From 292980fd8062c762b879a5404cebbfdd8d959197 Mon Sep 17 00:00:00 2001 From: Olly Smith Date: Fri, 6 May 2011 22:52:42 +0100 Subject: [PATCH 1/3] Switch to cookies library (from cookie-node). Switch to oauth 1.0A, add option to specify callback URL. --- lib/twitter.js | 32 ++++++++++++++++++-------------- package.json | 3 ++- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/lib/twitter.js b/lib/twitter.js index 4a9fe0ed..660bcfbc 100644 --- a/lib/twitter.js +++ b/lib/twitter.js @@ -2,7 +2,8 @@ var VERSION = '0.1.16', http = require('http'), querystring = require('querystring'), oauth = require('oauth'), - cookie = require('cookie'), + Cookies = require('cookies'), + Keygrip = require('keygrip'), streamparser = require('./parser'); function merge(defaults, options) { @@ -37,6 +38,7 @@ function Twitter(options) { access_token_url: 'https://api.twitter.com/oauth/access_token', authenticate_url: 'https://api.twitter.com/oauth/authenticate', authorize_url: 'https://api.twitter.com/oauth/authorize', + callback_url: null, rest_base: 'https://api.twitter.com/1', search_base: 'http://search.twitter.com', @@ -51,12 +53,17 @@ function Twitter(options) { }; this.options = merge(defaults, options); + this.keygrip = this.options.cookie_secret === null ? null : + new Keygrip([this.options.cookie_secret]); + this.oauth = new oauth.OAuth( this.options.request_token_url, this.options.access_token_url, this.options.consumer_key, this.options.consumer_secret, - '1.0', null, 'HMAC-SHA1', null, + '1.0A', + this.options.callback_url, + 'HMAC-SHA1', null, this.options.headers); } Twitter.VERSION = VERSION; @@ -248,12 +255,11 @@ Twitter.prototype.stream = function(method, params, callback) { /* * TWITTER "O"AUTHENTICATION UTILITIES, INCLUDING THE GREAT * CONNECT/STACK STYLE TWITTER "O"AUTHENTICATION MIDDLEWARE - * and helpful utilities to retrieve the twauth cookie etc. */ -Twitter.prototype.cookie = function(req) { +Twitter.prototype.cookie = function(cookies) { // Fetch the cookie try { - var twauth = JSON.parse(req.getSecureCookie(this.options.cookie)); + var twauth = JSON.parse(cookies.get(this.options.cookie)); } catch (error) { var twauth = null; } @@ -270,10 +276,6 @@ Twitter.prototype.login = function(mount, success) { // Use secure cookie if forced to https and haven't configured otherwise if ( this.options.secure && !this.options.cookie_options.secure ) this.options.cookie_options.secure = true; - // Set up the cookie encryption secret if we've been given one - if ( !cookie.secret && this.options.cookie_secret !== null ) - cookie.secret = this.options.cookie_secret; - // FIXME: ^ so configs that don't use login() won't work? return function handle(req, res, next) { var path = url.parse(req.url, true); @@ -291,7 +293,8 @@ Twitter.prototype.login = function(mount, success) { } // Fetch the cookie - var twauth = self.cookie(req); + var cookies = new Cookies(req, res, self.keygrip); + var twauth = self.cookie(cookies); // We have a winner, but they're in the wrong place if ( twauth && twauth.user_id && twauth.access_token_secret ) { @@ -314,7 +317,7 @@ Twitter.prototype.login = function(mount, success) { // FIXME: do something more intelligent return next(500); } else { - res.setSecureCookie(self.options.cookie, JSON.stringify({ + cookies.set(self.options.cookie, JSON.stringify({ user_id: user_id, screen_name: screen_name, access_token_key: access_token_key, @@ -334,7 +337,7 @@ Twitter.prototype.login = function(mount, success) { // FIXME: do something more intelligent return next(500); } else { - res.setSecureCookie(self.options.cookie, JSON.stringify({ + cookies.set(self.options.cookie, JSON.stringify({ oauth_token: oauth_token, oauth_token_secret: oauth_token_secret }), self.options.cookie_options); @@ -350,7 +353,7 @@ Twitter.prototype.login = function(mount, success) { // Broken cookie, clear it and return to originating page // FIXME: this is dumb } else { - res.clearCookie(self.options.cookie); + cookies.set(self.options.cookie, null, self.options.cookie_options); res.writeHead(302, {'Location': mount}); res.end(); return; @@ -363,7 +366,8 @@ Twitter.prototype.gatekeeper = function(failure) { mount = this.options.login_mount || '/twauth'; return function(req, res, next) { - var twauth = self.cookie(req); + var cookies = new Cookies(req, res, self.keygrip); + var twauth = self.cookie(cookies); // We have a winner if ( twauth && twauth.user_id && twauth.access_token_secret ) diff --git a/package.json b/package.json index 4d789db7..d94f7bae 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,8 @@ } , "dependencies": { "oauth": ">=0.8.4" - , "cookie": ">=0.1.4" + , "cookies": ">=0.1.6" + , "keygrip": ">=0.1.7" } , "engines": ["node >=0.2.0"] , "main": "./lib/twitter" From 171791705f5079c58a8e62d3fee6112f5276163e Mon Sep 17 00:00:00 2001 From: Olly Smith Date: Sat, 7 May 2011 10:23:08 +0100 Subject: [PATCH 2/3] Refactor cookie helper back to its original signature to avoid API breakage (and hide the cookie implementation details - nobody needs to see that ;)). --- lib/twitter.js | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/lib/twitter.js b/lib/twitter.js index 660bcfbc..7db29cae 100644 --- a/lib/twitter.js +++ b/lib/twitter.js @@ -256,14 +256,10 @@ Twitter.prototype.stream = function(method, params, callback) { * TWITTER "O"AUTHENTICATION UTILITIES, INCLUDING THE GREAT * CONNECT/STACK STYLE TWITTER "O"AUTHENTICATION MIDDLEWARE */ -Twitter.prototype.cookie = function(cookies) { +Twitter.prototype.cookie = function(req) { // Fetch the cookie - try { - var twauth = JSON.parse(cookies.get(this.options.cookie)); - } catch (error) { - var twauth = null; - } - return twauth; + var cookies = new Cookies(req, null, this.keygrip); + return this._readCookie(cookies); } Twitter.prototype.login = function(mount, success) { @@ -294,7 +290,7 @@ Twitter.prototype.login = function(mount, success) { // Fetch the cookie var cookies = new Cookies(req, res, self.keygrip); - var twauth = self.cookie(cookies); + var twauth = self._readCookie(cookies); // We have a winner, but they're in the wrong place if ( twauth && twauth.user_id && twauth.access_token_secret ) { @@ -366,8 +362,7 @@ Twitter.prototype.gatekeeper = function(failure) { mount = this.options.login_mount || '/twauth'; return function(req, res, next) { - var cookies = new Cookies(req, res, self.keygrip); - var twauth = self.cookie(cookies); + var twauth = self.cookie(req); // We have a winner if ( twauth && twauth.user_id && twauth.access_token_secret ) @@ -987,3 +982,13 @@ Twitter.prototype._getUsingCursor = function(url, params, callback) { return this; } + +Twitter.prototype._readCookie = function(cookies) { + // parse the auth cookie + try { + var twauth = JSON.parse(cookies.get(this.options.cookie)); + } catch (error) { + var twauth = null; + } + return twauth; +} From 2d4dad417745be63c8eec82598eb3cb2f673f252 Mon Sep 17 00:00:00 2001 From: Olly Smith Date: Sun, 8 May 2011 11:44:35 +0100 Subject: [PATCH 3/3] Re-instate comment. --- lib/twitter.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/twitter.js b/lib/twitter.js index 7db29cae..68b98f12 100644 --- a/lib/twitter.js +++ b/lib/twitter.js @@ -255,6 +255,7 @@ Twitter.prototype.stream = function(method, params, callback) { /* * TWITTER "O"AUTHENTICATION UTILITIES, INCLUDING THE GREAT * CONNECT/STACK STYLE TWITTER "O"AUTHENTICATION MIDDLEWARE + * and helpful utilities to retrieve the twauth cookie etc. */ Twitter.prototype.cookie = function(req) { // Fetch the cookie