nodejs HTTP摘要身份验证无效

时间:2014-08-11 15:11:59

标签: node.js https digest digest-authentication

我一直在深入挖掘堆栈溢出但未能解决我的问题。我试图访问使用摘要但没有成功的API,而我的同事也无法确定问题。我已经撞到了墙上,来到Stack Overflow来问我的问题。

这是我的身份验证码:

var https = require("https"),
    crypto = require('crypto'),
    _ = require('underscore');

var options = {
    host: 'api.example.com',
    port: 80,
    path: '/path/to/uri/',
    method: 'GET',
    accept: 'application/json',
    acceptEncoding: 'gzip, deflate',
    connection: 'keep-alive',
    rejectUnauthorized: false,
    requestCert: true,
    agent: false
};

var username = 'username',
    password = 'httppassword';

var req = https.get(options, function(res) {

    res.setEncoding('utf-8');

    console.log(res.url);
    console.log('STATUS: ' + res.statusCode);
    console.log('HEADERS: ' + JSON.stringify(res.headers));

    var data = "";

    res.on('data', function (chunk) {
        data = data + chunk;
    });

    res.on('end', function(){

        console.log(data);
        var challengeParams = parseDigest(res.headers['www-authenticate']);
        console.log(challengeParams);
        var ha1 = crypto.createHash('md5').update(username + ':' + challengeParams.realm + ':' + password).digest('hex');
        var ha2 = crypto.createHash('md5').update('GET:' + options.path).digest('hex');
        var response = crypto.createHash('md5').update(ha1 + ':' + challengeParams.nonce + ':1::auth:' + ha2).digest('hex');
        var authRequestParams = {
            username : username,
            realm : challengeParams.realm,
            nonce : challengeParams.nonce,
            uri : options.path, 
            qop : challengeParams.qop,
            response : response,
            nc : 1,
            cnonce : ''
        };
        options.headers = { 'Authorization' : renderDigest(authRequestParams) };
        console.log(options);
        https.get(options, function(res) {

            console.log("STATUS: " + res.statusCode);
            console.log("HEADERS: "  + JSON.stringify(res.headers));

            res.setEncoding('utf-8');
            var content = '';
            res.on('data', function(chunk) {
                content += chunk;
            }).on('end', function() {
                console.log(content);
            });
        })
    });

});

req.on('error' ,function(err){
    console.log("request");
    console.log(err);
});

req.write('data\n');
req.write('data\n');
req.end();

这是API发回的挑战标题

{ realm: 'API realm',
  domain: 'https:/api.example.com/',
  qop: 'auth',
  nonce: 'UZ43b0FWC9591pMjy1i6H2okVwgMbDVO6fcgcQ' }

编辑:

我认为对于那些希望回答这个问题的人来说,提供我实际发送给API的内容会有所帮助,所以现在就是这样。

{ host: 'api.example.com',
  port: 80,
  path: '/path/to/uri/',
  method: 'GET',
  accept: 'application/json',
  acceptEncoding: 'gzip, deflate',
  connection: 'keep-alive',
  rejectUnauthorized: false,
  requestCert: true,
  agent: false,
  headers: { Authorization: 'Digest username="uname", realm="API realm", nonce="UZ43b0FWC9591pMjy1i6H2okVwgMbDVO6fcgcQ", uri="/path/to/uri", qop="auth", response="09c536e22bca031cdbcb289e4065064a", nc="1", cnonce=""' } }

1 个答案:

答案 0 :(得分:1)

您可以使用支持摘要式身份验证的http-auth模块

// HTTP module
var http = require('http');

// Authentication module.
var auth = require('http-auth');
var digest = auth.digest({
    realm: "Simon Area.",
    file: __dirname + "/../data/users.htdigest" // vivi:anna, sona:testpass
});

// Creating new HTTP server.
http.createServer(digest, function(req, res) {
    res.end("Welcome to private area - " + req.user + "!");
}).listen(1337);