.call(requestData.method, requestData.url, {
headers: oauth.toHeader(oauth.authorize(requestData, token)),
}, function (error, response) {
if (error) {
future.return(error);
} else {
future.return(response);
}
});
return future.wait();
}
我需要通过 oauth 1.0 向 500px api 发出经过身份验证的请求。我一直在关注这个 guide 并以几种不同的方式实施了所描述的工作流程,但我一直在 statusCode: 401...
.
OAuth 请求的构造方式如下:
这里是我到目前为止的尝试:
尝试 #1:
likePhoto (id) {
let crypto = Npm.require('crypto'),
consumerKey = '-',
consumerSecret = '-',
accessToken = Meteor.user().services.Fivehundredpx.accessToken,
accessTokenSecret = Meteor.user().services.Fivehundredpx.accessTokenSecret,
url = 'https://api.500px.com/v1/photos/231034201/vote?vote=1',
date = new Date,
method = 'POST';
// Note that the keys are in alphabetical order
let reqObj = {
oauth_consumer_key: consumerKey,
oauth_nonce: Math.random().toString(36).replace(/[^a-z]/, '').substr(2),
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: Math.floor(date.getTime() / 1000),
oauth_token: accessToken,
oauth_version: '1.0'
};
// construct a param=value& string and uriEncode
let paramsStr = '';
for (let i in reqObj) {
paramsStr += "&" + i + "=" + reqObj[i];
}
// yank off that first "&"
paramsStr = paramsStr.substr(1);
let sigBaseStr = method + "&" + encodeURIComponent(url) + "&" + encodeURIComponent(paramsStr);
consumerSecret += "&" + accessTokenSecret;
let hashedBaseStr = crypto.createHmac('sha1', consumerSecret).update(sigBaseStr).digest('base64');
// Add oauth_signature to the request object
reqObj.oauth_signature = encodeURIComponent(hashedBaseStr);
let authorization = 'OAuth ';
for (let i in reqObj) {
authorization += i + '="'+ reqObj[i] + '",';
}
console.log(authorization);
Meteor.http.call(method, url,
{headers: {
Authorization: authorization,
}},
function (error, result) {
console.log(result || error);
});
}
尝试 #2:
likePhoto (id) {
const oauthSignature = require('oauth-signature');
let date = new Date;
let httpMethod = 'POST',
url = 'https://api.500px.com/v1/photos/231034201/vote?vote=1',
parameters = {
oauth_consumer_key : '',
oauth_nonce : Math.random().toString(36).replace(/[^a-z]/, '').substr(2),
oauth_signature_method : 'HMAC-SHA1',
oauth_timestamp : Math.floor(date.getTime() / 1000),
oauth_token : Meteor.user().services.Fivehundredpx.accessToken,
oauth_version : '1.0',
},
consumerSecret = '',
tokenSecret = Meteor.user().services.Fivehundredpx.accessTokenSecret,
// generates a RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hash
encodedSignature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret),
// generates a BASE64 encode HMAC-SHA1 hчash
signature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret,
{ encodeSignature: false});
// construct a param=value& string and uriEncode
let paramsStr = '';
for (let i in parameters) {
paramsStr += "&" + i + "=" + parameters[i];
}
// Add oauth_signature to the request object
parameters.oauth_signature = encodedSignature;
let authorization = 'OAuth ';
for (let i in parameters) {
authorization += i + '="'+ parameters[i] + '",';
}
console.log(authorization);
HTTP.call(httpMethod, url,
{
headers: {
'Authorization': authorization,
}
},
function (error, result) {
console.log(result || error);
});
}
尝试 #3:
function oAuthBaseString(method, url, params, key, token, timestamp, nonce) {
return method
+ '&' + percentEncode(url)
+ '&' + percentEncode(genSortedParamStr(params, key, token, timestamp, nonce));
}
function oAuthSigningKey(consumer_secret, token_secret) {
return consumer_secret + '&' + token_secret;
}
function oAuthSignature(base_string, signing_key) {
var signature = hmac_sha1(base_string, signing_key);
return percentEncode(signature);
}
// Percent encoding
function percentEncode(str) {
return encodeURIComponent(str).replace(/[!*()']/g, (character) => {
return '%' + character.charCodeAt(0).toString(16);
});
}
// HMAC-SHA1 Encoding, uses jsSHA lib
var jsSHA = require('jssha');
function hmac_sha1(string, secret) {
let shaObj = new jsSHA("SHA-1", "TEXT");
shaObj.setHMACKey(secret, "TEXT");
shaObj.update(string);
let hmac = shaObj.getHMAC("B64");
return hmac;
}
// Merge two objects
function mergeObjs(obj1, obj2) {
for (var attr in obj2) {
obj1[attr] = obj2[attr];
}
return obj1;
}
// Generate Sorted Parameter String for base string params
function genSortedParamStr(params, key, token, timestamp, nonce) {
// Merge oauth params & request params to single object
let paramObj = mergeObjs(
{
oauth_consumer_key : key,
oauth_nonce : nonce,
oauth_signature_method : 'HMAC-SHA1',
oauth_timestamp : timestamp,
oauth_token : token,
oauth_version : '1.0'
},
params
);
// Sort alphabetically
let paramObjKeys = Object.keys(paramObj);
let len = paramObjKeys.length;
paramObjKeys.sort();
// Interpolate to string with format as key1=val1&key2=val2&...
let paramStr = paramObjKeys[0] + '=' + paramObj[paramObjKeys[0]];
for (var i = 1; i < len; i++) {
paramStr += '&' + paramObjKeys[i] + '=' + percentEncode(decodeURIComponent(paramObj[paramObjKeys[i]]));
}
return paramStr;
}
likePhoto (id) {
const btoa = require('btoa');
// Get acces keys
const consumerKey = '-',
consumerSecret = '-',
accessToken = Meteor.user().services.Fivehundredpx.accessToken,
accessTokenSecret = Meteor.user().services.Fivehundredpx.accessTokenSecret;
// timestamp as unix epoch
let timestamp = Math.round(Date.now() / 1000);
// nonce as base64 encoded unique random string
let nonce = btoa(consumerKey + ':' + timestamp);
// generate signature from base string & signing key
let httpMethod = 'POST';
let baseUrl = 'https://api.500px.com/v1/photos/231034201/vote?vote=1';
let reqParams = '';
let baseString = oAuthBaseString(httpMethod, baseUrl, reqParams, consumerKey, accessToken, timestamp, nonce);
let signingKey = oAuthSigningKey(consumerSecret, accessTokenSecret);
let signature = oAuthSignature(baseString, signingKey);
// return interpolated string
let authorization = 'OAuth ' +
'oauth_consumer_key="' + consumerKey + '", ' +
'oauth_nonce="' + nonce + '", ' +
'oauth_signature="' + signature + '", ' +
'oauth_signature_method="HMAC-SHA1", ' +
'oauth_timestamp="' + timestamp + '", ' +
'oauth_token="' + accessToken + '", ' +
'oauth_version="1.0"';
console.log(authorization);
HTTP.call(httpMethod, baseUrl,
{headers: {
Authorization: authorization,
}},
function (error, result) {
console.log(result || error);
});
}
我正在使用这个 api client 进行测试,所有请求都工作正常。所以这应该是我这边的一个错误,尽管我使用了类似的工作流程和代码来实现另一个 OAuth 1.0 身份验证请求并且它有效。
错误信息:
{
statusCode: 401,
content: '',
headers:
{ date: 'Mon, 09 Oct 2017 05:27:17 GMT',
'content-type': 'text/html',
'transfer-encoding': 'chunked',
connection: 'close',
status: '401 Unauthorized',
'x-xss-protection': '1; mode=block',
'x-content-type-options': 'nosniff',
'cache-control': 'no-cache',
'set-cookie':
[ 'device_uuid=4b97d884-b24e-413c-90ee-60d11e7f2ad7; path=/; expires=Fri, 09 Oct 2037 05:27:17 -0000',
'_hpx1=BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJWE2MDVmYmUyZjBkODlmNGFhYmM5MjM5OGEwNjU2NzI5BjsAVEkiCWhvc3QGOwBGIhJhcGkuNTAwcHguY29t--aa2897a2b8ee32b650e0d830d51882e5ac8208cb; domain=.500px.com; path=/; HttpOnly' ],
'x-request-id': '7e13f562-2525-472c-9b80-9870905e6eea',
'x-runtime': '0.011553',
'x-rack-cache': 'invalidate, pass',
server: 'api20-ovh-bhs'
},
data: null
}
我终于弄明白了这个问题,这是对我有用的代码。
import crypto from 'crypto';
import OAuth from 'oauth-1.0a';
const oauth = OAuth({
consumer: {
key: '<YOUR-KEY>',
secret: '<YOUR-KEY-SECRET>'
},
signature_method: 'HMAC-SHA1',
hash_function: function(base_string, key) {
return crypto.createHmac('sha1', key).update(base_string).digest('base64');
}
});
likePhoto: function (id) {
const future = new Future();
const requestData = {
url: `https://api.500px.com/v1/photos/${id}/vote?vote=1`,
method: 'POST'
};
const token = {
key: Meteor.user().services.Fivehundredpx.accessToken,
secret: Meteor.user().services.Fivehundredpx.accessTokenSecret
};
HTTP.call(requestData.method, requestData.url, {
headers: oauth.toHeader(oauth.authorize(requestData, token)),
}, function (error, response) {
if (error) {
future.return(error);
} else {
future.return(response);
}
});
return future.wait();
}