hawk - npm Package Compare versions

2

example/usage.js

		@@ -58,3 +58,3 @@ // Load modules
		headers: {
		authorization: Hawk.getAuthorizationHeader(internals.credentials.dh37fgj492je, 'GET', '/resource/1?b=1&a=2', '127.0.0.1', 8000, { ext: 'and welcome!' })
		authorization: Hawk.getAuthorizationHeader('http://127.0.0.1:8000/resource/1?b=1&a=2', 'GET', { credentials: internals.credentials.dh37fgj492je, ext: 'and welcome!' })
		}
		@@ -61,0 +61,0 @@ };

17

lib/crypto.js

		@@ -27,10 +27,12 @@ // Load modules
		type: 'header', // 'header', 'bewit'
		key: 'aoijedoaijsdlaksjdl',
		algorithm: 'sha256', // 'sha1', 'sha256'
		timestamp: 1357718381034,
		nonce: 'd3d345f',
		credentials: {
		key: 'aoijedoaijsdlaksjdl',
		algorithm: 'sha256' // 'sha1', 'sha256'
		},
		method: 'GET',
		uri: '/resource?a=1&b=2',
		resource: '/resource?a=1&b=2',
		host: 'example.com',
		port: 8080,
		timestamp: 1357718381034,
		nonce: 'd3d345f',
		hash: 'U4MKKSmiVxk37JCCrAVIjV/OhB3y+NdwoCr6RShbVkE=',
		@@ -47,3 +49,3 @@ ext: 'app-specific-data',

		var hmac = Crypto.createHmac(options.algorithm, options.key).update(normalized);
		var hmac = Crypto.createHmac(options.credentials.algorithm, options.credentials.key).update(normalized);
		var digest = hmac.digest('base64');
		@@ -56,3 +58,2 @@ return digest;

		var url = Url.parse(options.uri);
		var normalized = 'hawk.' + exports.headerVersion + '.' + options.type + '\n' +
		@@ -62,3 +63,3 @@ options.timestamp + '\n' +
		options.method.toUpperCase() + '\n' +
		url.pathname + (url.search \|\| '') + '\n' + // Maintain trailing '?'
		options.resource + '\n' +
		options.host.toLowerCase() + '\n' +
		@@ -65,0 +66,0 @@ options.port + '\n' +

71

lib/index.js

		// Load modules

		var Url = require('url');
		var Boom = require('boom');
		@@ -203,8 +204,7 @@ var Cryptiles = require('cryptiles');
		type: 'header',
		key: credentials.key,
		algorithm: credentials.algorithm,
		credentials: credentials,
		timestamp: attributes.ts,
		nonce: attributes.nonce,
		method: request.method,
		uri: request.url,
		resource: request.url,/////////////////////////////////////////////////
		host: request.host,
		@@ -256,17 +256,49 @@ port: request.port,
		/*
		* credentials is an object with the following keys: 'id, 'key', 'algorithm'.
		* options is an object with the following optional keys: 'ext', 'timestamp', 'nonce', 'localtimeOffsetMsec', 'payload' (also supports 'app' and 'dlg' for Oz)
		*/
		uri: 'http://example.com/resource?a=b' or object from Url.parse()
		method: HTTP verb (e.g. 'GET', 'POST')
		options: {

		exports.getAuthorizationHeader = function (credentials, method, uri, host, port, options) {
		// Required

		options = options \|\| {};
		credentials: {
		id: 'dh37fgj492je',
		key: 'aoijedoaijsdlaksjdl',
		algorithm: 'sha256' // 'sha1', 'sha256'
		},

		// Optional

		ext: 'application-specific', // Application specific data sent via the ext attribute
		timestamp: Date.now(), // A pre-calculated timestamp
		none: '2334f34f', // A pre-generated nonce
		localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided)
		payload: '{"some":"payload"}', // UTF-8 encoded string for body hash generation
		app: '24s23423f34dx', // Oz application id
		dlg: '234sz34tww3sd' // Oz delegated-by application id
		};
		*/

		exports.getAuthorizationHeader = function (uri, method, options) {

		// Validate inputs

		if (!uri \|\|
		(typeof uri !== 'string' && typeof uri !== 'object') \|\|
		!method \|\|
		typeof method !== 'string' \|\|
		!options \|\|
		typeof options !== 'object') {

		return '';
		}

		// Application time

		var now = Utils.now() + (options.localtimeOffsetMsec \|\| 0);
		var timestamp = options.timestamp \|\| Math.floor((Utils.now() + (options.localtimeOffsetMsec \|\| 0)) / 1000)

		// Check request
		// Validate credentials

		if (!credentials.id \|\|
		var credentials = options.credentials;
		if (!credentials \|\|
		!credentials.id \|\|
		!credentials.key \|\|
		@@ -292,2 +324,8 @@ !credentials.algorithm) {

		// Parse URI

		if (typeof uri === 'string') {
		uri = Url.parse(uri);
		}

		// Calculate signature
		@@ -297,10 +335,9 @@
		type: 'header',
		key: credentials.key,
		algorithm: credentials.algorithm,
		timestamp: options.timestamp \|\| Math.floor(now / 1000),
		credentials: credentials,
		timestamp: timestamp,
		nonce: options.nonce \|\| Cryptiles.randomString(6),
		method: method,
		uri: uri,
		host: host,
		port: port,
		resource: uri.pathname + (uri.search \|\| ''), // Maintain trailing '?'
		host: uri.hostname,
		port: uri.port \|\| (uri.protocol === 'http' ? 80 : 443),
		hash: hash,
		@@ -307,0 +344,0 @@ ext: options.ext,

62

lib/uri.js

		@@ -132,8 +132,7 @@ // Load modules
		type: 'bewit',
		key: credentials.key,
		algorithm: credentials.algorithm,
		credentials: credentials,
		timestamp: bewit.exp,
		nonce: '',
		method: 'GET',
		uri: url,
		resource: url,
		host: request.host,
		@@ -161,6 +160,35 @@ port: request.port,
		*/
		/*
		uri: 'http://example.com/resource?a=b' or object from Url.parse()
		options: {

		exports.getBewit = function (credentials, uri, host, port, ttlSec, options) {
		// Required

		options = options \|\| {};
		credentials: {
		id: 'dh37fgj492je',
		key: 'aoijedoaijsdlaksjdl',
		algorithm: 'sha256' // 'sha1', 'sha256'
		},
		ttlSec: 60 * 60, // TTL in seconds

		// Optional

		ext: 'application-specific', // Application specific data sent via the ext attribute
		localtimeOffsetMsec: 400 // Time offset to sync with server time
		};
		*/

		exports.getBewit = function (uri, options) {

		// Validate inputs

		if (!uri \|\|
		(typeof uri !== 'string' && typeof uri !== 'object') \|\|
		!options \|\|
		typeof options !== 'object' \|\|
		!options.ttlSec) {

		return '';
		}

		options.ext = (options.ext === null \|\| options.ext === undefined ? '' : options.ext); // Zero is valid value
		@@ -172,9 +200,10 @@

		// Check request
		// Validate credentials

		if (!credentials.id \|\|
		var credentials = options.credentials;
		if (!credentials \|\|
		!credentials.id \|\|
		!credentials.key \|\|
		!credentials.algorithm) {

		// Invalid credential object
		return '';
		@@ -187,15 +216,20 @@ }

		// Parse URI

		if (typeof uri === 'string') {
		uri = Url.parse(uri);
		}

		// Calculate signature

		var exp = Math.floor(now / 1000) + ttlSec;
		var exp = Math.floor(now / 1000) + options.ttlSec;
		var mac = Crypto.calculateMac({
		type: 'bewit',
		key: credentials.key,
		algorithm: credentials.algorithm,
		credentials: credentials,
		timestamp: exp,
		nonce: '',
		method: 'GET',
		uri: uri,
		host: host,
		port: port,
		resource: uri.pathname + (uri.search \|\| ''), // Maintain trailing '?'
		host: uri.hostname,
		port: uri.port \|\| (uri.protocol === 'http' ? 80 : 443),
		ext: options.ext
		@@ -202,0 +236,0 @@ });

5

package.json

		{
		"name": "hawk",
		"description": "HTTP Hawk Authentication Scheme",
		"version": "0.8.1",
		"version": "0.9.0",
		"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)",
		@@ -19,3 +19,3 @@ "contributors": [],
		"dependencies": {
		"hoek": "0.4.x",
		"hoek": "0.6.x",
		"boom": "0.3.x",
		@@ -26,3 +26,2 @@ "cryptiles": "0.1.x",
		"devDependencies": {
		"request": "2.12.x",
		"mocha": "1.x.x",
		@@ -29,0 +28,0 @@ "chai": "1.x.x",

6

README.md

		@@ -6,3 +6,3 @@ ![hawk Logo](https://raw.github.com/hueniverse/hawk/master/images/hawk.png)

		Current version: 0.6.1
		Current version: 0.9.0

		@@ -151,3 +151,3 @@ [![Build Status](https://secure.travis-ci.org/hueniverse/hawk.png)](http://travis-ci.org/hueniverse/hawk)
		headers: {
		authorization: Hawk.getAuthorizationHeader(credentials, 'GET', '/resource/1?b=1&a=2', 'example.com', 8000, { ext: 'some-app-data' })
		authorization: Hawk.getAuthorizationHeader('http://example.com:8000/resource/1?b=1&a=2', 'GET', { credentials: credentials, ext: 'some-app-data' })
		}
		@@ -352,3 +352,3 @@ };
		var duration = 60 * 5; // 5 Minutes
		var bewit = Hawk.uri.getBewit(credentials, '/resource/1?b=1&a=2', 'example.com', 8080, duration, { ext: 'some-app-data' });
		var bewit = Hawk.uri.getBewit('http://example.com:8080/resource/1?b=1&a=2', { credentials: credentials, ttlSec: duration, ext: 'some-app-data' });
		var uri = 'http://example.com:8000/resource/1?b=1&a=2' + '&bewit=' + bewit;
		@@ -355,0 +355,0 @@ ```

24

test/crypto.js

		@@ -27,8 +27,10 @@ // Load modules
		type: 'header',
		key: 'dasdfasdf',
		algorithm: 'sha256',
		credentials: {
		key: 'dasdfasdf',
		algorithm: 'sha256'
		},
		timestamp: 1357747017,
		nonce: 'k3k4j5',
		method: 'GET',
		uri: '/resource/something',
		resource: '/resource/something',
		host: 'example.com',
		@@ -45,8 +47,10 @@ port: 8080
		type: 'header',
		key: 'dasdfasdf',
		algorithm: 'sha256',
		credentials: {
		key: 'dasdfasdf',
		algorithm: 'sha256'
		},
		timestamp: 1357747017,
		nonce: 'k3k4j5',
		method: 'GET',
		uri: '/resource/something',
		resource: '/resource/something',
		host: 'example.com',
		@@ -64,8 +68,10 @@ port: 8080,
		type: 'header',
		key: 'dasdfasdf',
		algorithm: 'sha256',
		credentials: {
		key: 'dasdfasdf',
		algorithm: 'sha256'
		},
		timestamp: 1357747017,
		nonce: 'k3k4j5',
		method: 'GET',
		uri: '/resource/something',
		resource: '/resource/something',
		host: 'example.com',
		@@ -72,0 +78,0 @@ port: 8080,

32

test/index.js

		// Load modules

		var Url = require('url');
		var Chai = require('chai');
		@@ -42,3 +43,5 @@ var Hawk = require('../lib');

		req.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, req.host, req.port, { ext: 'some-app-data' });
		req.authorization = Hawk.getAuthorizationHeader(Url.parse('http://example.com:8080/resource/4?filter=a'), req.method, { credentials: credentials, ext: 'some-app-data' });
		expect(req.authorization).to.exist;

		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
		@@ -66,3 +69,3 @@

		req.headers.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, 'example.com', 8080, { ext: 'some-app-data' });
		req.headers.authorization = Hawk.getAuthorizationHeader('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' });
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
		@@ -89,3 +92,3 @@

		req.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, req.host, req.port, { payload: 'hola!', ext: 'some-app-data' });
		req.authorization = Hawk.getAuthorizationHeader('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' });
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
		@@ -112,3 +115,3 @@

		req.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, req.host, req.port, { payload: 'hola!', ext: 'some-app-data' });
		req.authorization = Hawk.getAuthorizationHeader('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' });
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
		@@ -137,3 +140,3 @@

		req.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, req.host, req.port, { ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' });
		req.authorization = Hawk.getAuthorizationHeader('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data', app: 'asd23ased', dlg: '23434szr3q4d' });
		Hawk.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
		@@ -162,3 +165,3 @@

		req.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, req.host, req.port, { payload: 'hola!', ext: 'some-app-data' });
		req.authorization = Hawk.getAuthorizationHeader('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, payload: 'hola!', ext: 'some-app-data' });
		Hawk.authenticate(req, credentialsFunc, { payload: 'byebye!' }, function (err, credentials, attributes) {
		@@ -184,3 +187,3 @@

		req.authorization = Hawk.getAuthorizationHeader(credentials, req.method, req.url, req.host, req.port, { ext: 'some-app-data' });
		req.authorization = Hawk.getAuthorizationHeader('http://example.com:8080/resource/4?filter=a', req.method, { credentials: credentials, ext: 'some-app-data' });
		req.url = '/something/else';
		@@ -769,3 +772,3 @@

		var header = Hawk.getAuthorizationHeader(credentials, 'POST', '/somewhere/over/the/rainbow', 'example.net', 443, { ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' });
		var header = Hawk.getAuthorizationHeader('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' });
		expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="eQJ6qAuxoMrLdTMb5IJiv04W4F4=", ext="Bazinga!", mac="Ti2SMCBfDGp4DLoOw2OpFjOs+nI="');
		@@ -783,3 +786,3 @@ done();

		var header = Hawk.getAuthorizationHeader(credentials, 'POST', '/somewhere/over/the/rainbow', 'example.net', 443, { ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' });
		var header = Hawk.getAuthorizationHeader('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207, nonce: 'Ygvqdz', payload: 'something to write about' });
		expect(header).to.equal('Hawk id="123456", ts="1353809207", nonce="Ygvqdz", hash="Yz+K6hTiKD4IVEckK1yPIBdb/gh4LdtWwpXvM776Edg=", ext="Bazinga!", mac="Uk1EHe77nOiAo4Hgm8Qio21+MtU7jEcVSIaqw21Yy48="');
		@@ -789,2 +792,9 @@ done();

		it('should return an empty authorization header on missing options', function (done) {

		var header = Hawk.getAuthorizationHeader('https://example.net/somewhere/over/the/rainbow', 'POST');
		expect(header).to.equal('');
		done();
		});

		it('should return an empty authorization header on invalid credentials', function (done) {
		@@ -797,3 +807,3 @@

		var header = Hawk.getAuthorizationHeader(credentials, 'POST', '/somewhere/over/the/rainbow', 'example.net', 443, { ext: 'Bazinga!', timestamp: 1353809207 });
		var header = Hawk.getAuthorizationHeader('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, ext: 'Bazinga!', timestamp: 1353809207 });
		expect(header).to.equal('');
		@@ -811,3 +821,3 @@ done();

		var header = Hawk.getAuthorizationHeader(credentials, 'POST', '/somewhere/over/the/rainbow', 'example.net', 443, { payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });
		var header = Hawk.getAuthorizationHeader('https://example.net/somewhere/over/the/rainbow', 'POST', { credentials: credentials, payload: 'something, anything!', ext: 'Bazinga!', timestamp: 1353809207 });
		expect(header).to.equal('');
		@@ -814,0 +824,0 @@ done();

15

test/readme.js

		@@ -31,2 +31,3 @@ // Load modules
		var options = {
		credentials: credentials,
		timestamp: 1353832234,
		@@ -39,3 +40,3 @@ nonce: 'j4h3g2',

		var header = Hawk.getAuthorizationHeader(credentials, 'GET', '/resource/1?b=1&a=2', 'example.com', 8000, options);
		var header = Hawk.getAuthorizationHeader('http://example.com:8000/resource/1?b=1&a=2', 'GET', options);

		@@ -50,8 +51,7 @@ expect(header).to.equal('Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", ext="some-app-ext-data", mac="6R4rV5iE+NPoym+WwjeHzjAGXUtLNIxmo1vpMofpLAE="');
		type: 'header',
		key: credentials.key,
		algorithm: credentials.algorithm,
		credentials: credentials,
		timestamp: options.timestamp,
		nonce: options.nonce,
		method: 'GET',
		uri: '/resource?a=1&b=2',
		resource: '/resource?a=1&b=2',
		host: 'example.com',
		@@ -71,3 +71,3 @@ port: 8000,

		var header = Hawk.getAuthorizationHeader(credentials, 'POST', '/resource/1?b=1&a=2', 'example.com', 8000, payloadOptions);
		var header = Hawk.getAuthorizationHeader('http://example.com:8000/resource/1?b=1&a=2', 'POST', payloadOptions);

		@@ -82,8 +82,7 @@ expect(header).to.equal('Hawk id="dh37fgj492je", ts="1353832234", nonce="j4h3g2", hash="CBbyqZ/H0rd6nKdg3O9FS5uiQZ5NmgcXUPLut9heuyo=", ext="some-app-ext-data", mac="D0pHf7mKEh55AxFZ+qyiJ/fVE8uL0YgkoJjOMcOhVQU="');
		type: 'header',
		key: credentials.key,
		algorithm: credentials.algorithm,
		credentials: credentials,
		timestamp: options.timestamp,
		nonce: options.nonce,
		method: 'POST',
		uri: '/resource?a=1&b=2',
		resource: '/resource?a=1&b=2',
		host: 'example.com',
		@@ -90,0 +89,0 @@ port: 8000,

50

test/uri.js

		@@ -45,3 +45,3 @@ // Load modules

		var bewit = Hawk.uri.getBewit(credentials, req.url, 'example.com', 8080, 60 * 60 * 24 * 365 * 100, { ext: 'some-app-data' });
		var bewit = Hawk.uri.getBewit('http://example.com:8080/resource/4?a=1&b=2', { credentials: credentials, ttlSec: 60 * 60 * 24 * 365 * 100, ext: 'some-app-data' });
		req.url += '&bewit=' + bewit;
		@@ -61,16 +61,16 @@

		var req = {
		method: 'GET',
		url: '/resource/4?a=1&b=2&bewit=MTIzNDU2XDQ1MTE0ODQ2MjFcMzFjMmNkbUJFd1NJRVZDOVkva1NFb2c3d3YrdEVNWjZ3RXNmOGNHU2FXQT1cc29tZS1hcHAtZGF0YQ',
		host: 'example.com',
		port: 8080
		};
		var req = {
		method: 'GET',
		url: '/resource/4?a=1&b=2&bewit=MTIzNDU2XDQ1MTE0ODQ2MjFcMzFjMmNkbUJFd1NJRVZDOVkva1NFb2c3d3YrdEVNWjZ3RXNmOGNHU2FXQT1cc29tZS1hcHAtZGF0YQ',
		host: 'example.com',
		port: 8080
		};

		Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {
		Hawk.uri.authenticate(req, credentialsFunc, {}, function (err, credentials, attributes) {

		expect(err).to.not.exist;
		expect(credentials.user).to.equal('steve');
		expect(attributes.ext).to.equal('some-app-data');
		done();
		});
		expect(err).to.not.exist;
		expect(credentials.user).to.equal('steve');
		expect(attributes.ext).to.equal('some-app-data');
		done();
		});
		});
		@@ -147,8 +147,7 @@
		type: 'bewit',
		key: credentials.key,
		algorithm: credentials.algorithm,
		credentials: credentials,
		timestamp: exp,
		nonce: '',
		method: req.method,
		uri: req.url,
		resource: req.url,
		host: req.host,
		@@ -391,3 +390,3 @@ port: req.port,

		var bewit = Hawk.uri.getBewit(credentials, '/somewhere/over/the/rainbow', 'example.com', 443, 300, { localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
		var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, localtimeOffsetMsec: 1356420407232 - Hawk.utils.now(), ext: 'xandyandz' });
		expect(bewit).to.equal('MTIzNDU2XDEzNTY0MjA3MDdca3NjeHdOUjJ0SnBQMVQxekRMTlBiQjVVaUtJVTl0T1NKWFRVZEc3WDloOD1ceGFuZHlhbmR6');
		@@ -404,3 +403,3 @@ done();

		var bewit = Hawk.uri.getBewit(credentials, '/somewhere/over/the/rainbow', 'example.com', 443, 300, { ext: 'xandyandz' });
		var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 3000, ext: 'xandyandz' });
		expect(bewit).to.equal('');
		@@ -418,8 +417,21 @@ done();

		var bewit = Hawk.uri.getBewit(credentials, '/somewhere/over/the/rainbow', 'example.com', 443, 300, { ext: 'xandyandz' });
		var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow', { credentials: credentials, ttlSec: 300, ext: 'xandyandz' });
		expect(bewit).to.equal('');
		done();
		});

		it('should return an empty bewit on missing options', function (done) {

		var credentials = {
		id: '123456',
		key: '2983d45yun89q',
		algorithm: 'hmac-sha-0'
		};

		var bewit = Hawk.uri.getBewit('https://example.com/somewhere/over/the/rainbow');
		expect(bewit).to.equal('');
		done();
		});
		});
		});

Improved metrics

Dependency changes