本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1427 satır
42KB

  1. // OAuth 1.0 consumer implementation.
  2. // See http://www.oauth.net and RFC 5849
  3. //
  4. // There are typically three parties involved in an OAuth exchange:
  5. // (1) The "Service Provider" (e.g. Google, Twitter, NetFlix) who operates the
  6. // service where the data resides.
  7. // (2) The "End User" who owns that data, and wants to grant access to a third-party.
  8. // (3) That third-party who wants access to the data (after first being authorized by
  9. // the user). This third-party is referred to as the "Consumer" in OAuth
  10. // terminology.
  11. //
  12. // This library is designed to help implement the third-party consumer by handling the
  13. // low-level authentication tasks, and allowing for authenticated requests to the
  14. // service provider on behalf of the user.
  15. //
  16. // Caveats:
  17. // - Currently only supports HMAC and RSA signatures.
  18. // - Currently only supports SHA1 and SHA256 hashes.
  19. // - Currently only supports OAuth 1.0
  20. //
  21. // Overview of how to use this library:
  22. // (1) First create a new Consumer instance with the NewConsumer function
  23. // (2) Get a RequestToken, and "authorization url" from GetRequestTokenAndUrl()
  24. // (3) Save the RequestToken, you will need it again in step 6.
  25. // (4) Redirect the user to the "authorization url" from step 2, where they will
  26. // authorize your access to the service provider.
  27. // (5) Wait. You will be called back on the CallbackUrl that you provide, and you
  28. // will recieve a "verification code".
  29. // (6) Call AuthorizeToken() with the RequestToken from step 2 and the
  30. // "verification code" from step 5.
  31. // (7) You will get back an AccessToken. Save this for as long as you need access
  32. // to the user's data, and treat it like a password; it is a secret.
  33. // (8) You can now throw away the RequestToken from step 2, it is no longer
  34. // necessary.
  35. // (9) Call "MakeHttpClient" using the AccessToken from step 7 to get an
  36. // HTTP client which can access protected resources.
  37. package oauth
  38. import (
  39. "bytes"
  40. "crypto"
  41. "crypto/hmac"
  42. cryptoRand "crypto/rand"
  43. "crypto/rsa"
  44. "encoding/base64"
  45. "errors"
  46. "fmt"
  47. "io"
  48. "io/ioutil"
  49. "math/rand"
  50. "mime/multipart"
  51. "net/http"
  52. "net/url"
  53. "sort"
  54. "strconv"
  55. "strings"
  56. "sync"
  57. "time"
  58. )
  59. const (
  60. OAUTH_VERSION = "1.0"
  61. SIGNATURE_METHOD_HMAC = "HMAC-"
  62. SIGNATURE_METHOD_RSA = "RSA-"
  63. HTTP_AUTH_HEADER = "Authorization"
  64. OAUTH_HEADER = "OAuth "
  65. BODY_HASH_PARAM = "oauth_body_hash"
  66. CALLBACK_PARAM = "oauth_callback"
  67. CONSUMER_KEY_PARAM = "oauth_consumer_key"
  68. NONCE_PARAM = "oauth_nonce"
  69. SESSION_HANDLE_PARAM = "oauth_session_handle"
  70. SIGNATURE_METHOD_PARAM = "oauth_signature_method"
  71. SIGNATURE_PARAM = "oauth_signature"
  72. TIMESTAMP_PARAM = "oauth_timestamp"
  73. TOKEN_PARAM = "oauth_token"
  74. TOKEN_SECRET_PARAM = "oauth_token_secret"
  75. VERIFIER_PARAM = "oauth_verifier"
  76. VERSION_PARAM = "oauth_version"
  77. )
  78. var HASH_METHOD_MAP = map[crypto.Hash]string{
  79. crypto.SHA1: "SHA1",
  80. crypto.SHA256: "SHA256",
  81. }
  82. // TODO(mrjones) Do we definitely want separate "Request" and "Access" token classes?
  83. // They're identical structurally, but used for different purposes.
  84. type RequestToken struct {
  85. Token string
  86. Secret string
  87. }
  88. type AccessToken struct {
  89. Token string
  90. Secret string
  91. AdditionalData map[string]string
  92. }
  93. type DataLocation int
  94. const (
  95. LOC_BODY DataLocation = iota + 1
  96. LOC_URL
  97. LOC_MULTIPART
  98. LOC_JSON
  99. LOC_XML
  100. )
  101. // Information about how to contact the service provider (see #1 above).
  102. // You usually find all of these URLs by reading the documentation for the service
  103. // that you're trying to connect to.
  104. // Some common examples are:
  105. // (1) Google, standard APIs:
  106. // http://code.google.com/apis/accounts/docs/OAuth_ref.html
  107. // - RequestTokenUrl: https://www.google.com/accounts/OAuthGetRequestToken
  108. // - AuthorizeTokenUrl: https://www.google.com/accounts/OAuthAuthorizeToken
  109. // - AccessTokenUrl: https://www.google.com/accounts/OAuthGetAccessToken
  110. // Note: Some Google APIs (for example, Google Latitude) use different values for
  111. // one or more of those URLs.
  112. // (2) Twitter API:
  113. // http://dev.twitter.com/pages/auth
  114. // - RequestTokenUrl: http://api.twitter.com/oauth/request_token
  115. // - AuthorizeTokenUrl: https://api.twitter.com/oauth/authorize
  116. // - AccessTokenUrl: https://api.twitter.com/oauth/access_token
  117. // (3) NetFlix API:
  118. // http://developer.netflix.com/docs/Security
  119. // - RequestTokenUrl: http://api.netflix.com/oauth/request_token
  120. // - AuthroizeTokenUrl: https://api-user.netflix.com/oauth/login
  121. // - AccessTokenUrl: http://api.netflix.com/oauth/access_token
  122. // Set HttpMethod if the service provider requires a different HTTP method
  123. // to be used for OAuth token requests
  124. type ServiceProvider struct {
  125. RequestTokenUrl string
  126. AuthorizeTokenUrl string
  127. AccessTokenUrl string
  128. HttpMethod string
  129. BodyHash bool
  130. IgnoreTimestamp bool
  131. // Enables non spec-compliant behavior:
  132. // Allow parameters to be passed in the query string rather
  133. // than the body.
  134. // See https://github.com/mrjones/oauth/pull/63
  135. SignQueryParams bool
  136. }
  137. func (sp *ServiceProvider) httpMethod() string {
  138. if sp.HttpMethod != "" {
  139. return sp.HttpMethod
  140. }
  141. return "GET"
  142. }
  143. // lockedNonceGenerator wraps a non-reentrant random number generator with a
  144. // lock
  145. type lockedNonceGenerator struct {
  146. nonceGenerator nonceGenerator
  147. lock sync.Mutex
  148. }
  149. func newLockedNonceGenerator(c clock) *lockedNonceGenerator {
  150. return &lockedNonceGenerator{
  151. nonceGenerator: rand.New(rand.NewSource(c.Nanos())),
  152. }
  153. }
  154. func (n *lockedNonceGenerator) Int63() int64 {
  155. n.lock.Lock()
  156. r := n.nonceGenerator.Int63()
  157. n.lock.Unlock()
  158. return r
  159. }
  160. // Consumers are stateless, you can call the various methods (GetRequestTokenAndUrl,
  161. // AuthorizeToken, and Get) on various different instances of Consumers *as long as
  162. // they were set up in the same way.* It is up to you, as the caller to persist the
  163. // necessary state (RequestTokens and AccessTokens).
  164. type Consumer struct {
  165. // Some ServiceProviders require extra parameters to be passed for various reasons.
  166. // For example Google APIs require you to set a scope= parameter to specify how much
  167. // access is being granted. The proper values for scope= depend on the service:
  168. // For more, see: http://code.google.com/apis/accounts/docs/OAuth.html#prepScope
  169. AdditionalParams map[string]string
  170. // The rest of this class is configured via the NewConsumer function.
  171. consumerKey string
  172. serviceProvider ServiceProvider
  173. // Some APIs (e.g. Netflix) aren't quite standard OAuth, and require passing
  174. // additional parameters when authorizing the request token. For most APIs
  175. // this field can be ignored. For Netflix, do something like:
  176. // consumer.AdditionalAuthorizationUrlParams = map[string]string{
  177. // "application_name": "YourAppName",
  178. // "oauth_consumer_key": "YourConsumerKey",
  179. // }
  180. AdditionalAuthorizationUrlParams map[string]string
  181. debug bool
  182. // Defaults to http.Client{}, can be overridden (e.g. for testing) as necessary
  183. HttpClient HttpClient
  184. // Some APIs (e.g. Intuit/Quickbooks) require sending additional headers along with
  185. // requests. (like "Accept" to specify the response type as XML or JSON) Note that this
  186. // will only *add* headers, not set existing ones.
  187. AdditionalHeaders map[string][]string
  188. // Private seams for mocking dependencies when testing
  189. clock clock
  190. // Seeded generators are not reentrant
  191. nonceGenerator nonceGenerator
  192. signer signer
  193. }
  194. func newConsumer(consumerKey string, serviceProvider ServiceProvider, httpClient *http.Client) *Consumer {
  195. clock := &defaultClock{}
  196. if httpClient == nil {
  197. httpClient = &http.Client{}
  198. }
  199. return &Consumer{
  200. consumerKey: consumerKey,
  201. serviceProvider: serviceProvider,
  202. clock: clock,
  203. HttpClient: httpClient,
  204. nonceGenerator: newLockedNonceGenerator(clock),
  205. AdditionalParams: make(map[string]string),
  206. AdditionalAuthorizationUrlParams: make(map[string]string),
  207. }
  208. }
  209. // Creates a new Consumer instance, with a HMAC-SHA1 signer
  210. // - consumerKey and consumerSecret:
  211. // values you should obtain from the ServiceProvider when you register your
  212. // application.
  213. //
  214. // - serviceProvider:
  215. // see the documentation for ServiceProvider for how to create this.
  216. //
  217. func NewConsumer(consumerKey string, consumerSecret string,
  218. serviceProvider ServiceProvider) *Consumer {
  219. consumer := newConsumer(consumerKey, serviceProvider, nil)
  220. consumer.signer = &HMACSigner{
  221. consumerSecret: consumerSecret,
  222. hashFunc: crypto.SHA1,
  223. }
  224. return consumer
  225. }
  226. // Creates a new Consumer instance, with a HMAC-SHA1 signer
  227. // - consumerKey and consumerSecret:
  228. // values you should obtain from the ServiceProvider when you register your
  229. // application.
  230. //
  231. // - serviceProvider:
  232. // see the documentation for ServiceProvider for how to create this.
  233. //
  234. // - httpClient:
  235. // Provides a custom implementation of the httpClient used under the hood
  236. // to make the request. This is especially useful if you want to use
  237. // Google App Engine.
  238. //
  239. func NewCustomHttpClientConsumer(consumerKey string, consumerSecret string,
  240. serviceProvider ServiceProvider, httpClient *http.Client) *Consumer {
  241. consumer := newConsumer(consumerKey, serviceProvider, httpClient)
  242. consumer.signer = &HMACSigner{
  243. consumerSecret: consumerSecret,
  244. hashFunc: crypto.SHA1,
  245. }
  246. return consumer
  247. }
  248. // Creates a new Consumer instance, with a HMAC signer
  249. // - consumerKey and consumerSecret:
  250. // values you should obtain from the ServiceProvider when you register your
  251. // application.
  252. //
  253. // - hashFunc:
  254. // the crypto.Hash to use for signatures
  255. //
  256. // - serviceProvider:
  257. // see the documentation for ServiceProvider for how to create this.
  258. //
  259. // - httpClient:
  260. // Provides a custom implementation of the httpClient used under the hood
  261. // to make the request. This is especially useful if you want to use
  262. // Google App Engine. Can be nil for default.
  263. //
  264. func NewCustomConsumer(consumerKey string, consumerSecret string,
  265. hashFunc crypto.Hash, serviceProvider ServiceProvider,
  266. httpClient *http.Client) *Consumer {
  267. consumer := newConsumer(consumerKey, serviceProvider, httpClient)
  268. consumer.signer = &HMACSigner{
  269. consumerSecret: consumerSecret,
  270. hashFunc: hashFunc,
  271. }
  272. return consumer
  273. }
  274. // Creates a new Consumer instance, with a RSA-SHA1 signer
  275. // - consumerKey:
  276. // value you should obtain from the ServiceProvider when you register your
  277. // application.
  278. //
  279. // - privateKey:
  280. // the private key to use for signatures
  281. //
  282. // - serviceProvider:
  283. // see the documentation for ServiceProvider for how to create this.
  284. //
  285. func NewRSAConsumer(consumerKey string, privateKey *rsa.PrivateKey,
  286. serviceProvider ServiceProvider) *Consumer {
  287. consumer := newConsumer(consumerKey, serviceProvider, nil)
  288. consumer.signer = &RSASigner{
  289. privateKey: privateKey,
  290. hashFunc: crypto.SHA1,
  291. rand: cryptoRand.Reader,
  292. }
  293. return consumer
  294. }
  295. // Creates a new Consumer instance, with a RSA signer
  296. // - consumerKey:
  297. // value you should obtain from the ServiceProvider when you register your
  298. // application.
  299. //
  300. // - privateKey:
  301. // the private key to use for signatures
  302. //
  303. // - hashFunc:
  304. // the crypto.Hash to use for signatures
  305. //
  306. // - serviceProvider:
  307. // see the documentation for ServiceProvider for how to create this.
  308. //
  309. // - httpClient:
  310. // Provides a custom implementation of the httpClient used under the hood
  311. // to make the request. This is especially useful if you want to use
  312. // Google App Engine. Can be nil for default.
  313. //
  314. func NewCustomRSAConsumer(consumerKey string, privateKey *rsa.PrivateKey,
  315. hashFunc crypto.Hash, serviceProvider ServiceProvider,
  316. httpClient *http.Client) *Consumer {
  317. consumer := newConsumer(consumerKey, serviceProvider, httpClient)
  318. consumer.signer = &RSASigner{
  319. privateKey: privateKey,
  320. hashFunc: hashFunc,
  321. rand: cryptoRand.Reader,
  322. }
  323. return consumer
  324. }
  325. // Kicks off the OAuth authorization process.
  326. // - callbackUrl:
  327. // Authorizing a token *requires* redirecting to the service provider. This is the
  328. // URL which the service provider will redirect the user back to after that
  329. // authorization is completed. The service provider will pass back a verification
  330. // code which is necessary to complete the rest of the process (in AuthorizeToken).
  331. // Notes on callbackUrl:
  332. // - Some (all?) service providers allow for setting "oob" (for out-of-band) as a
  333. // callback url. If this is set the service provider will present the
  334. // verification code directly to the user, and you must provide a place for
  335. // them to copy-and-paste it into.
  336. // - Otherwise, the user will be redirected to callbackUrl in the browser, and
  337. // will append a "oauth_verifier=<verifier>" parameter.
  338. //
  339. // This function returns:
  340. // - rtoken:
  341. // A temporary RequestToken, used during the authorization process. You must save
  342. // this since it will be necessary later in the process when calling
  343. // AuthorizeToken().
  344. //
  345. // - url:
  346. // A URL that you should redirect the user to in order that they may authorize you
  347. // to the service provider.
  348. //
  349. // - err:
  350. // Set only if there was an error, nil otherwise.
  351. func (c *Consumer) GetRequestTokenAndUrl(callbackUrl string) (rtoken *RequestToken, loginUrl string, err error) {
  352. return c.GetRequestTokenAndUrlWithParams(callbackUrl, c.AdditionalParams)
  353. }
  354. func (c *Consumer) GetRequestTokenAndUrlWithParams(callbackUrl string, additionalParams map[string]string) (rtoken *RequestToken, loginUrl string, err error) {
  355. params := c.baseParams(c.consumerKey, additionalParams)
  356. if callbackUrl != "" {
  357. params.Add(CALLBACK_PARAM, callbackUrl)
  358. }
  359. req := &request{
  360. method: c.serviceProvider.httpMethod(),
  361. url: c.serviceProvider.RequestTokenUrl,
  362. oauthParams: params,
  363. }
  364. if _, err := c.signRequest(req, ""); err != nil { // We don't have a token secret for the key yet
  365. return nil, "", err
  366. }
  367. resp, err := c.getBody(c.serviceProvider.httpMethod(), c.serviceProvider.RequestTokenUrl, params)
  368. if err != nil {
  369. return nil, "", errors.New("getBody: " + err.Error())
  370. }
  371. requestToken, err := parseRequestToken(*resp)
  372. if err != nil {
  373. return nil, "", errors.New("parseRequestToken: " + err.Error())
  374. }
  375. loginParams := make(url.Values)
  376. for k, v := range c.AdditionalAuthorizationUrlParams {
  377. loginParams.Set(k, v)
  378. }
  379. loginParams.Set(TOKEN_PARAM, requestToken.Token)
  380. loginUrl = c.serviceProvider.AuthorizeTokenUrl + "?" + loginParams.Encode()
  381. return requestToken, loginUrl, nil
  382. }
  383. // After the user has authorized you to the service provider, use this method to turn
  384. // your temporary RequestToken into a permanent AccessToken. You must pass in two values:
  385. // - rtoken:
  386. // The RequestToken returned from GetRequestTokenAndUrl()
  387. //
  388. // - verificationCode:
  389. // The string which passed back from the server, either as the oauth_verifier
  390. // query param appended to callbackUrl *OR* a string manually entered by the user
  391. // if callbackUrl is "oob"
  392. //
  393. // It will return:
  394. // - atoken:
  395. // A permanent AccessToken which can be used to access the user's data (until it is
  396. // revoked by the user or the service provider).
  397. //
  398. // - err:
  399. // Set only if there was an error, nil otherwise.
  400. func (c *Consumer) AuthorizeToken(rtoken *RequestToken, verificationCode string) (atoken *AccessToken, err error) {
  401. return c.AuthorizeTokenWithParams(rtoken, verificationCode, c.AdditionalParams)
  402. }
  403. func (c *Consumer) AuthorizeTokenWithParams(rtoken *RequestToken, verificationCode string, additionalParams map[string]string) (atoken *AccessToken, err error) {
  404. params := map[string]string{
  405. TOKEN_PARAM: rtoken.Token,
  406. }
  407. if verificationCode != "" {
  408. params[VERIFIER_PARAM] = verificationCode
  409. }
  410. return c.makeAccessTokenRequestWithParams(params, rtoken.Secret, additionalParams)
  411. }
  412. // Use the service provider to refresh the AccessToken for a given session.
  413. // Note that this is only supported for service providers that manage an
  414. // authorization session (e.g. Yahoo).
  415. //
  416. // Most providers do not return the SESSION_HANDLE_PARAM needed to refresh
  417. // the token.
  418. //
  419. // See http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
  420. // for more information.
  421. // - accessToken:
  422. // The AccessToken returned from AuthorizeToken()
  423. //
  424. // It will return:
  425. // - atoken:
  426. // An AccessToken which can be used to access the user's data (until it is
  427. // revoked by the user or the service provider).
  428. //
  429. // - err:
  430. // Set if accessToken does not contain the SESSION_HANDLE_PARAM needed to
  431. // refresh the token, or if an error occurred when making the request.
  432. func (c *Consumer) RefreshToken(accessToken *AccessToken) (atoken *AccessToken, err error) {
  433. params := make(map[string]string)
  434. sessionHandle, ok := accessToken.AdditionalData[SESSION_HANDLE_PARAM]
  435. if !ok {
  436. return nil, errors.New("Missing " + SESSION_HANDLE_PARAM + " in access token.")
  437. }
  438. params[SESSION_HANDLE_PARAM] = sessionHandle
  439. params[TOKEN_PARAM] = accessToken.Token
  440. return c.makeAccessTokenRequest(params, accessToken.Secret)
  441. }
  442. // Use the service provider to obtain an AccessToken for a given session
  443. // - params:
  444. // The access token request paramters.
  445. //
  446. // - secret:
  447. // Secret key to use when signing the access token request.
  448. //
  449. // It will return:
  450. // - atoken
  451. // An AccessToken which can be used to access the user's data (until it is
  452. // revoked by the user or the service provider).
  453. //
  454. // - err:
  455. // Set only if there was an error, nil otherwise.
  456. func (c *Consumer) makeAccessTokenRequest(params map[string]string, secret string) (atoken *AccessToken, err error) {
  457. return c.makeAccessTokenRequestWithParams(params, secret, c.AdditionalParams)
  458. }
  459. func (c *Consumer) makeAccessTokenRequestWithParams(params map[string]string, secret string, additionalParams map[string]string) (atoken *AccessToken, err error) {
  460. orderedParams := c.baseParams(c.consumerKey, additionalParams)
  461. for key, value := range params {
  462. orderedParams.Add(key, value)
  463. }
  464. req := &request{
  465. method: c.serviceProvider.httpMethod(),
  466. url: c.serviceProvider.AccessTokenUrl,
  467. oauthParams: orderedParams,
  468. }
  469. if _, err := c.signRequest(req, secret); err != nil {
  470. return nil, err
  471. }
  472. resp, err := c.getBody(c.serviceProvider.httpMethod(), c.serviceProvider.AccessTokenUrl, orderedParams)
  473. if err != nil {
  474. return nil, err
  475. }
  476. return parseAccessToken(*resp)
  477. }
  478. type RoundTripper struct {
  479. consumer *Consumer
  480. token *AccessToken
  481. }
  482. func (c *Consumer) MakeRoundTripper(token *AccessToken) (*RoundTripper, error) {
  483. return &RoundTripper{consumer: c, token: token}, nil
  484. }
  485. func (c *Consumer) MakeHttpClient(token *AccessToken) (*http.Client, error) {
  486. return &http.Client{
  487. Transport: &RoundTripper{consumer: c, token: token},
  488. }, nil
  489. }
  490. // ** DEPRECATED **
  491. // Please call Get on the http client returned by MakeHttpClient instead!
  492. //
  493. // Executes an HTTP Get, authorized via the AccessToken.
  494. // - url:
  495. // The base url, without any query params, which is being accessed
  496. //
  497. // - userParams:
  498. // Any key=value params to be included in the query string
  499. //
  500. // - token:
  501. // The AccessToken returned by AuthorizeToken()
  502. //
  503. // This method returns:
  504. // - resp:
  505. // The HTTP Response resulting from making this request.
  506. //
  507. // - err:
  508. // Set only if there was an error, nil otherwise.
  509. func (c *Consumer) Get(url string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  510. return c.makeAuthorizedRequest("GET", url, LOC_URL, "", userParams, token)
  511. }
  512. func encodeUserParams(userParams map[string]string) string {
  513. data := url.Values{}
  514. for k, v := range userParams {
  515. data.Add(k, v)
  516. }
  517. return data.Encode()
  518. }
  519. // ** DEPRECATED **
  520. // Please call "Post" on the http client returned by MakeHttpClient instead
  521. func (c *Consumer) PostForm(url string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  522. return c.PostWithBody(url, "", userParams, token)
  523. }
  524. // ** DEPRECATED **
  525. // Please call "Post" on the http client returned by MakeHttpClient instead
  526. func (c *Consumer) Post(url string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  527. return c.PostWithBody(url, "", userParams, token)
  528. }
  529. // ** DEPRECATED **
  530. // Please call "Post" on the http client returned by MakeHttpClient instead
  531. func (c *Consumer) PostWithBody(url string, body string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  532. return c.makeAuthorizedRequest("POST", url, LOC_BODY, body, userParams, token)
  533. }
  534. // ** DEPRECATED **
  535. // Please call "Do" on the http client returned by MakeHttpClient instead
  536. // (and set the "Content-Type" header explicitly in the http.Request)
  537. func (c *Consumer) PostJson(url string, body string, token *AccessToken) (resp *http.Response, err error) {
  538. return c.makeAuthorizedRequest("POST", url, LOC_JSON, body, nil, token)
  539. }
  540. // ** DEPRECATED **
  541. // Please call "Do" on the http client returned by MakeHttpClient instead
  542. // (and set the "Content-Type" header explicitly in the http.Request)
  543. func (c *Consumer) PostXML(url string, body string, token *AccessToken) (resp *http.Response, err error) {
  544. return c.makeAuthorizedRequest("POST", url, LOC_XML, body, nil, token)
  545. }
  546. // ** DEPRECATED **
  547. // Please call "Do" on the http client returned by MakeHttpClient instead
  548. // (and setup the multipart data explicitly in the http.Request)
  549. func (c *Consumer) PostMultipart(url, multipartName string, multipartData io.ReadCloser, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  550. return c.makeAuthorizedRequestReader("POST", url, LOC_MULTIPART, 0, multipartName, multipartData, userParams, token)
  551. }
  552. // ** DEPRECATED **
  553. // Please call "Delete" on the http client returned by MakeHttpClient instead
  554. func (c *Consumer) Delete(url string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  555. return c.makeAuthorizedRequest("DELETE", url, LOC_URL, "", userParams, token)
  556. }
  557. // ** DEPRECATED **
  558. // Please call "Put" on the http client returned by MakeHttpClient instead
  559. func (c *Consumer) Put(url string, body string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  560. return c.makeAuthorizedRequest("PUT", url, LOC_URL, body, userParams, token)
  561. }
  562. func (c *Consumer) Debug(enabled bool) {
  563. c.debug = enabled
  564. c.signer.Debug(enabled)
  565. }
  566. type pair struct {
  567. key string
  568. value string
  569. }
  570. type pairs []pair
  571. func (p pairs) Len() int { return len(p) }
  572. func (p pairs) Less(i, j int) bool { return p[i].key < p[j].key }
  573. func (p pairs) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
  574. // This function has basically turned into a backwards compatibility layer
  575. // between the old API (where clients explicitly called consumer.Get()
  576. // consumer.Post() etc), and the new API (which takes actual http.Requests)
  577. //
  578. // So, here we construct the appropriate HTTP request for the inputs.
  579. func (c *Consumer) makeAuthorizedRequestReader(method string, urlString string, dataLocation DataLocation, contentLength int, multipartName string, body io.ReadCloser, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  580. urlObject, err := url.Parse(urlString)
  581. if err != nil {
  582. return nil, err
  583. }
  584. request := &http.Request{
  585. Method: method,
  586. URL: urlObject,
  587. Header: http.Header{},
  588. Body: body,
  589. ContentLength: int64(contentLength),
  590. }
  591. vals := url.Values{}
  592. for k, v := range userParams {
  593. vals.Add(k, v)
  594. }
  595. if dataLocation != LOC_BODY {
  596. request.URL.RawQuery = vals.Encode()
  597. request.URL.RawQuery = strings.Replace(
  598. request.URL.RawQuery, ";", "%3B", -1)
  599. } else {
  600. // TODO(mrjones): validate that we're not overrideing an exising body?
  601. request.ContentLength = int64(len(vals.Encode()))
  602. if request.ContentLength == 0 {
  603. request.Body = nil
  604. } else {
  605. request.Body = ioutil.NopCloser(strings.NewReader(vals.Encode()))
  606. }
  607. }
  608. for k, vs := range c.AdditionalHeaders {
  609. for _, v := range vs {
  610. request.Header.Set(k, v)
  611. }
  612. }
  613. if dataLocation == LOC_BODY {
  614. request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
  615. }
  616. if dataLocation == LOC_JSON {
  617. request.Header.Set("Content-Type", "application/json")
  618. }
  619. if dataLocation == LOC_XML {
  620. request.Header.Set("Content-Type", "application/xml")
  621. }
  622. if dataLocation == LOC_MULTIPART {
  623. pipeReader, pipeWriter := io.Pipe()
  624. writer := multipart.NewWriter(pipeWriter)
  625. if request.URL.Host == "www.mrjon.es" &&
  626. request.URL.Path == "/unittest" {
  627. writer.SetBoundary("UNITTESTBOUNDARY")
  628. }
  629. go func(body io.Reader) {
  630. part, err := writer.CreateFormFile(multipartName, "/no/matter")
  631. if err != nil {
  632. writer.Close()
  633. pipeWriter.CloseWithError(err)
  634. return
  635. }
  636. _, err = io.Copy(part, body)
  637. if err != nil {
  638. writer.Close()
  639. pipeWriter.CloseWithError(err)
  640. return
  641. }
  642. writer.Close()
  643. pipeWriter.Close()
  644. }(body)
  645. request.Body = pipeReader
  646. request.Header.Set("Content-Type", writer.FormDataContentType())
  647. }
  648. rt := RoundTripper{consumer: c, token: token}
  649. resp, err = rt.RoundTrip(request)
  650. if err != nil {
  651. return resp, err
  652. }
  653. if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices {
  654. defer resp.Body.Close()
  655. bytes, _ := ioutil.ReadAll(resp.Body)
  656. return resp, HTTPExecuteError{
  657. RequestHeaders: "",
  658. ResponseBodyBytes: bytes,
  659. Status: resp.Status,
  660. StatusCode: resp.StatusCode,
  661. }
  662. }
  663. return resp, nil
  664. }
  665. // cloneReq clones the src http.Request, making deep copies of the Header and
  666. // the URL but shallow copies of everything else
  667. func cloneReq(src *http.Request) *http.Request {
  668. dst := &http.Request{}
  669. *dst = *src
  670. dst.Header = make(http.Header, len(src.Header))
  671. for k, s := range src.Header {
  672. dst.Header[k] = append([]string(nil), s...)
  673. }
  674. if src.URL != nil {
  675. dst.URL = cloneURL(src.URL)
  676. }
  677. return dst
  678. }
  679. // cloneURL shallow clones the src *url.URL
  680. func cloneURL(src *url.URL) *url.URL {
  681. dst := &url.URL{}
  682. *dst = *src
  683. return dst
  684. }
  685. func canonicalizeUrl(u *url.URL) string {
  686. var buf bytes.Buffer
  687. buf.WriteString(u.Scheme)
  688. buf.WriteString("://")
  689. buf.WriteString(u.Host)
  690. buf.WriteString(u.Path)
  691. return buf.String()
  692. }
  693. func getBody(request *http.Request) ([]byte, error) {
  694. if request.Body == nil {
  695. return nil, nil
  696. }
  697. defer request.Body.Close()
  698. originalBody, err := ioutil.ReadAll(request.Body)
  699. if err != nil {
  700. return nil, err
  701. }
  702. // We have to re-install the body (because we've ruined it by reading it).
  703. if len(originalBody) > 0 {
  704. request.Body = ioutil.NopCloser(bytes.NewReader(originalBody))
  705. } else {
  706. request.Body = nil
  707. }
  708. return originalBody, nil
  709. }
  710. func parseBody(request *http.Request) (map[string]string, error) {
  711. userParams := map[string]string{}
  712. // TODO(mrjones): factor parameter extraction into a separate method
  713. if request.Header.Get("Content-Type") !=
  714. "application/x-www-form-urlencoded" {
  715. // Most of the time we get parameters from the query string:
  716. for k, vs := range request.URL.Query() {
  717. if len(vs) != 1 {
  718. return nil, fmt.Errorf("Must have exactly one value per param")
  719. }
  720. userParams[k] = vs[0]
  721. }
  722. } else {
  723. // x-www-form-urlencoded parameters come from the body instead:
  724. body, err := getBody(request)
  725. if err != nil {
  726. return nil, err
  727. }
  728. params, err := url.ParseQuery(string(body))
  729. if err != nil {
  730. return nil, err
  731. }
  732. for k, vs := range params {
  733. if len(vs) != 1 {
  734. return nil, fmt.Errorf("Must have exactly one value per param")
  735. }
  736. userParams[k] = vs[0]
  737. }
  738. }
  739. return userParams, nil
  740. }
  741. func paramsToSortedPairs(params map[string]string) pairs {
  742. // Sort parameters alphabetically
  743. paramPairs := make(pairs, len(params))
  744. i := 0
  745. for key, value := range params {
  746. paramPairs[i] = pair{key: key, value: value}
  747. i++
  748. }
  749. sort.Sort(paramPairs)
  750. return paramPairs
  751. }
  752. func calculateBodyHash(request *http.Request, s signer) (string, error) {
  753. if request.Header.Get("Content-Type") ==
  754. "application/x-www-form-urlencoded" {
  755. return "", nil
  756. }
  757. var body []byte
  758. if request.Body != nil {
  759. var err error
  760. body, err = getBody(request)
  761. if err != nil {
  762. return "", err
  763. }
  764. }
  765. h := s.HashFunc().New()
  766. h.Write(body)
  767. rawSignature := h.Sum(nil)
  768. return base64.StdEncoding.EncodeToString(rawSignature), nil
  769. }
  770. func (rt *RoundTripper) RoundTrip(userRequest *http.Request) (*http.Response, error) {
  771. serverRequest := cloneReq(userRequest)
  772. allParams := rt.consumer.baseParams(
  773. rt.consumer.consumerKey, rt.consumer.AdditionalParams)
  774. // Do not add the "oauth_token" parameter, if the access token has not been
  775. // specified. By omitting this parameter when it is not specified, allows
  776. // two-legged OAuth calls.
  777. if len(rt.token.Token) > 0 {
  778. allParams.Add(TOKEN_PARAM, rt.token.Token)
  779. }
  780. if rt.consumer.serviceProvider.BodyHash {
  781. bodyHash, err := calculateBodyHash(serverRequest, rt.consumer.signer)
  782. if err != nil {
  783. return nil, err
  784. }
  785. if bodyHash != "" {
  786. allParams.Add(BODY_HASH_PARAM, bodyHash)
  787. }
  788. }
  789. authParams := allParams.Clone()
  790. // TODO(mrjones): put these directly into the paramPairs below?
  791. userParams, err := parseBody(serverRequest)
  792. if err != nil {
  793. return nil, err
  794. }
  795. paramPairs := paramsToSortedPairs(userParams)
  796. for i := range paramPairs {
  797. allParams.Add(paramPairs[i].key, paramPairs[i].value)
  798. }
  799. signingURL := cloneURL(serverRequest.URL)
  800. if host := serverRequest.Host; host != "" {
  801. signingURL.Host = host
  802. }
  803. baseString := rt.consumer.requestString(serverRequest.Method, canonicalizeUrl(signingURL), allParams)
  804. signature, err := rt.consumer.signer.Sign(baseString, rt.token.Secret)
  805. if err != nil {
  806. return nil, err
  807. }
  808. authParams.Add(SIGNATURE_PARAM, signature)
  809. // Set auth header.
  810. oauthHdr := OAUTH_HEADER
  811. for pos, key := range authParams.Keys() {
  812. for innerPos, value := range authParams.Get(key) {
  813. if pos+innerPos > 0 {
  814. oauthHdr += ","
  815. }
  816. oauthHdr += key + "=\"" + value + "\""
  817. }
  818. }
  819. serverRequest.Header.Add(HTTP_AUTH_HEADER, oauthHdr)
  820. if rt.consumer.debug {
  821. fmt.Printf("Request: %v\n", serverRequest)
  822. }
  823. resp, err := rt.consumer.HttpClient.Do(serverRequest)
  824. if err != nil {
  825. return resp, err
  826. }
  827. return resp, nil
  828. }
  829. func (c *Consumer) makeAuthorizedRequest(method string, url string, dataLocation DataLocation, body string, userParams map[string]string, token *AccessToken) (resp *http.Response, err error) {
  830. return c.makeAuthorizedRequestReader(method, url, dataLocation, len(body), "", ioutil.NopCloser(strings.NewReader(body)), userParams, token)
  831. }
  832. type request struct {
  833. method string
  834. url string
  835. oauthParams *OrderedParams
  836. userParams map[string]string
  837. }
  838. type HttpClient interface {
  839. Do(req *http.Request) (resp *http.Response, err error)
  840. }
  841. type clock interface {
  842. Seconds() int64
  843. Nanos() int64
  844. }
  845. type nonceGenerator interface {
  846. Int63() int64
  847. }
  848. type key interface {
  849. String() string
  850. }
  851. type signer interface {
  852. Sign(message string, tokenSecret string) (string, error)
  853. Verify(message string, signature string) error
  854. SignatureMethod() string
  855. HashFunc() crypto.Hash
  856. Debug(enabled bool)
  857. }
  858. type defaultClock struct{}
  859. func (*defaultClock) Seconds() int64 {
  860. return time.Now().Unix()
  861. }
  862. func (*defaultClock) Nanos() int64 {
  863. return time.Now().UnixNano()
  864. }
  865. func (c *Consumer) signRequest(req *request, tokenSecret string) (*request, error) {
  866. baseString := c.requestString(req.method, req.url, req.oauthParams)
  867. signature, err := c.signer.Sign(baseString, tokenSecret)
  868. if err != nil {
  869. return nil, err
  870. }
  871. req.oauthParams.Add(SIGNATURE_PARAM, signature)
  872. return req, nil
  873. }
  874. // Obtains an AccessToken from the response of a service provider.
  875. // - data:
  876. // The response body.
  877. //
  878. // This method returns:
  879. // - atoken:
  880. // The AccessToken generated from the response body.
  881. //
  882. // - err:
  883. // Set if an AccessToken could not be parsed from the given input.
  884. func parseAccessToken(data string) (atoken *AccessToken, err error) {
  885. parts, err := url.ParseQuery(data)
  886. if err != nil {
  887. return nil, err
  888. }
  889. tokenParam := parts[TOKEN_PARAM]
  890. parts.Del(TOKEN_PARAM)
  891. if len(tokenParam) < 1 {
  892. return nil, errors.New("Missing " + TOKEN_PARAM + " in response. " +
  893. "Full response body: '" + data + "'")
  894. }
  895. tokenSecretParam := parts[TOKEN_SECRET_PARAM]
  896. parts.Del(TOKEN_SECRET_PARAM)
  897. if len(tokenSecretParam) < 1 {
  898. return nil, errors.New("Missing " + TOKEN_SECRET_PARAM + " in response." +
  899. "Full response body: '" + data + "'")
  900. }
  901. additionalData := parseAdditionalData(parts)
  902. return &AccessToken{tokenParam[0], tokenSecretParam[0], additionalData}, nil
  903. }
  904. func parseRequestToken(data string) (*RequestToken, error) {
  905. parts, err := url.ParseQuery(data)
  906. if err != nil {
  907. return nil, err
  908. }
  909. tokenParam := parts[TOKEN_PARAM]
  910. if len(tokenParam) < 1 {
  911. return nil, errors.New("Missing " + TOKEN_PARAM + " in response. " +
  912. "Full response body: '" + data + "'")
  913. }
  914. tokenSecretParam := parts[TOKEN_SECRET_PARAM]
  915. if len(tokenSecretParam) < 1 {
  916. return nil, errors.New("Missing " + TOKEN_SECRET_PARAM + " in response." +
  917. "Full response body: '" + data + "'")
  918. }
  919. return &RequestToken{tokenParam[0], tokenSecretParam[0]}, nil
  920. }
  921. func (c *Consumer) baseParams(consumerKey string, additionalParams map[string]string) *OrderedParams {
  922. params := NewOrderedParams()
  923. params.Add(VERSION_PARAM, OAUTH_VERSION)
  924. params.Add(SIGNATURE_METHOD_PARAM, c.signer.SignatureMethod())
  925. params.Add(TIMESTAMP_PARAM, strconv.FormatInt(c.clock.Seconds(), 10))
  926. params.Add(NONCE_PARAM, strconv.FormatInt(c.nonceGenerator.Int63(), 10))
  927. params.Add(CONSUMER_KEY_PARAM, consumerKey)
  928. for key, value := range additionalParams {
  929. params.Add(key, value)
  930. }
  931. return params
  932. }
  933. func parseAdditionalData(parts url.Values) map[string]string {
  934. params := make(map[string]string)
  935. for key, value := range parts {
  936. if len(value) > 0 {
  937. params[key] = value[0]
  938. }
  939. }
  940. return params
  941. }
  942. type HMACSigner struct {
  943. consumerSecret string
  944. hashFunc crypto.Hash
  945. debug bool
  946. }
  947. func (s *HMACSigner) Debug(enabled bool) {
  948. s.debug = enabled
  949. }
  950. func (s *HMACSigner) Sign(message string, tokenSecret string) (string, error) {
  951. key := escape(s.consumerSecret) + "&" + escape(tokenSecret)
  952. if s.debug {
  953. fmt.Println("Signing:", message)
  954. fmt.Println("Key:", key)
  955. }
  956. h := hmac.New(s.HashFunc().New, []byte(key))
  957. h.Write([]byte(message))
  958. rawSignature := h.Sum(nil)
  959. base64signature := base64.StdEncoding.EncodeToString(rawSignature)
  960. if s.debug {
  961. fmt.Println("Base64 signature:", base64signature)
  962. }
  963. return base64signature, nil
  964. }
  965. func (s *HMACSigner) Verify(message string, signature string) error {
  966. if s.debug {
  967. fmt.Println("Verifying Base64 signature:", signature)
  968. }
  969. validSignature, err := s.Sign(message, "")
  970. if err != nil {
  971. return err
  972. }
  973. if validSignature != signature {
  974. decodedSigniture, _ := url.QueryUnescape(signature)
  975. if validSignature != decodedSigniture {
  976. return fmt.Errorf("signature did not match")
  977. }
  978. }
  979. return nil
  980. }
  981. func (s *HMACSigner) SignatureMethod() string {
  982. return SIGNATURE_METHOD_HMAC + HASH_METHOD_MAP[s.HashFunc()]
  983. }
  984. func (s *HMACSigner) HashFunc() crypto.Hash {
  985. return s.hashFunc
  986. }
  987. type RSASigner struct {
  988. debug bool
  989. rand io.Reader
  990. privateKey *rsa.PrivateKey
  991. hashFunc crypto.Hash
  992. }
  993. func (s *RSASigner) Debug(enabled bool) {
  994. s.debug = enabled
  995. }
  996. func (s *RSASigner) Sign(message string, tokenSecret string) (string, error) {
  997. if s.debug {
  998. fmt.Println("Signing:", message)
  999. }
  1000. h := s.HashFunc().New()
  1001. h.Write([]byte(message))
  1002. digest := h.Sum(nil)
  1003. signature, err := rsa.SignPKCS1v15(s.rand, s.privateKey, s.HashFunc(), digest)
  1004. if err != nil {
  1005. return "", nil
  1006. }
  1007. base64signature := base64.StdEncoding.EncodeToString(signature)
  1008. if s.debug {
  1009. fmt.Println("Base64 signature:", base64signature)
  1010. }
  1011. return base64signature, nil
  1012. }
  1013. func (s *RSASigner) Verify(message string, base64signature string) error {
  1014. if s.debug {
  1015. fmt.Println("Verifying:", message)
  1016. fmt.Println("Verifying Base64 signature:", base64signature)
  1017. }
  1018. h := s.HashFunc().New()
  1019. h.Write([]byte(message))
  1020. digest := h.Sum(nil)
  1021. signature, err := base64.StdEncoding.DecodeString(base64signature)
  1022. if err != nil {
  1023. return err
  1024. }
  1025. return rsa.VerifyPKCS1v15(&s.privateKey.PublicKey, s.HashFunc(), digest, signature)
  1026. }
  1027. func (s *RSASigner) SignatureMethod() string {
  1028. return SIGNATURE_METHOD_RSA + HASH_METHOD_MAP[s.HashFunc()]
  1029. }
  1030. func (s *RSASigner) HashFunc() crypto.Hash {
  1031. return s.hashFunc
  1032. }
  1033. func escape(s string) string {
  1034. t := make([]byte, 0, 3*len(s))
  1035. for i := 0; i < len(s); i++ {
  1036. c := s[i]
  1037. if isEscapable(c) {
  1038. t = append(t, '%')
  1039. t = append(t, "0123456789ABCDEF"[c>>4])
  1040. t = append(t, "0123456789ABCDEF"[c&15])
  1041. } else {
  1042. t = append(t, s[i])
  1043. }
  1044. }
  1045. return string(t)
  1046. }
  1047. func isEscapable(b byte) bool {
  1048. return !('A' <= b && b <= 'Z' || 'a' <= b && b <= 'z' || '0' <= b && b <= '9' || b == '-' || b == '.' || b == '_' || b == '~')
  1049. }
  1050. func (c *Consumer) requestString(method string, url string, params *OrderedParams) string {
  1051. result := method + "&" + escape(url)
  1052. for pos, key := range params.Keys() {
  1053. for innerPos, value := range params.Get(key) {
  1054. if pos+innerPos == 0 {
  1055. result += "&"
  1056. } else {
  1057. result += escape("&")
  1058. }
  1059. result += escape(fmt.Sprintf("%s=%s", key, value))
  1060. }
  1061. }
  1062. return result
  1063. }
  1064. func (c *Consumer) getBody(method, url string, oauthParams *OrderedParams) (*string, error) {
  1065. resp, err := c.httpExecute(method, url, "", 0, nil, oauthParams)
  1066. if err != nil {
  1067. return nil, errors.New("httpExecute: " + err.Error())
  1068. }
  1069. bodyBytes, err := ioutil.ReadAll(resp.Body)
  1070. resp.Body.Close()
  1071. if err != nil {
  1072. return nil, errors.New("ReadAll: " + err.Error())
  1073. }
  1074. bodyStr := string(bodyBytes)
  1075. if c.debug {
  1076. fmt.Printf("STATUS: %d %s\n", resp.StatusCode, resp.Status)
  1077. fmt.Println("BODY RESPONSE: " + bodyStr)
  1078. }
  1079. return &bodyStr, nil
  1080. }
  1081. // HTTPExecuteError signals that a call to httpExecute failed.
  1082. type HTTPExecuteError struct {
  1083. // RequestHeaders provides a stringified listing of request headers.
  1084. RequestHeaders string
  1085. // ResponseBodyBytes is the response read into a byte slice.
  1086. ResponseBodyBytes []byte
  1087. // Status is the status code string response.
  1088. Status string
  1089. // StatusCode is the parsed status code.
  1090. StatusCode int
  1091. }
  1092. // Error provides a printable string description of an HTTPExecuteError.
  1093. func (e HTTPExecuteError) Error() string {
  1094. return "HTTP response is not 200/OK as expected. Actual response: \n" +
  1095. "\tResponse Status: '" + e.Status + "'\n" +
  1096. "\tResponse Code: " + strconv.Itoa(e.StatusCode) + "\n" +
  1097. "\tResponse Body: " + string(e.ResponseBodyBytes) + "\n" +
  1098. "\tRequest Headers: " + e.RequestHeaders
  1099. }
  1100. func (c *Consumer) httpExecute(
  1101. method string, urlStr string, contentType string, contentLength int, body io.Reader, oauthParams *OrderedParams) (*http.Response, error) {
  1102. // Create base request.
  1103. req, err := http.NewRequest(method, urlStr, body)
  1104. if err != nil {
  1105. return nil, errors.New("NewRequest failed: " + err.Error())
  1106. }
  1107. // Set auth header.
  1108. req.Header = http.Header{}
  1109. oauthHdr := "OAuth "
  1110. for pos, key := range oauthParams.Keys() {
  1111. for innerPos, value := range oauthParams.Get(key) {
  1112. if pos+innerPos > 0 {
  1113. oauthHdr += ","
  1114. }
  1115. oauthHdr += key + "=\"" + value + "\""
  1116. }
  1117. }
  1118. req.Header.Add("Authorization", oauthHdr)
  1119. // Add additional custom headers
  1120. for key, vals := range c.AdditionalHeaders {
  1121. for _, val := range vals {
  1122. req.Header.Add(key, val)
  1123. }
  1124. }
  1125. // Set contentType if passed.
  1126. if contentType != "" {
  1127. req.Header.Set("Content-Type", contentType)
  1128. }
  1129. // Set contentLength if passed.
  1130. if contentLength > 0 {
  1131. req.Header.Set("Content-Length", strconv.Itoa(contentLength))
  1132. }
  1133. if c.debug {
  1134. fmt.Printf("Request: %v\n", req)
  1135. }
  1136. resp, err := c.HttpClient.Do(req)
  1137. if err != nil {
  1138. return nil, errors.New("Do: " + err.Error())
  1139. }
  1140. debugHeader := ""
  1141. for k, vals := range req.Header {
  1142. for _, val := range vals {
  1143. debugHeader += "[key: " + k + ", val: " + val + "]"
  1144. }
  1145. }
  1146. // StatusMultipleChoices is 300, any 2xx response should be treated as success
  1147. if resp.StatusCode < http.StatusOK || resp.StatusCode >= http.StatusMultipleChoices {
  1148. defer resp.Body.Close()
  1149. bytes, _ := ioutil.ReadAll(resp.Body)
  1150. return resp, HTTPExecuteError{
  1151. RequestHeaders: debugHeader,
  1152. ResponseBodyBytes: bytes,
  1153. Status: resp.Status,
  1154. StatusCode: resp.StatusCode,
  1155. }
  1156. }
  1157. return resp, err
  1158. }
  1159. //
  1160. // String Sorting helpers
  1161. //
  1162. type ByValue []string
  1163. func (a ByValue) Len() int {
  1164. return len(a)
  1165. }
  1166. func (a ByValue) Swap(i, j int) {
  1167. a[i], a[j] = a[j], a[i]
  1168. }
  1169. func (a ByValue) Less(i, j int) bool {
  1170. return a[i] < a[j]
  1171. }
  1172. //
  1173. // ORDERED PARAMS
  1174. //
  1175. type OrderedParams struct {
  1176. allParams map[string][]string
  1177. keyOrdering []string
  1178. }
  1179. func NewOrderedParams() *OrderedParams {
  1180. return &OrderedParams{
  1181. allParams: make(map[string][]string),
  1182. keyOrdering: make([]string, 0),
  1183. }
  1184. }
  1185. func (o *OrderedParams) Get(key string) []string {
  1186. sort.Sort(ByValue(o.allParams[key]))
  1187. return o.allParams[key]
  1188. }
  1189. func (o *OrderedParams) Keys() []string {
  1190. sort.Sort(o)
  1191. return o.keyOrdering
  1192. }
  1193. func (o *OrderedParams) Add(key, value string) {
  1194. o.AddUnescaped(key, escape(value))
  1195. }
  1196. func (o *OrderedParams) AddUnescaped(key, value string) {
  1197. if _, exists := o.allParams[key]; !exists {
  1198. o.keyOrdering = append(o.keyOrdering, key)
  1199. o.allParams[key] = make([]string, 1)
  1200. o.allParams[key][0] = value
  1201. } else {
  1202. o.allParams[key] = append(o.allParams[key], value)
  1203. }
  1204. }
  1205. func (o *OrderedParams) Len() int {
  1206. return len(o.keyOrdering)
  1207. }
  1208. func (o *OrderedParams) Less(i int, j int) bool {
  1209. return o.keyOrdering[i] < o.keyOrdering[j]
  1210. }
  1211. func (o *OrderedParams) Swap(i int, j int) {
  1212. o.keyOrdering[i], o.keyOrdering[j] = o.keyOrdering[j], o.keyOrdering[i]
  1213. }
  1214. func (o *OrderedParams) Clone() *OrderedParams {
  1215. clone := NewOrderedParams()
  1216. for _, key := range o.Keys() {
  1217. for _, value := range o.Get(key) {
  1218. clone.AddUnescaped(key, value)
  1219. }
  1220. }
  1221. return clone
  1222. }
上海开阖软件有限公司 沪ICP备12045867号-1