/
KongHmacDynamicValue.js
91 lines (78 loc) · 3.33 KB
/
KongHmacDynamicValue.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
// Kong HMAC Authentication
// https://docs.konghq.com/hub/kong-inc/hmac-auth
function urlParse(url) {
var match = url.match(/^(https?:)\/\/(([^:\/?#]*)(?::([0-9]+))?)(\/[^?#]*)(?:\?([^#]*|)(#.*|))?$/);
return match && {
protocol: match[1],
host: match[2],
hostname: match[3],
port: match[4],
path: match[5],
search: match[6],
hash: match[7]
}
}
var KongHmacDynamicValue = function() {
this.evaluate = function(context) {
var request = context.getCurrentRequest();
var url_parse = urlParse(request.getUrl());
var headers = [];
for (var header_name of this.headers.toLowerCase().split(' ')) {
var header = request.getHeaderByName(header_name);
if (!header) {
if (header_name === 'host') {
headers.push('host: ' + url_parse['host']);
continue;
}
if (header_name === 'request-line') {
var request_line = request.getMethod() + ' ' + url_parse['path'];
if (url_parse['search']) {
request_line += '?' + url_parse['search'];
}
request_line += ' HTTP/1.1';
headers.push(request_line);
continue;
}
return 'Error: Missing Header ' + header_name;
}
headers.push(header_name + ': ' + header);
}
var signing_str = headers.join('\n');
var digest = '';
// crypto-js 3.3.0 from https://www.cdnpkg.com/crypto-js/file/crypto-js.min.js/
var CryptoJS = require('crypto-js.min.js');
if (this.algorithm === 'hmac-sha1') {
digest = CryptoJS.HmacSHA1(signing_str, this.secret);
} else if (this.algorithm === 'hmac-sha256') {
digest = CryptoJS.HmacSHA256(signing_str, this.secret);
} else if (this.algorithm === 'hmac-sha384') {
digest = CryptoJS.HmacSHA384(signing_str, this.secret);
} else {
digest = CryptoJS.HmacSHA512(signing_str, this.secret);
}
return 'hmac username="' + this.username + '", algorithm="' + this.algorithm + '", headers="' + this.headers +
'", signature="' + CryptoJS.enc.Base64.stringify(digest) + '"';
};
this.title = function(context) {
return 'Kong HMAC Auth';
};
this.text = function(context) {
return 'Base64(' + this.algorithm + '(' + this.headers + ', secret))';
};
};
KongHmacDynamicValue.identifier = 'io.winking.PawExtensions.KongHmacDynamicValue';
KongHmacDynamicValue.title = 'Kong HMAC Auth';
KongHmacDynamicValue.help = 'https://github.com/hallelujahs/io.winking.PawExtensions.KongHmacDynamicValue';
KongHmacDynamicValue.inputs = [
InputField('username', 'Username', 'String'),
InputField('secret', 'Secret', 'SecureValue'),
InputField('algorithm', 'HMAC Algorithm', 'Select', {
choices: {'hmac-sha1': 'hmac-sha1', 'hmac-sha256': 'hmac-sha256', 'hmac-sha384': 'hmac-sha384', 'hmac-sha512': 'hmac-sha512'},
persisted: true
}),
InputField('headers', 'Headers for HTTP signature', 'String', {
defaultValue: 'host date request-line',
placeholder: 'Header Names'
}),
];
registerDynamicValueClass(KongHmacDynamicValue);