我正在编写一个简单的Twitter登录并尝试获取请求令牌以便将用户重定向到访问令牌,但我总是以couldn't authenticate you错误结束
我试图添加签名作为最后一个标题它也没有用。
当我删除一些标题我得到错误的身份验证数据错误所以使用这种配置我假设一切正常我只是无法弄清楚我做错了什么并且twitter拒绝发回请求令牌。
这是我的代码
'use strict';
const https = require("https");
const cfg = require('./config');
// const cfg=require(`${__dirname}/config`);
const qs = require("querystring");
const esc = qs.escape;
const crypto = require('crypto');
const HMAC = crypto.createHmac;
class twitter {
constructor(o) {
// if (!o || !o.consumer_key || !o.consumer_secret) throw new Error("Missing Paramaters");
this.id = o.consumer_key;
this.secret = o.consumer_secret;
}
getNonce() {
let num = 32;
let preDefined = Date.now().toString().split("");
num -= preDefined.length;
while (num--) {
preDefined.push(Math.round(Math.random() * 31).toString(32));
}
return (new Buffer(preDefined.join("")).toString("base64"));
}
getSignature(HTTPmethod, url, parameters, tokenSecret) {
const method = HTTPmethod.toUpperCase();
const baseUrl = url;
const params = parameters;
const sorted = Object.keys(params).sort();
let baseString = `${esc(method)}&${esc(baseUrl)}`;
let signingKey = `${esc(this.secret)}&`
signingKey += tokenSecret ? esc(tokenSecret) : "";
let firstRun = true;
sorted.forEach(param => {
if (firstRun) {
baseString += "&";
firstRun = false;
}
else {
baseString += esc("&");
}
baseString += esc(`${param}=${params[param]}`);
});
return HMAC('SHA1', signingKey).update(baseString).digest('base64');
// return baseString;
}
getHeaders(httpMethod, baseUrl, additional, token, tokenSecret, extraHeaders) {
let headers = {
oauth_consumer_key: this.id,
oauth_nonce: this.getNonce(),
oauth_signature_method: "HMAC-SHA1",
oauth_timestamp: Math.floor(Date.now() / 1000),
oauth_version: "1.0"
}
if (extraHeaders) {
for (let i in extraHeaders) {
headers[i] = extraHeaders[i];
}
}
if (token) headers.oauth_token = token;
let params = headers;
if (additional) {
for (let i in additional) {
params[i] = additional[i];
}
}
// const signature = this.getSignature(httpMethod, baseUrl, params, tokenSecret || "");
headers.oauth_signature = this.getSignature(httpMethod, baseUrl, params, tokenSecret || "");
let header = `OAuth `;
let firstRun = true;
const sorted = Object.keys(headers).sort();
sorted.forEach(i => {
let prefix;
if (firstRun) {
prefix = "";
firstRun = false;
}
else {
prefix = ", ";
}
header += `${prefix}${esc(i)}="${esc(headers[i])}"`
});
// header += `, oauth_signature="${esc(signature)}"`;
return header;
}
getRequestToken(cb) {
if (!cb) throw new Error('callback must be defined');
const callbackUrl = cb;
let headers = this.getHeaders("POST", "https://api.twitter.com/oauth/request_token", false, false, false, {
oauth_callback: callbackUrl
});
const reqParams = {
method: "POST",
host: "api.twitter.com",
path: "/oauth/request_token",
headers: { "Authorization": headers }
}
const req = https.request(reqParams, res => {
let data = "";
res.on("data", d => data += d);
res.on("end", _ => console.log(data));
}); req.end();
console.log(req._headers);
}
}
(new twitter({
consumer_key: cfg.id,
consumer_secret: cfg.secret
})).getRequestToken("https://127.0.0.1/twitter");
答案 0 :(得分:3)
关键是双重转义基本字符串参数