first commit - 0.0.1 - functional!

wearefractal · Sep 5, 2011 · 9657317 · 9657317
1 parent abd649f
commit 9657317
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -1,19 +1,19 @@
-**Nothing here yet**
+**node-digest is a library to make HTTP Digest authentication easy in NodeJS**
 
 
 ## Installation
 
 To install Protege, use [npm](http://github.com/isaacs/npm):
 
-        $ npm install -g APPNAME
+        $ npm install digest
 
 ## Usage
 
 Nothing here yet
 
 ## Examples
 
-You can view further examples in the [example folder.](https://github.com/Contra/APPNAME/tree/master/examples)
+You can view further examples in the [example folder.](https://github.com/Contra/node-digest/tree/master/examples)
 
 ## Contributors
 

diff --git a/examples/test.coffee b/examples/test.coffee
@@ -0,0 +1,10 @@
+digest = require '../lib/main.coffee'
+config = digest.config
+
+server = digest.createServer 'admin', 'password', (req, res) ->
+  res.writeHead 200, 'Content-Type': 'text/plain'
+  res.end 'Hello world! You are authenticated!'
+
+server.listen 8080
+
+console.log 'Server running!'
diff --git a/lib/config.coffee b/lib/config.coffee
@@ -1,2 +1,6 @@
 module.exports =
-  something: 'nothing here yet'
+  timeout: 3600000
+  realm: 'node-digest'
+  opaque: 'naked'
+  key: 'contra'
+
diff --git a/lib/main.coffee b/lib/main.coffee
@@ -1,2 +1,78 @@
-module.exports =
-  log: require './logger'
+## I looked over https://github.com/thedjinn/node-http-digest while making this and used a lot of code
+## Thanks djinn!
+
+require 'protege'
+http = require 'http'
+config = require './config'
+log = require './logger'
+hashlib = require 'hashlib'
+
+nonces = {}
+
+
+parseHeader = (header) ->
+  # Check for inconsistencies
+  if !header?
+    return false
+  unless header.startsWithIgnoreCase 'digest'
+    return false
+
+  out = {}   
+  # Remove 'Digest ' from the string
+  header = header.downcase().replace 'digest ', ''
+  chunks = header.split ', '
+
+  for piece in chunks
+    val = piece.trim().split '='
+    if val.length < 2
+      return false
+    out[val[0]] = val[1].replaceAll '"', ''
+  return out
+
+authenticate = (request, header, username, password) ->
+  authinfo = parseHeader header
+
+  # Check for inconsistencies
+  if !authinfo
+    return false
+  unless authinfo.nonce of nonces
+    return false
+  if authinfo.algorithm is 'MD5-sess'
+    return false
+  if authinfo.qop is 'auth-int'
+    return false
+  if authinfo.username isnt username
+    return false
+
+  userAuth = authinfo.username + ':' + config.realm + ':' + password
+  methodAuth = request.method + ':' + authinfo.uri
+
+  if !authinfo.qop?
+    digest = hashlib.md5 [hashlib.md5(userAuth), authinfo.nonce, hashlib.md5(methodAuth)].join(':')
+  else
+    if authinfo.nc <= nonces[authinfo.nonce].count
+      return false
+    nonces[authinfo.nonce].count = authinfo.nc
+    digest = hashlib.md5 [hashlib.md5(userAuth), authinfo.nonce, authinfo.nc, authinfo.cnonce, authinfo.qop, hashlib.md5(methodAuth)].join(':')
+  return digest is authinfo.response
+
+digest = (request, response, username, password, callback) ->
+  authenticated = false
+
+  if request.headers.authorization?
+    header = request.headers.authorization
+
+  if authenticate request, header, username, password
+    callback request, response
+  else
+    nonce = hashlib.md5 new Date().getTime() + config.key
+    nonces[nonce] = count: 0
+    setTimeout nonces.remove, config.timeout, nonce
+    opaque = hashlib.md5 config.opaque
+    response.writeHead 401, {'WWW-Authenticate': 'Digest realm="' + config.realm + '", qop="auth", nonce="' + nonce + '", opaque="' + opaque + '"'}
+    response.end '401 Unauthorized'
+
+exports.createServer = (username, password, callback) ->
+  @server = http.createServer (request, response) ->
+    digest request, response, username, password, callback
+  return @server
diff --git a/package.json b/package.json
@@ -1,24 +1,25 @@
 {
-   "name":"APPNAME",
-   "description":"Nothing here yet",
+   "name":"digest",
+   "description":"HTTP Digest authentication for NodeJS",
    "version":"0.0.1",
-   "homepage":"http://github.com/Contra/APPNAME",
-   "repository":"git://github.com/Contra/APPNAME.git",
+   "homepage":"http://github.com/Contra/node-digest",
+   "repository":"git://github.com/Contra/node-digest.git",
    "author":"Contra <contra@australia.edu> (http://wearefractal.com/)",
    "main":"./lib/main.coffee",
 
    "dependencies":{
       "coffee-script":"*",
       "colors":"*",
-      "protege":"*"
+      "protege":"*",
+      "hashlib":"*"
    },
    "engines":{
       "node":">= 0.4.0"
    },
    "licenses":[
       {
          "type":"MIT",
-         "url":"http://github.com/Contra/APPNAME/raw/master/LICENSE"
+         "url":"http://github.com/Contra/node-digest/raw/master/LICENSE"
       }
    ]
 }