1 line
28 KiB
JSON
1 line
28 KiB
JSON
{"ast":null,"code":"// Copyright 2012 Joyent, Inc. All rights reserved.\nvar assert = require('assert-plus');\n\nvar util = require('util');\n\nvar utils = require('./utils'); ///--- Globals\n\n\nvar HASH_ALGOS = utils.HASH_ALGOS;\nvar PK_ALGOS = utils.PK_ALGOS;\nvar HttpSignatureError = utils.HttpSignatureError;\nvar InvalidAlgorithmError = utils.InvalidAlgorithmError;\nvar validateAlgorithm = utils.validateAlgorithm;\nvar State = {\n New: 0,\n Params: 1\n};\nvar ParamsState = {\n Name: 0,\n Quote: 1,\n Value: 2,\n Comma: 3\n}; ///--- Specific Errors\n\nfunction ExpiredRequestError(message) {\n HttpSignatureError.call(this, message, ExpiredRequestError);\n}\n\nutil.inherits(ExpiredRequestError, HttpSignatureError);\n\nfunction InvalidHeaderError(message) {\n HttpSignatureError.call(this, message, InvalidHeaderError);\n}\n\nutil.inherits(InvalidHeaderError, HttpSignatureError);\n\nfunction InvalidParamsError(message) {\n HttpSignatureError.call(this, message, InvalidParamsError);\n}\n\nutil.inherits(InvalidParamsError, HttpSignatureError);\n\nfunction MissingHeaderError(message) {\n HttpSignatureError.call(this, message, MissingHeaderError);\n}\n\nutil.inherits(MissingHeaderError, HttpSignatureError);\n\nfunction StrictParsingError(message) {\n HttpSignatureError.call(this, message, StrictParsingError);\n}\n\nutil.inherits(StrictParsingError, HttpSignatureError); ///--- Exported API\n\nmodule.exports = {\n /**\n * Parses the 'Authorization' header out of an http.ServerRequest object.\n *\n * Note that this API will fully validate the Authorization header, and throw\n * on any error. It will not however check the signature, or the keyId format\n * as those are specific to your environment. You can use the options object\n * to pass in extra constraints.\n *\n * As a response object you can expect this:\n *\n * {\n * \"scheme\": \"Signature\",\n * \"params\": {\n * \"keyId\": \"foo\",\n * \"algorithm\": \"rsa-sha256\",\n * \"headers\": [\n * \"date\" or \"x-date\",\n * \"digest\"\n * ],\n * \"signature\": \"base64\"\n * },\n * \"signingString\": \"ready to be passed to crypto.verify()\"\n * }\n *\n * @param {Object} request an http.ServerRequest.\n * @param {Object} options an optional options object with:\n * - clockSkew: allowed clock skew in seconds (default 300).\n * - headers: required header names (def: date or x-date)\n * - algorithms: algorithms to support (default: all).\n * - strict: should enforce latest spec parsing\n * (default: false).\n * @return {Object} parsed out object (see above).\n * @throws {TypeError} on invalid input.\n * @throws {InvalidHeaderError} on an invalid Authorization header error.\n * @throws {InvalidParamsError} if the params in the scheme are invalid.\n * @throws {MissingHeaderError} if the params indicate a header not present,\n * either in the request headers from the params,\n * or not in the params from a required header\n * in options.\n * @throws {StrictParsingError} if old attributes are used in strict parsing\n * mode.\n * @throws {ExpiredRequestError} if the value of date or x-date exceeds skew.\n */\n parseRequest: function parseRequest(request, options) {\n assert.object(request, 'request');\n assert.object(request.headers, 'request.headers');\n\n if (options === undefined) {\n options = {};\n }\n\n if (options.headers === undefined) {\n options.headers = [request.headers['x-date'] ? 'x-date' : 'date'];\n }\n\n assert.object(options, 'options');\n assert.arrayOfString(options.headers, 'options.headers');\n assert.optionalFinite(options.clockSkew, 'options.clockSkew');\n var authzHeaderName = options.authorizationHeaderName || 'authorization';\n\n if (!request.headers[authzHeaderName]) {\n throw new MissingHeaderError('no ' + authzHeaderName + ' header ' + 'present in the request');\n }\n\n options.clockSkew = options.clockSkew || 300;\n var i = 0;\n var state = State.New;\n var substate = ParamsState.Name;\n var tmpName = '';\n var tmpValue = '';\n var parsed = {\n scheme: '',\n params: {},\n signingString: ''\n };\n var authz = request.headers[authzHeaderName];\n\n for (i = 0; i < authz.length; i++) {\n var c = authz.charAt(i);\n\n switch (Number(state)) {\n case State.New:\n if (c !== ' ') parsed.scheme += c;else state = State.Params;\n break;\n\n case State.Params:\n switch (Number(substate)) {\n case ParamsState.Name:\n var code = c.charCodeAt(0); // restricted name of A-Z / a-z\n\n if (code >= 0x41 && code <= 0x5a || code >= 0x61 && code <= 0x7a) {\n // a-z\n tmpName += c;\n } else if (c === '=') {\n if (tmpName.length === 0) throw new InvalidHeaderError('bad param format');\n substate = ParamsState.Quote;\n } else {\n throw new InvalidHeaderError('bad param format');\n }\n\n break;\n\n case ParamsState.Quote:\n if (c === '\"') {\n tmpValue = '';\n substate = ParamsState.Value;\n } else {\n throw new InvalidHeaderError('bad param format');\n }\n\n break;\n\n case ParamsState.Value:\n if (c === '\"') {\n parsed.params[tmpName] = tmpValue;\n substate = ParamsState.Comma;\n } else {\n tmpValue += c;\n }\n\n break;\n\n case ParamsState.Comma:\n if (c === ',') {\n tmpName = '';\n substate = ParamsState.Name;\n } else {\n throw new InvalidHeaderError('bad param format');\n }\n\n break;\n\n default:\n throw new Error('Invalid substate');\n }\n\n break;\n\n default:\n throw new Error('Invalid substate');\n }\n }\n\n if (!parsed.params.headers || parsed.params.headers === '') {\n if (request.headers['x-date']) {\n parsed.params.headers = ['x-date'];\n } else {\n parsed.params.headers = ['date'];\n }\n } else {\n parsed.params.headers = parsed.params.headers.split(' ');\n } // Minimally validate the parsed object\n\n\n if (!parsed.scheme || parsed.scheme !== 'Signature') throw new InvalidHeaderError('scheme was not \"Signature\"');\n if (!parsed.params.keyId) throw new InvalidHeaderError('keyId was not specified');\n if (!parsed.params.algorithm) throw new InvalidHeaderError('algorithm was not specified');\n if (!parsed.params.signature) throw new InvalidHeaderError('signature was not specified'); // Check the algorithm against the official list\n\n parsed.params.algorithm = parsed.params.algorithm.toLowerCase();\n\n try {\n validateAlgorithm(parsed.params.algorithm);\n } catch (e) {\n if (e instanceof InvalidAlgorithmError) throw new InvalidParamsError(parsed.params.algorithm + ' is not ' + 'supported');else throw e;\n } // Build the signingString\n\n\n for (i = 0; i < parsed.params.headers.length; i++) {\n var h = parsed.params.headers[i].toLowerCase();\n parsed.params.headers[i] = h;\n\n if (h === 'request-line') {\n if (!options.strict) {\n /*\n * We allow headers from the older spec drafts if strict parsing isn't\n * specified in options.\n */\n parsed.signingString += request.method + ' ' + request.url + ' HTTP/' + request.httpVersion;\n } else {\n /* Strict parsing doesn't allow older draft headers. */\n throw new StrictParsingError('request-line is not a valid header ' + 'with strict parsing enabled.');\n }\n } else if (h === '(request-target)') {\n parsed.signingString += '(request-target): ' + request.method.toLowerCase() + ' ' + request.url;\n } else {\n var value = request.headers[h];\n if (value === undefined) throw new MissingHeaderError(h + ' was not in the request');\n parsed.signingString += h + ': ' + value;\n }\n\n if (i + 1 < parsed.params.headers.length) parsed.signingString += '\\n';\n } // Check against the constraints\n\n\n var date;\n\n if (request.headers.date || request.headers['x-date']) {\n if (request.headers['x-date']) {\n date = new Date(request.headers['x-date']);\n } else {\n date = new Date(request.headers.date);\n }\n\n var now = new Date();\n var skew = Math.abs(now.getTime() - date.getTime());\n\n if (skew > options.clockSkew * 1000) {\n throw new ExpiredRequestError('clock skew of ' + skew / 1000 + 's was greater than ' + options.clockSkew + 's');\n }\n }\n\n options.headers.forEach(function (hdr) {\n // Remember that we already checked any headers in the params\n // were in the request, so if this passes we're good.\n if (parsed.params.headers.indexOf(hdr.toLowerCase()) < 0) throw new MissingHeaderError(hdr + ' was not a signed header');\n });\n\n if (options.algorithms) {\n if (options.algorithms.indexOf(parsed.params.algorithm) === -1) throw new InvalidParamsError(parsed.params.algorithm + ' is not a supported algorithm');\n }\n\n parsed.algorithm = parsed.params.algorithm.toUpperCase();\n parsed.keyId = parsed.params.keyId;\n return parsed;\n }\n};","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/http-signature/lib/parser.js"],"names":["assert","require","util","utils","HASH_ALGOS","PK_ALGOS","HttpSignatureError","InvalidAlgorithmError","validateAlgorithm","State","New","Params","ParamsState","Name","Quote","Value","Comma","ExpiredRequestError","message","call","inherits","InvalidHeaderError","InvalidParamsError","MissingHeaderError","StrictParsingError","module","exports","parseRequest","request","options","object","headers","undefined","arrayOfString","optionalFinite","clockSkew","authzHeaderName","authorizationHeaderName","i","state","substate","tmpName","tmpValue","parsed","scheme","params","signingString","authz","length","c","charAt","Number","code","charCodeAt","Error","split","keyId","algorithm","signature","toLowerCase","e","h","strict","method","url","httpVersion","value","date","Date","now","skew","Math","abs","getTime","forEach","hdr","indexOf","algorithms","toUpperCase"],"mappings":"AAAA;AAEA,IAAIA,MAAM,GAAGC,OAAO,CAAC,aAAD,CAApB;;AACA,IAAIC,IAAI,GAAGD,OAAO,CAAC,MAAD,CAAlB;;AACA,IAAIE,KAAK,GAAGF,OAAO,CAAC,SAAD,CAAnB,C,CAIA;;;AAEA,IAAIG,UAAU,GAAGD,KAAK,CAACC,UAAvB;AACA,IAAIC,QAAQ,GAAGF,KAAK,CAACE,QAArB;AACA,IAAIC,kBAAkB,GAAGH,KAAK,CAACG,kBAA/B;AACA,IAAIC,qBAAqB,GAAGJ,KAAK,CAACI,qBAAlC;AACA,IAAIC,iBAAiB,GAAGL,KAAK,CAACK,iBAA9B;AAEA,IAAIC,KAAK,GAAG;AACVC,EAAAA,GAAG,EAAE,CADK;AAEVC,EAAAA,MAAM,EAAE;AAFE,CAAZ;AAKA,IAAIC,WAAW,GAAG;AAChBC,EAAAA,IAAI,EAAE,CADU;AAEhBC,EAAAA,KAAK,EAAE,CAFS;AAGhBC,EAAAA,KAAK,EAAE,CAHS;AAIhBC,EAAAA,KAAK,EAAE;AAJS,CAAlB,C,CAQA;;AAGA,SAASC,mBAAT,CAA6BC,OAA7B,EAAsC;AACpCZ,EAAAA,kBAAkB,CAACa,IAAnB,CAAwB,IAAxB,EAA8BD,OAA9B,EAAuCD,mBAAvC;AACD;;AACDf,IAAI,CAACkB,QAAL,CAAcH,mBAAd,EAAmCX,kBAAnC;;AAGA,SAASe,kBAAT,CAA4BH,OAA5B,EAAqC;AACnCZ,EAAAA,kBAAkB,CAACa,IAAnB,CAAwB,IAAxB,EAA8BD,OAA9B,EAAuCG,kBAAvC;AACD;;AACDnB,IAAI,CAACkB,QAAL,CAAcC,kBAAd,EAAkCf,kBAAlC;;AAGA,SAASgB,kBAAT,CAA4BJ,OAA5B,EAAqC;AACnCZ,EAAAA,kBAAkB,CAACa,IAAnB,CAAwB,IAAxB,EAA8BD,OAA9B,EAAuCI,kBAAvC;AACD;;AACDpB,IAAI,CAACkB,QAAL,CAAcE,kBAAd,EAAkChB,kBAAlC;;AAGA,SAASiB,kBAAT,CAA4BL,OAA5B,EAAqC;AACnCZ,EAAAA,kBAAkB,CAACa,IAAnB,CAAwB,IAAxB,EAA8BD,OAA9B,EAAuCK,kBAAvC;AACD;;AACDrB,IAAI,CAACkB,QAAL,CAAcG,kBAAd,EAAkCjB,kBAAlC;;AAEA,SAASkB,kBAAT,CAA4BN,OAA5B,EAAqC;AACnCZ,EAAAA,kBAAkB,CAACa,IAAnB,CAAwB,IAAxB,EAA8BD,OAA9B,EAAuCM,kBAAvC;AACD;;AACDtB,IAAI,CAACkB,QAAL,CAAcI,kBAAd,EAAkClB,kBAAlC,E,CAEA;;AAEAmB,MAAM,CAACC,OAAP,GAAiB;AAEf;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACEC,EAAAA,YAAY,EAAE,SAASA,YAAT,CAAsBC,OAAtB,EAA+BC,OAA/B,EAAwC;AACpD7B,IAAAA,MAAM,CAAC8B,MAAP,CAAcF,OAAd,EAAuB,SAAvB;AACA5B,IAAAA,MAAM,CAAC8B,MAAP,CAAcF,OAAO,CAACG,OAAtB,EAA+B,iBAA/B;;AACA,QAAIF,OAAO,KAAKG,SAAhB,EAA2B;AACzBH,MAAAA,OAAO,GAAG,EAAV;AACD;;AACD,QAAIA,OAAO,CAACE,OAAR,KAAoBC,SAAxB,EAAmC;AACjCH,MAAAA,OAAO,CAACE,OAAR,GAAkB,CAACH,OAAO,CAACG,OAAR,CAAgB,QAAhB,IAA4B,QAA5B,GAAuC,MAAxC,CAAlB;AACD;;AACD/B,IAAAA,MAAM,CAAC8B,MAAP,CAAcD,OAAd,EAAuB,SAAvB;AACA7B,IAAAA,MAAM,CAACiC,aAAP,CAAqBJ,OAAO,CAACE,OAA7B,EAAsC,iBAAtC;AACA/B,IAAAA,MAAM,CAACkC,cAAP,CAAsBL,OAAO,CAACM,SAA9B,EAAyC,mBAAzC;AAEA,QAAIC,eAAe,GAAGP,OAAO,CAACQ,uBAAR,IAAmC,eAAzD;;AAEA,QAAI,CAACT,OAAO,CAACG,OAAR,CAAgBK,eAAhB,CAAL,EAAuC;AACrC,YAAM,IAAIb,kBAAJ,CAAuB,QAAQa,eAAR,GAA0B,UAA1B,GACA,wBADvB,CAAN;AAED;;AAEDP,IAAAA,OAAO,CAACM,SAAR,GAAoBN,OAAO,CAACM,SAAR,IAAqB,GAAzC;AAGA,QAAIG,CAAC,GAAG,CAAR;AACA,QAAIC,KAAK,GAAG9B,KAAK,CAACC,GAAlB;AACA,QAAI8B,QAAQ,GAAG5B,WAAW,CAACC,IAA3B;AACA,QAAI4B,OAAO,GAAG,EAAd;AACA,QAAIC,QAAQ,GAAG,EAAf;AAEA,QAAIC,MAAM,GAAG;AACXC,MAAAA,MAAM,EAAE,EADG;AAEXC,MAAAA,MAAM,EAAE,EAFG;AAGXC,MAAAA,aAAa,EAAE;AAHJ,KAAb;AAMA,QAAIC,KAAK,GAAGnB,OAAO,CAACG,OAAR,CAAgBK,eAAhB,CAAZ;;AACA,SAAKE,CAAC,GAAG,CAAT,EAAYA,CAAC,GAAGS,KAAK,CAACC,MAAtB,EAA8BV,CAAC,EAA/B,EAAmC;AACjC,UAAIW,CAAC,GAAGF,KAAK,CAACG,MAAN,CAAaZ,CAAb,CAAR;;AAEA,cAAQa,MAAM,CAACZ,KAAD,CAAd;AAEA,aAAK9B,KAAK,CAACC,GAAX;AACE,cAAIuC,CAAC,KAAK,GAAV,EAAeN,MAAM,CAACC,MAAP,IAAiBK,CAAjB,CAAf,KACKV,KAAK,GAAG9B,KAAK,CAACE,MAAd;AACL;;AAEF,aAAKF,KAAK,CAACE,MAAX;AACE,kBAAQwC,MAAM,CAACX,QAAD,CAAd;AAEA,iBAAK5B,WAAW,CAACC,IAAjB;AACE,kBAAIuC,IAAI,GAAGH,CAAC,CAACI,UAAF,CAAa,CAAb,CAAX,CADF,CAEE;;AACA,kBAAKD,IAAI,IAAI,IAAR,IAAgBA,IAAI,IAAI,IAAzB,IACCA,IAAI,IAAI,IAAR,IAAgBA,IAAI,IAAI,IAD7B,EACoC;AAAE;AACpCX,gBAAAA,OAAO,IAAIQ,CAAX;AACD,eAHD,MAGO,IAAIA,CAAC,KAAK,GAAV,EAAe;AACpB,oBAAIR,OAAO,CAACO,MAAR,KAAmB,CAAvB,EACE,MAAM,IAAI3B,kBAAJ,CAAuB,kBAAvB,CAAN;AACFmB,gBAAAA,QAAQ,GAAG5B,WAAW,CAACE,KAAvB;AACD,eAJM,MAIA;AACL,sBAAM,IAAIO,kBAAJ,CAAuB,kBAAvB,CAAN;AACD;;AACD;;AAEF,iBAAKT,WAAW,CAACE,KAAjB;AACE,kBAAImC,CAAC,KAAK,GAAV,EAAe;AACbP,gBAAAA,QAAQ,GAAG,EAAX;AACAF,gBAAAA,QAAQ,GAAG5B,WAAW,CAACG,KAAvB;AACD,eAHD,MAGO;AACL,sBAAM,IAAIM,kBAAJ,CAAuB,kBAAvB,CAAN;AACD;;AACD;;AAEF,iBAAKT,WAAW,CAACG,KAAjB;AACE,kBAAIkC,CAAC,KAAK,GAAV,EAAe;AACbN,gBAAAA,MAAM,CAACE,MAAP,CAAcJ,OAAd,IAAyBC,QAAzB;AACAF,gBAAAA,QAAQ,GAAG5B,WAAW,CAACI,KAAvB;AACD,eAHD,MAGO;AACL0B,gBAAAA,QAAQ,IAAIO,CAAZ;AACD;;AACD;;AAEF,iBAAKrC,WAAW,CAACI,KAAjB;AACE,kBAAIiC,CAAC,KAAK,GAAV,EAAe;AACbR,gBAAAA,OAAO,GAAG,EAAV;AACAD,gBAAAA,QAAQ,GAAG5B,WAAW,CAACC,IAAvB;AACD,eAHD,MAGO;AACL,sBAAM,IAAIQ,kBAAJ,CAAuB,kBAAvB,CAAN;AACD;;AACD;;AAEF;AACE,oBAAM,IAAIiC,KAAJ,CAAU,kBAAV,CAAN;AA7CF;;AA+CA;;AAEF;AACE,gBAAM,IAAIA,KAAJ,CAAU,kBAAV,CAAN;AA1DF;AA6DD;;AAED,QAAI,CAACX,MAAM,CAACE,MAAP,CAAcd,OAAf,IAA0BY,MAAM,CAACE,MAAP,CAAcd,OAAd,KAA0B,EAAxD,EAA4D;AAC1D,UAAIH,OAAO,CAACG,OAAR,CAAgB,QAAhB,CAAJ,EAA+B;AAC7BY,QAAAA,MAAM,CAACE,MAAP,CAAcd,OAAd,GAAwB,CAAC,QAAD,CAAxB;AACD,OAFD,MAEO;AACLY,QAAAA,MAAM,CAACE,MAAP,CAAcd,OAAd,GAAwB,CAAC,MAAD,CAAxB;AACD;AACF,KAND,MAMO;AACLY,MAAAA,MAAM,CAACE,MAAP,CAAcd,OAAd,GAAwBY,MAAM,CAACE,MAAP,CAAcd,OAAd,CAAsBwB,KAAtB,CAA4B,GAA5B,CAAxB;AACD,KA9GmD,CAgHpD;;;AACA,QAAI,CAACZ,MAAM,CAACC,MAAR,IAAkBD,MAAM,CAACC,MAAP,KAAkB,WAAxC,EACE,MAAM,IAAIvB,kBAAJ,CAAuB,4BAAvB,CAAN;AAEF,QAAI,CAACsB,MAAM,CAACE,MAAP,CAAcW,KAAnB,EACE,MAAM,IAAInC,kBAAJ,CAAuB,yBAAvB,CAAN;AAEF,QAAI,CAACsB,MAAM,CAACE,MAAP,CAAcY,SAAnB,EACE,MAAM,IAAIpC,kBAAJ,CAAuB,6BAAvB,CAAN;AAEF,QAAI,CAACsB,MAAM,CAACE,MAAP,CAAca,SAAnB,EACE,MAAM,IAAIrC,kBAAJ,CAAuB,6BAAvB,CAAN,CA3HkD,CA6HpD;;AACAsB,IAAAA,MAAM,CAACE,MAAP,CAAcY,SAAd,GAA0Bd,MAAM,CAACE,MAAP,CAAcY,SAAd,CAAwBE,WAAxB,EAA1B;;AACA,QAAI;AACFnD,MAAAA,iBAAiB,CAACmC,MAAM,CAACE,MAAP,CAAcY,SAAf,CAAjB;AACD,KAFD,CAEE,OAAOG,CAAP,EAAU;AACV,UAAIA,CAAC,YAAYrD,qBAAjB,EACE,MAAO,IAAIe,kBAAJ,CAAuBqB,MAAM,CAACE,MAAP,CAAcY,SAAd,GAA0B,UAA1B,GAC5B,WADK,CAAP,CADF,KAIE,MAAOG,CAAP;AACH,KAvImD,CAyIpD;;;AACA,SAAKtB,CAAC,GAAG,CAAT,EAAYA,CAAC,GAAGK,MAAM,CAACE,MAAP,CAAcd,OAAd,CAAsBiB,MAAtC,EAA8CV,CAAC,EAA/C,EAAmD;AACjD,UAAIuB,CAAC,GAAGlB,MAAM,CAACE,MAAP,CAAcd,OAAd,CAAsBO,CAAtB,EAAyBqB,WAAzB,EAAR;AACAhB,MAAAA,MAAM,CAACE,MAAP,CAAcd,OAAd,CAAsBO,CAAtB,IAA2BuB,CAA3B;;AAEA,UAAIA,CAAC,KAAK,cAAV,EAA0B;AACxB,YAAI,CAAChC,OAAO,CAACiC,MAAb,EAAqB;AACnB;AACV;AACA;AACA;AACUnB,UAAAA,MAAM,CAACG,aAAP,IACElB,OAAO,CAACmC,MAAR,GAAiB,GAAjB,GAAuBnC,OAAO,CAACoC,GAA/B,GAAqC,QAArC,GAAgDpC,OAAO,CAACqC,WAD1D;AAED,SAPD,MAOO;AACL;AACA,gBAAO,IAAIzC,kBAAJ,CAAuB,wCAC5B,8BADK,CAAP;AAED;AACF,OAbD,MAaO,IAAIqC,CAAC,KAAK,kBAAV,EAA8B;AACnClB,QAAAA,MAAM,CAACG,aAAP,IACE,uBAAuBlB,OAAO,CAACmC,MAAR,CAAeJ,WAAf,EAAvB,GAAsD,GAAtD,GACA/B,OAAO,CAACoC,GAFV;AAGD,OAJM,MAIA;AACL,YAAIE,KAAK,GAAGtC,OAAO,CAACG,OAAR,CAAgB8B,CAAhB,CAAZ;AACA,YAAIK,KAAK,KAAKlC,SAAd,EACE,MAAM,IAAIT,kBAAJ,CAAuBsC,CAAC,GAAG,yBAA3B,CAAN;AACFlB,QAAAA,MAAM,CAACG,aAAP,IAAwBe,CAAC,GAAG,IAAJ,GAAWK,KAAnC;AACD;;AAED,UAAK5B,CAAC,GAAG,CAAL,GAAUK,MAAM,CAACE,MAAP,CAAcd,OAAd,CAAsBiB,MAApC,EACEL,MAAM,CAACG,aAAP,IAAwB,IAAxB;AACH,KAxKmD,CA0KpD;;;AACA,QAAIqB,IAAJ;;AACA,QAAIvC,OAAO,CAACG,OAAR,CAAgBoC,IAAhB,IAAwBvC,OAAO,CAACG,OAAR,CAAgB,QAAhB,CAA5B,EAAuD;AACnD,UAAIH,OAAO,CAACG,OAAR,CAAgB,QAAhB,CAAJ,EAA+B;AAC7BoC,QAAAA,IAAI,GAAG,IAAIC,IAAJ,CAASxC,OAAO,CAACG,OAAR,CAAgB,QAAhB,CAAT,CAAP;AACD,OAFD,MAEO;AACLoC,QAAAA,IAAI,GAAG,IAAIC,IAAJ,CAASxC,OAAO,CAACG,OAAR,CAAgBoC,IAAzB,CAAP;AACD;;AACH,UAAIE,GAAG,GAAG,IAAID,IAAJ,EAAV;AACA,UAAIE,IAAI,GAAGC,IAAI,CAACC,GAAL,CAASH,GAAG,CAACI,OAAJ,KAAgBN,IAAI,CAACM,OAAL,EAAzB,CAAX;;AAEA,UAAIH,IAAI,GAAGzC,OAAO,CAACM,SAAR,GAAoB,IAA/B,EAAqC;AACnC,cAAM,IAAIlB,mBAAJ,CAAwB,mBACCqD,IAAI,GAAG,IADR,GAEA,qBAFA,GAGAzC,OAAO,CAACM,SAHR,GAGoB,GAH5C,CAAN;AAID;AACF;;AAEDN,IAAAA,OAAO,CAACE,OAAR,CAAgB2C,OAAhB,CAAwB,UAAUC,GAAV,EAAe;AACrC;AACA;AACA,UAAIhC,MAAM,CAACE,MAAP,CAAcd,OAAd,CAAsB6C,OAAtB,CAA8BD,GAAG,CAAChB,WAAJ,EAA9B,IAAmD,CAAvD,EACE,MAAM,IAAIpC,kBAAJ,CAAuBoD,GAAG,GAAG,0BAA7B,CAAN;AACH,KALD;;AAOA,QAAI9C,OAAO,CAACgD,UAAZ,EAAwB;AACtB,UAAIhD,OAAO,CAACgD,UAAR,CAAmBD,OAAnB,CAA2BjC,MAAM,CAACE,MAAP,CAAcY,SAAzC,MAAwD,CAAC,CAA7D,EACE,MAAM,IAAInC,kBAAJ,CAAuBqB,MAAM,CAACE,MAAP,CAAcY,SAAd,GACA,+BADvB,CAAN;AAEH;;AAEDd,IAAAA,MAAM,CAACc,SAAP,GAAmBd,MAAM,CAACE,MAAP,CAAcY,SAAd,CAAwBqB,WAAxB,EAAnB;AACAnC,IAAAA,MAAM,CAACa,KAAP,GAAeb,MAAM,CAACE,MAAP,CAAcW,KAA7B;AACA,WAAOb,MAAP;AACD;AA1Pc,CAAjB","sourcesContent":["// Copyright 2012 Joyent, Inc. All rights reserved.\n\nvar assert = require('assert-plus');\nvar util = require('util');\nvar utils = require('./utils');\n\n\n\n///--- Globals\n\nvar HASH_ALGOS = utils.HASH_ALGOS;\nvar PK_ALGOS = utils.PK_ALGOS;\nvar HttpSignatureError = utils.HttpSignatureError;\nvar InvalidAlgorithmError = utils.InvalidAlgorithmError;\nvar validateAlgorithm = utils.validateAlgorithm;\n\nvar State = {\n New: 0,\n Params: 1\n};\n\nvar ParamsState = {\n Name: 0,\n Quote: 1,\n Value: 2,\n Comma: 3\n};\n\n\n///--- Specific Errors\n\n\nfunction ExpiredRequestError(message) {\n HttpSignatureError.call(this, message, ExpiredRequestError);\n}\nutil.inherits(ExpiredRequestError, HttpSignatureError);\n\n\nfunction InvalidHeaderError(message) {\n HttpSignatureError.call(this, message, InvalidHeaderError);\n}\nutil.inherits(InvalidHeaderError, HttpSignatureError);\n\n\nfunction InvalidParamsError(message) {\n HttpSignatureError.call(this, message, InvalidParamsError);\n}\nutil.inherits(InvalidParamsError, HttpSignatureError);\n\n\nfunction MissingHeaderError(message) {\n HttpSignatureError.call(this, message, MissingHeaderError);\n}\nutil.inherits(MissingHeaderError, HttpSignatureError);\n\nfunction StrictParsingError(message) {\n HttpSignatureError.call(this, message, StrictParsingError);\n}\nutil.inherits(StrictParsingError, HttpSignatureError);\n\n///--- Exported API\n\nmodule.exports = {\n\n /**\n * Parses the 'Authorization' header out of an http.ServerRequest object.\n *\n * Note that this API will fully validate the Authorization header, and throw\n * on any error. It will not however check the signature, or the keyId format\n * as those are specific to your environment. You can use the options object\n * to pass in extra constraints.\n *\n * As a response object you can expect this:\n *\n * {\n * \"scheme\": \"Signature\",\n * \"params\": {\n * \"keyId\": \"foo\",\n * \"algorithm\": \"rsa-sha256\",\n * \"headers\": [\n * \"date\" or \"x-date\",\n * \"digest\"\n * ],\n * \"signature\": \"base64\"\n * },\n * \"signingString\": \"ready to be passed to crypto.verify()\"\n * }\n *\n * @param {Object} request an http.ServerRequest.\n * @param {Object} options an optional options object with:\n * - clockSkew: allowed clock skew in seconds (default 300).\n * - headers: required header names (def: date or x-date)\n * - algorithms: algorithms to support (default: all).\n * - strict: should enforce latest spec parsing\n * (default: false).\n * @return {Object} parsed out object (see above).\n * @throws {TypeError} on invalid input.\n * @throws {InvalidHeaderError} on an invalid Authorization header error.\n * @throws {InvalidParamsError} if the params in the scheme are invalid.\n * @throws {MissingHeaderError} if the params indicate a header not present,\n * either in the request headers from the params,\n * or not in the params from a required header\n * in options.\n * @throws {StrictParsingError} if old attributes are used in strict parsing\n * mode.\n * @throws {ExpiredRequestError} if the value of date or x-date exceeds skew.\n */\n parseRequest: function parseRequest(request, options) {\n assert.object(request, 'request');\n assert.object(request.headers, 'request.headers');\n if (options === undefined) {\n options = {};\n }\n if (options.headers === undefined) {\n options.headers = [request.headers['x-date'] ? 'x-date' : 'date'];\n }\n assert.object(options, 'options');\n assert.arrayOfString(options.headers, 'options.headers');\n assert.optionalFinite(options.clockSkew, 'options.clockSkew');\n\n var authzHeaderName = options.authorizationHeaderName || 'authorization';\n\n if (!request.headers[authzHeaderName]) {\n throw new MissingHeaderError('no ' + authzHeaderName + ' header ' +\n 'present in the request');\n }\n\n options.clockSkew = options.clockSkew || 300;\n\n\n var i = 0;\n var state = State.New;\n var substate = ParamsState.Name;\n var tmpName = '';\n var tmpValue = '';\n\n var parsed = {\n scheme: '',\n params: {},\n signingString: ''\n };\n\n var authz = request.headers[authzHeaderName];\n for (i = 0; i < authz.length; i++) {\n var c = authz.charAt(i);\n\n switch (Number(state)) {\n\n case State.New:\n if (c !== ' ') parsed.scheme += c;\n else state = State.Params;\n break;\n\n case State.Params:\n switch (Number(substate)) {\n\n case ParamsState.Name:\n var code = c.charCodeAt(0);\n // restricted name of A-Z / a-z\n if ((code >= 0x41 && code <= 0x5a) || // A-Z\n (code >= 0x61 && code <= 0x7a)) { // a-z\n tmpName += c;\n } else if (c === '=') {\n if (tmpName.length === 0)\n throw new InvalidHeaderError('bad param format');\n substate = ParamsState.Quote;\n } else {\n throw new InvalidHeaderError('bad param format');\n }\n break;\n\n case ParamsState.Quote:\n if (c === '\"') {\n tmpValue = '';\n substate = ParamsState.Value;\n } else {\n throw new InvalidHeaderError('bad param format');\n }\n break;\n\n case ParamsState.Value:\n if (c === '\"') {\n parsed.params[tmpName] = tmpValue;\n substate = ParamsState.Comma;\n } else {\n tmpValue += c;\n }\n break;\n\n case ParamsState.Comma:\n if (c === ',') {\n tmpName = '';\n substate = ParamsState.Name;\n } else {\n throw new InvalidHeaderError('bad param format');\n }\n break;\n\n default:\n throw new Error('Invalid substate');\n }\n break;\n\n default:\n throw new Error('Invalid substate');\n }\n\n }\n\n if (!parsed.params.headers || parsed.params.headers === '') {\n if (request.headers['x-date']) {\n parsed.params.headers = ['x-date'];\n } else {\n parsed.params.headers = ['date'];\n }\n } else {\n parsed.params.headers = parsed.params.headers.split(' ');\n }\n\n // Minimally validate the parsed object\n if (!parsed.scheme || parsed.scheme !== 'Signature')\n throw new InvalidHeaderError('scheme was not \"Signature\"');\n\n if (!parsed.params.keyId)\n throw new InvalidHeaderError('keyId was not specified');\n\n if (!parsed.params.algorithm)\n throw new InvalidHeaderError('algorithm was not specified');\n\n if (!parsed.params.signature)\n throw new InvalidHeaderError('signature was not specified');\n\n // Check the algorithm against the official list\n parsed.params.algorithm = parsed.params.algorithm.toLowerCase();\n try {\n validateAlgorithm(parsed.params.algorithm);\n } catch (e) {\n if (e instanceof InvalidAlgorithmError)\n throw (new InvalidParamsError(parsed.params.algorithm + ' is not ' +\n 'supported'));\n else\n throw (e);\n }\n\n // Build the signingString\n for (i = 0; i < parsed.params.headers.length; i++) {\n var h = parsed.params.headers[i].toLowerCase();\n parsed.params.headers[i] = h;\n\n if (h === 'request-line') {\n if (!options.strict) {\n /*\n * We allow headers from the older spec drafts if strict parsing isn't\n * specified in options.\n */\n parsed.signingString +=\n request.method + ' ' + request.url + ' HTTP/' + request.httpVersion;\n } else {\n /* Strict parsing doesn't allow older draft headers. */\n throw (new StrictParsingError('request-line is not a valid header ' +\n 'with strict parsing enabled.'));\n }\n } else if (h === '(request-target)') {\n parsed.signingString +=\n '(request-target): ' + request.method.toLowerCase() + ' ' +\n request.url;\n } else {\n var value = request.headers[h];\n if (value === undefined)\n throw new MissingHeaderError(h + ' was not in the request');\n parsed.signingString += h + ': ' + value;\n }\n\n if ((i + 1) < parsed.params.headers.length)\n parsed.signingString += '\\n';\n }\n\n // Check against the constraints\n var date;\n if (request.headers.date || request.headers['x-date']) {\n if (request.headers['x-date']) {\n date = new Date(request.headers['x-date']);\n } else {\n date = new Date(request.headers.date);\n }\n var now = new Date();\n var skew = Math.abs(now.getTime() - date.getTime());\n\n if (skew > options.clockSkew * 1000) {\n throw new ExpiredRequestError('clock skew of ' +\n (skew / 1000) +\n 's was greater than ' +\n options.clockSkew + 's');\n }\n }\n\n options.headers.forEach(function (hdr) {\n // Remember that we already checked any headers in the params\n // were in the request, so if this passes we're good.\n if (parsed.params.headers.indexOf(hdr.toLowerCase()) < 0)\n throw new MissingHeaderError(hdr + ' was not a signed header');\n });\n\n if (options.algorithms) {\n if (options.algorithms.indexOf(parsed.params.algorithm) === -1)\n throw new InvalidParamsError(parsed.params.algorithm +\n ' is not a supported algorithm');\n }\n\n parsed.algorithm = parsed.params.algorithm.toUpperCase();\n parsed.keyId = parsed.params.keyId;\n return parsed;\n }\n\n};\n"]},"metadata":{},"sourceType":"script"} |