This repository has been archived by the owner on Jul 11, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 38
/
Copy pathindex.js
94 lines (83 loc) · 2.2 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/**
* Cannonball Web Server.
* Romain Huet
* @romainhuet
*/
var express = require('express');
var router = express.Router();
var fs = require('fs');
var nconf = require('nconf');
var url = require('url');
var request = require('request');
var authorization = require('auth-header');
/**
* GET Cannonball home page.
*/
router.get('/', function (req, res, next) {
res.render('index', {
DIGITS_CONSUMER_KEY: nconf.get('DIGITS_CONSUMER_KEY'),
GA_TRACKING_ID: nconf.get('GA_TRACKING_ID')
});
});
/**
* POST Digits login.
*/
router.post('/digits', function (req, res) {
var apiUrl = req.body['apiUrl']
var credentials = req.body['credentials']
var verified = true;
var messages = [];
// Get authorization header.
var auth = authorization.parse(credentials);
// OAuth authentication not provided.
if (auth.scheme != 'OAuth') {
verified = false;
messages.push('Invalid auth type.');
}
// Verify the OAuth consumer key.
if (auth.params.oauth_consumer_key != nconf.get('DIGITS_CONSUMER_KEY')) {
verified = false;
messages.push('The Digits API key does not match.');
}
// Verify the hostname.
var hostname = url.parse(req.body.apiUrl).hostname;
if (hostname != 'api.digits.com' && hostname != 'api.twitter.com') {
verified = false;
messages.push('Invalid API hostname.');
}
// Do not perform the request if the API key or hostname are not verified.
if (!verified) {
return res.send({
phoneNumber: "",
userID: "",
error: messages.join(' ')
});
}
// Prepare the request to the Digits API.
var options = {
url: apiUrl,
headers: {
'Authorization': credentials
}
};
// Perform the request to the Digits API.
request.get(options, function (error, response, body) {
if (!error && response.statusCode == 200) {
// Send the verified phone number and Digits user ID.
var digits = JSON.parse(body)
return res.send({
phoneNumber: digits.phone_number,
userID: digits.id_str,
error: ''
});
} else {
// Send the error.
return res.send({
phoneNumber: '',
userID: '',
error: error.message
});
}
});
});
module.exports = router;