You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2014/02/19 21:10:11 UTC
svn commit: r1569895 - in /wookie/trunk/wookie-server/src/main/webapp/demo:
enc-base64-min.js hmac-sha256.js index.htm wookie-connector.js
Author: scottbw
Date: Wed Feb 19 20:10:11 2014
New Revision: 1569895
URL: http://svn.apache.org/r1569895
Log:
Support signed API requests in JS connector and the demo site
Added:
wookie/trunk/wookie-server/src/main/webapp/demo/enc-base64-min.js (with props)
wookie/trunk/wookie-server/src/main/webapp/demo/hmac-sha256.js (with props)
Modified:
wookie/trunk/wookie-server/src/main/webapp/demo/index.htm
wookie/trunk/wookie-server/src/main/webapp/demo/wookie-connector.js
Added: wookie/trunk/wookie-server/src/main/webapp/demo/enc-base64-min.js
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/webapp/demo/enc-base64-min.js?rev=1569895&view=auto
==============================================================================
--- wookie/trunk/wookie-server/src/main/webapp/demo/enc-base64-min.js (added)
+++ wookie/trunk/wookie-server/src/main/webapp/demo/enc-base64-min.js Wed Feb 19 20:10:11 2014
@@ -0,0 +1,8 @@
+/*
+CryptoJS v3.1.2
+code.google.com/p/crypto-js
+(c) 2009-2013 by Jeff Mott. All rights reserved.
+code.google.com/p/crypto-js/wiki/License
+*/
+(function(){var h=CryptoJS,j=h.lib.WordArray;h.enc.Base64={stringify:function(b){var e=b.words,f=b.sigBytes,c=this._map;b.clamp();b=[];for(var a=0;a<f;a+=3)for(var d=(e[a>>>2]>>>24-8*(a%4)&255)<<16|(e[a+1>>>2]>>>24-8*((a+1)%4)&255)<<8|e[a+2>>>2]>>>24-8*((a+2)%4)&255,g=0;4>g&&a+0.75*g<f;g++)b.push(c.charAt(d>>>6*(3-g)&63));if(e=c.charAt(64))for(;b.length%4;)b.push(e);return b.join("")},parse:function(b){var e=b.length,f=this._map,c=f.charAt(64);c&&(c=b.indexOf(c),-1!=c&&(e=c));for(var c=[],a=0,d=0;d<
+e;d++)if(d%4){var g=f.indexOf(b.charAt(d-1))<<2*(d%4),h=f.indexOf(b.charAt(d))>>>6-2*(d%4);c[a>>>2]|=(g|h)<<24-8*(a%4);a++}return j.create(c,a)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}})();
Propchange: wookie/trunk/wookie-server/src/main/webapp/demo/enc-base64-min.js
------------------------------------------------------------------------------
svn:executable = *
Added: wookie/trunk/wookie-server/src/main/webapp/demo/hmac-sha256.js
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/webapp/demo/hmac-sha256.js?rev=1569895&view=auto
==============================================================================
--- wookie/trunk/wookie-server/src/main/webapp/demo/hmac-sha256.js (added)
+++ wookie/trunk/wookie-server/src/main/webapp/demo/hmac-sha256.js Wed Feb 19 20:10:11 2014
@@ -0,0 +1,18 @@
+/*
+CryptoJS v3.1.2
+code.google.com/p/crypto-js
+(c) 2009-2013 by Jeff Mott. All rights reserved.
+code.google.com/p/crypto-js/wiki/License
+*/
+var CryptoJS=CryptoJS||function(h,s){var f={},g=f.lib={},q=function(){},m=g.Base={extend:function(a){q.prototype=this;var c=new q;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}},
+r=g.WordArray=m.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=s?c:4*a.length},toString:function(a){return(a||k).stringify(this)},concat:function(a){var c=this.words,d=a.words,b=this.sigBytes;a=a.sigBytes;this.clamp();if(b%4)for(var e=0;e<a;e++)c[b+e>>>2]|=(d[e>>>2]>>>24-8*(e%4)&255)<<24-8*((b+e)%4);else if(65535<d.length)for(e=0;e<a;e+=4)c[b+e>>>2]=d[e>>>2];else c.push.apply(c,d);this.sigBytes+=a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<<
+32-8*(c%4);a.length=h.ceil(c/4)},clone:function(){var a=m.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],d=0;d<a;d+=4)c.push(4294967296*h.random()|0);return new r.init(c,a)}}),l=f.enc={},k=l.Hex={stringify:function(a){var c=a.words;a=a.sigBytes;for(var d=[],b=0;b<a;b++){var e=c[b>>>2]>>>24-8*(b%4)&255;d.push((e>>>4).toString(16));d.push((e&15).toString(16))}return d.join("")},parse:function(a){for(var c=a.length,d=[],b=0;b<c;b+=2)d[b>>>3]|=parseInt(a.substr(b,
+2),16)<<24-4*(b%8);return new r.init(d,c/2)}},n=l.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var d=[],b=0;b<a;b++)d.push(String.fromCharCode(c[b>>>2]>>>24-8*(b%4)&255));return d.join("")},parse:function(a){for(var c=a.length,d=[],b=0;b<c;b++)d[b>>>2]|=(a.charCodeAt(b)&255)<<24-8*(b%4);return new r.init(d,c)}},j=l.Utf8={stringify:function(a){try{return decodeURIComponent(escape(n.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return n.parse(unescape(encodeURIComponent(a)))}},
+u=g.BufferedBlockAlgorithm=m.extend({reset:function(){this._data=new r.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=j.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var c=this._data,d=c.words,b=c.sigBytes,e=this.blockSize,f=b/(4*e),f=a?h.ceil(f):h.max((f|0)-this._minBufferSize,0);a=f*e;b=h.min(4*a,b);if(a){for(var g=0;g<a;g+=e)this._doProcessBlock(d,g);g=d.splice(0,a);c.sigBytes-=b}return new r.init(g,b)},clone:function(){var a=m.clone.call(this);
+a._data=this._data.clone();return a},_minBufferSize:0});g.Hasher=u.extend({cfg:m.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){u.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(c,d){return(new a.init(d)).finalize(c)}},_createHmacHelper:function(a){return function(c,d){return(new t.HMAC.init(a,
+d)).finalize(c)}}});var t=f.algo={};return f}(Math);
+(function(h){for(var s=CryptoJS,f=s.lib,g=f.WordArray,q=f.Hasher,f=s.algo,m=[],r=[],l=function(a){return 4294967296*(a-(a|0))|0},k=2,n=0;64>n;){var j;a:{j=k;for(var u=h.sqrt(j),t=2;t<=u;t++)if(!(j%t)){j=!1;break a}j=!0}j&&(8>n&&(m[n]=l(h.pow(k,0.5))),r[n]=l(h.pow(k,1/3)),n++);k++}var a=[],f=f.SHA256=q.extend({_doReset:function(){this._hash=new g.init(m.slice(0))},_doProcessBlock:function(c,d){for(var b=this._hash.words,e=b[0],f=b[1],g=b[2],j=b[3],h=b[4],m=b[5],n=b[6],q=b[7],p=0;64>p;p++){if(16>p)a[p]=
+c[d+p]|0;else{var k=a[p-15],l=a[p-2];a[p]=((k<<25|k>>>7)^(k<<14|k>>>18)^k>>>3)+a[p-7]+((l<<15|l>>>17)^(l<<13|l>>>19)^l>>>10)+a[p-16]}k=q+((h<<26|h>>>6)^(h<<21|h>>>11)^(h<<7|h>>>25))+(h&m^~h&n)+r[p]+a[p];l=((e<<30|e>>>2)^(e<<19|e>>>13)^(e<<10|e>>>22))+(e&f^e&g^f&g);q=n;n=m;m=h;h=j+k|0;j=g;g=f;f=e;e=k+l|0}b[0]=b[0]+e|0;b[1]=b[1]+f|0;b[2]=b[2]+g|0;b[3]=b[3]+j|0;b[4]=b[4]+h|0;b[5]=b[5]+m|0;b[6]=b[6]+n|0;b[7]=b[7]+q|0},_doFinalize:function(){var a=this._data,d=a.words,b=8*this._nDataBytes,e=8*a.sigBytes;
+d[e>>>5]|=128<<24-e%32;d[(e+64>>>9<<4)+14]=h.floor(b/4294967296);d[(e+64>>>9<<4)+15]=b;a.sigBytes=4*d.length;this._process();return this._hash},clone:function(){var a=q.clone.call(this);a._hash=this._hash.clone();return a}});s.SHA256=q._createHelper(f);s.HmacSHA256=q._createHmacHelper(f)})(Math);
+(function(){var h=CryptoJS,s=h.enc.Utf8;h.algo.HMAC=h.lib.Base.extend({init:function(f,g){f=this._hasher=new f.init;"string"==typeof g&&(g=s.parse(g));var h=f.blockSize,m=4*h;g.sigBytes>m&&(g=f.finalize(g));g.clamp();for(var r=this._oKey=g.clone(),l=this._iKey=g.clone(),k=r.words,n=l.words,j=0;j<h;j++)k[j]^=1549556828,n[j]^=909522486;r.sigBytes=l.sigBytes=m;this.reset()},reset:function(){var f=this._hasher;f.reset();f.update(this._iKey)},update:function(f){this._hasher.update(f);return this},finalize:function(f){var g=
+this._hasher;f=g.finalize(f);g.reset();return g.finalize(this._oKey.clone().concat(f))}})})();
Propchange: wookie/trunk/wookie-server/src/main/webapp/demo/hmac-sha256.js
------------------------------------------------------------------------------
svn:executable = *
Modified: wookie/trunk/wookie-server/src/main/webapp/demo/index.htm
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/webapp/demo/index.htm?rev=1569895&r1=1569894&r2=1569895&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/webapp/demo/index.htm (original)
+++ wookie/trunk/wookie-server/src/main/webapp/demo/index.htm Wed Feb 19 20:10:11 2014
@@ -21,6 +21,9 @@
<script src="jquery.min.js"></script>
<script src="wookie-connector.js"></script>
<script src="wookie.js"></script>
+ <script src="hmac-sha256.js"></script>
+ <script src="enc-base64-min.js"></script>
+
<link rel="stylesheet" href="wookie.css"></link>
<style>
#preview{
Modified: wookie/trunk/wookie-server/src/main/webapp/demo/wookie-connector.js
URL: http://svn.apache.org/viewvc/wookie/trunk/wookie-server/src/main/webapp/demo/wookie-connector.js?rev=1569895&r1=1569894&r2=1569895&view=diff
==============================================================================
--- wookie/trunk/wookie-server/src/main/webapp/demo/wookie-connector.js (original)
+++ wookie/trunk/wookie-server/src/main/webapp/demo/wookie-connector.js Wed Feb 19 20:10:11 2014
@@ -91,22 +91,29 @@ var Wookie = {
var postdata = "api_key=";
postdata = postdata + encodeURI(Wookie.connection.apiKey);
+ postdata = postdata + "&is_public=false";
+ postdata = postdata + "&nonce="+Math.random();
+ postdata = postdata + "&propertyname=";
+ postdata = postdata + encodeURI(key);
+ postdata = postdata + "&propertyvalue=";
+ postdata = postdata + encodeURI(value);
postdata = postdata + "&shareddatakey=";
postdata = postdata + encodeURI(Wookie.connection.sharedDataKey);
+ postdata = postdata + "×tamp="+new Date().toISOString();
postdata = postdata + "&userid=";
postdata = postdata + encodeURI(Wookie.currentUser.loginName);
postdata = postdata + "&widgetid=";
postdata = postdata + encodeURI(id);
- postdata = postdata + "&is_public=false";
- postdata = postdata + "&propertyname=";
- postdata = postdata + encodeURI(key);
- postdata = postdata + "&propertyvalue=";
- postdata = postdata + encodeURI(value);
- var url = Wookie.connection.url + "/properties";
+ var uri = "/properties";
+ var url = Wookie.connection.url +uri;
+ var signature = Wookie.getSignature("POST", uri, "?" + postdata);
$.ajax({
type: 'POST',
url: url,
data: postdata,
+ headers: {
+ "Authorization":signature
+ },
async: false
});
},
@@ -132,17 +139,31 @@ var Wookie = {
if (this.instances[key] === undefined) {
var postdata = "api_key=";
postdata = postdata + encodeURI(Wookie.connection.apiKey);
+
+ postdata = postdata + "&nonce="+Math.random();
+
postdata = postdata + "&shareddatakey=";
postdata = postdata + encodeURI(Wookie.connection.sharedDataKey);
+
+ postdata = postdata + "×tamp="+new Date().toISOString();
+
postdata = postdata + "&userid=";
postdata = postdata + encodeURI(Wookie.currentUser.loginName);
postdata = postdata + "&widgetid=";
postdata = postdata + encodeURI(id);
- var url = Wookie.connection.url + "/widgetinstances";
+
+ var uri = "/widgetinstances";
+ var url = Wookie.connection.url + uri;
+
+ var signature = Wookie.getSignature("POST", uri, "?" + postdata);
+
$.ajax({
type: 'POST',
url: url,
data: postdata,
+ headers: {
+ "Authorization":signature
+ },
success: function(doc) {
url = $(doc).find("url").text();
title = $(doc).find("title").text();
@@ -162,25 +183,35 @@ var Wookie = {
var postdata = "api_key=";
postdata = postdata + encodeURI(Wookie.connection.apiKey);
- postdata = postdata + "&shareddatakey=";
- postdata = postdata + encodeURI(Wookie.connection.sharedDataKey);
- postdata = postdata + "&userid=";
- postdata = postdata + encodeURI(Wookie.currentUser.loginName);
- postdata = postdata + "&widgetid=";
- postdata = postdata + encodeURI(id);
- postdata = postdata + "&participant_role=";
- postdata = postdata + encodeURI(Wookie.currentUser.role);
+ postdata = postdata + "&nonce="+Math.random();
postdata = postdata + "&participant_display_name=";
postdata = postdata + encodeURI(Wookie.currentUser.screenName);
postdata = postdata + "&participant_id=";
postdata = postdata + encodeURI(Wookie.currentUser.loginName);
+ postdata = postdata + "&participant_role=";
+ postdata = postdata + encodeURI(Wookie.currentUser.role);
postdata = postdata + "&participant_thumbnail_url=";
postdata = postdata + encodeURI(Wookie.currentUser.thumbnailUrl);
- var url = Wookie.connection.url + "/participants";
+ postdata = postdata + "&shareddatakey=";
+ postdata = postdata + encodeURI(Wookie.connection.sharedDataKey);
+ postdata = postdata + "×tamp="+new Date().toISOString();
+ postdata = postdata + "&userid=";
+ postdata = postdata + encodeURI(Wookie.currentUser.loginName);
+ postdata = postdata + "&widgetid=";
+ postdata = postdata + encodeURI(id);
+
+ var uri = "/participants";
+ var url = Wookie.connection.url + uri;
+
+ var signature = Wookie.getSignature("POST", uri, "?" + postdata);
+
$.ajax({
type: 'POST',
url: url,
data: postdata,
+ headers: {
+ "Authorization":signature
+ },
success: function(data) {
},
async: false
@@ -189,6 +220,16 @@ var Wookie = {
return Wookie.instances[key];
},
+ getSignature: function(method, uri, query){
+ var host = Wookie.connection.host
+ var data = method + "\n";
+ data = data + host + "\n";
+ data = data + Wookie.connection.url + uri + "\n";
+ data = data + query.toLowerCase();
+ var hash = CryptoJS.HmacSHA256(data, Wookie.connection.secret).toString(CryptoJS.enc.Base64);
+ return Wookie.connection.apiKey + " " + hash;
+ },
+
setCurrentUser: function(loginName, screenName, thumbnailUrl, role){
var user = {};
user.loginName = loginName;
@@ -202,9 +243,11 @@ var Wookie = {
Wookie.currentUser = user;
},
- configureConnection: function(url, apiKey, sharedDataKey){
+ configureConnection: function(url, apiKey, sharedDataKey, secret, host){
Wookie.connection = {};
+
+
if (!url || typeof url === "undefined") {
Wookie.connection.url = "/wookie";
} else {
@@ -217,6 +260,22 @@ var Wookie = {
Wookie.connection.apiKey = apiKey;
}
+ if (!secret || typeof secret === "undefined"){
+ Wookie.connection.secret = "test@127.0.0.1";
+ } else {
+ Wookie.connection.secret = secret;
+ }
+
+ if (!host || typeof host === "undefined"){
+ if (url.lastIndexOf("http://",0)===0){
+ Wookie.connection.host = url.split("http://")[1];
+ } else {
+ Wookie.connection.host = "localhost:8080";
+ }
+ } else {
+ Wookie.connection.host = host;
+ }
+
if (!sharedDataKey || typeof sharedDataKey === "undefined") {
Wookie.connection.sharedDataKey = "mysharedkey";
} else {