我一直在深入挖掘堆栈溢出但未能解决我的问题。我试图访问使用摘要但没有成功的API,而我的同事也无法确定问题。我已经撞到了墙上,来到Stack Overflow来问我的问题。
这是我的身份验证码:
var https = require("https"),
crypto = require('crypto'),
_ = require('underscore');
var options = {
host: 'api.example.com',
port: 80,
path: '/path/to/uri/',
method: 'GET',
accept: 'application/json',
acceptEncoding: 'gzip, deflate',
connection: 'keep-alive',
rejectUnauthorized: false,
requestCert: true,
agent: false
};
var username = 'username',
password = 'httppassword';
var req = https.get(options, function(res) {
res.setEncoding('utf-8');
console.log(res.url);
console.log('STATUS: ' + res.statusCode);
console.log('HEADERS: ' + JSON.stringify(res.headers));
var data = "";
res.on('data', function (chunk) {
data = data + chunk;
});
res.on('end', function(){
console.log(data);
var challengeParams = parseDigest(res.headers['www-authenticate']);
console.log(challengeParams);
var ha1 = crypto.createHash('md5').update(username + ':' + challengeParams.realm + ':' + password).digest('hex');
var ha2 = crypto.createHash('md5').update('GET:' + options.path).digest('hex');
var response = crypto.createHash('md5').update(ha1 + ':' + challengeParams.nonce + ':1::auth:' + ha2).digest('hex');
var authRequestParams = {
username : username,
realm : challengeParams.realm,
nonce : challengeParams.nonce,
uri : options.path,
qop : challengeParams.qop,
response : response,
nc : 1,
cnonce : ''
};
options.headers = { 'Authorization' : renderDigest(authRequestParams) };
console.log(options);
https.get(options, function(res) {
console.log("STATUS: " + res.statusCode);
console.log("HEADERS: " + JSON.stringify(res.headers));
res.setEncoding('utf-8');
var content = '';
res.on('data', function(chunk) {
content += chunk;
}).on('end', function() {
console.log(content);
});
})
});
});
req.on('error' ,function(err){
console.log("request");
console.log(err);
});
req.write('data\n');
req.write('data\n');
req.end();
这是API发回的挑战标题
{ realm: 'API realm',
domain: 'https:/api.example.com/',
qop: 'auth',
nonce: 'UZ43b0FWC9591pMjy1i6H2okVwgMbDVO6fcgcQ' }
编辑:
我认为对于那些希望回答这个问题的人来说,提供我实际发送给API的内容会有所帮助,所以现在就是这样。
{ host: 'api.example.com',
port: 80,
path: '/path/to/uri/',
method: 'GET',
accept: 'application/json',
acceptEncoding: 'gzip, deflate',
connection: 'keep-alive',
rejectUnauthorized: false,
requestCert: true,
agent: false,
headers: { Authorization: 'Digest username="uname", realm="API realm", nonce="UZ43b0FWC9591pMjy1i6H2okVwgMbDVO6fcgcQ", uri="/path/to/uri", qop="auth", response="09c536e22bca031cdbcb289e4065064a", nc="1", cnonce=""' } }
答案 0 :(得分:1)
您可以使用支持摘要式身份验证的http-auth模块
// HTTP module
var http = require('http');
// Authentication module.
var auth = require('http-auth');
var digest = auth.digest({
realm: "Simon Area.",
file: __dirname + "/../data/users.htdigest" // vivi:anna, sona:testpass
});
// Creating new HTTP server.
http.createServer(digest, function(req, res) {
res.end("Welcome to private area - " + req.user + "!");
}).listen(1337);