I am trying to implement a simple HTTP proxy that will only try to perform basic auth on the target host.
So far I have the following:
var http = require('http');
const my_proxy = http.createServer(function(request, response) {
console.log(request.connection.remoteAddress + ": " + request.method + " " + request.url);
const options = {
port: 80
, host: request.headers['host']
, method: request.method
, path: request.url
, headers: request.headers
, auth : 'real_user:real_password'
}
};
var proxy_request = http.request(options);
proxy_request.on('response', function (proxy_response) {
proxy_response.on('data', function(chunk) {
response.write(chunk, 'binary');
});
proxy_response.on('end', function() {
response.end();
});
response.writeHead(proxy_response.statusCode, proxy_response.headers);
});
request.on('data', function(chunk) {
proxy_request.write(chunk, 'binary');
});
request.on('end', function() {
proxy_request.end();
});
});
my_proxy.listen(8080);
However, "auth : 'real_user:real_password'" doesn't seem to do anything. Also have tried:
...
auth: {
user: real_user,
pass: real_pass
}
...
You have to generate the auth header
var username = 'Test';
var password = '123';
var auth = 'Basic ' + new Buffer(username + ':' + password).toString('base64');
// auth is: 'Basic VGVzdDoxMjM='
var header = {'Host': 'www.example.com', 'Authorization': auth};
var request = client.request('GET', '/', header);
DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the
var username = 'Test';
var password = '123';
// Deprecated
// var auth = 'Basic ' + new Buffer(username + ':' + password).toString('base64');
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
// auth is: 'Basic VGVzdDoxMjM='
var header = {'Host': 'www.example.com', 'Authorization': auth};
var request = client.request('GET', '/', header);
Related
I'm trying to access the authorization server that i have in okta, so i can see the users profile (in this case the user first name and favorite color )from the alexa skill but keep getting an error.
i just want to retrieve the user info (claims in okta name/color).i already set up the account linking in alexa, so there is probably an easier approach since the clientID and clientSecret is already configured.
Error message
{
"error": "access_denied",
"error_description": "The requested feature is not enabled in this environment."
}
is this something i have to enable in okta? can i do it in okta developers console with the free tier?
Code
function validateAccessToken(token, callback) {
console.log("token: ", token);
//start
var clientId = '**okta open id connect client id generated earlier**';
var clientSecret = '**okta open id connect client secret generated earlier**';
var auth = "Basic " + new Buffer.from(clientId + ":" + clientSecret).toString("base64");
var https = require('https');
var tokenParam = '?token=' + token;
var tokenHintParam = '&token_type_hint=access_token';
var tokenQuery = tokenParam + tokenHintParam;
var optionspost = {
host: '**your okta org**.oktapreview.com',
port: 443,
path: '/oauth2/**your authorization server id**/v1/introspect' + tokenQuery,
method: 'POST',
headers: {
'Authorization': auth,
'Accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded'
}
};
console.log(optionspost);
var jsonResponseUser;
var firstName;
var favoriteColor;
console.log("pre Req Post");
var jsonObject;
var reqPost = https.request(optionspost, function(res) {
console.log("statusCode: ", res.statusCode);
// uncomment it for header details
console.log("headers: ", res.headers);
res.on('data', function(d) {
console.info('POST result:\n');
process.stdout.write(d);
console.info('\n\nPOST completed');
jsonResponseUser = JSON.parse(d);
firstName = jsonResponseUser['FirstNameClaim'];
favoriteColor = jsonResponseUser['FavoriteColorClaim'];
let responseVoice = firstName + '\'s Favorite Color is ' + favoriteColor;
console.log("responseVoice :" + responseVoice);
callback(responseVoice);
});
});
reqPost.end();
reqPost.on('error', function(e) {
console.error(e);
});
}
const FavoriteColorHandler = {
canHandle(handlerInput) {
const request = handlerInput.requestEnvelope.request;
return request.type === 'IntentRequest' &&
request.intent.name === 'FavoriteColorIntent';
},
handle(handlerInput) {
let favoriteColor = '';
let request = handlerInput.requestEnvelope.request;
console.log(handlerInput.requestEnvelope.context.System.user.accessToken);
let token = handlerInput.requestEnvelope.context.System.user.accessToken;
return new Promise((resolve) => {
validateAccessToken(token, function(result) {
// setTimeout(1000000000000);
console.log("inside Opp Handler, responseVoice: " + result);
resolve(handlerInput.responseBuilder.speak(result).getResponse());
});
});
},
};
There are how I generate options for the request to the server:
function multipartFormData(params, url, key, nonce, signature) {
var boundary = '----WebKitFormBoundary' + nonce;
var bodyString = [];
bodyString.push(
'--' + boundary,
'Content-Disposition: form-data; name="document"; filename="image.png"',
'Content-Type: image/png',
'',
fs.createReadStream('image/image.png')
);
bodyString.push('--' + boundary + '--','');
var content = bodyString.join('\r\n');
return {
formData: content,
url: url + '/',
headers: {
'Content-Type': 'multipart/form-data; boundary=' + boundary,
'Apiauth-Key': key,
'Apiauth-Nonce': nonce,
'Apiauth-Signature': signature,
'Content-Length': content.length
}
}
}
There are the signature hash authentication key:
function getMessageSignature(path, params, nonce) {
var data_params = params;
var boundary = '----WebKitFormBoundary' + nonce;
var postParameters = querystring.stringify(data_params);
var path = '/api' + path + '/';
let message = nonce + config.key + path + 'POSTmultipart/form-data; boundary=' + boundary + 'image.png';
var auth_hash = crypto.createHmac("sha256", config.secret).update(message).digest('hex').toUpperCase();
return auth_hash;
}
So then I just do my request:
function Client(key, secret) {
var nonce = new Date() * 1000;
var config = {
url: 'https://somesite/api',
key: key,
secret: secret
};
// there is other all functions, 2 of them i have already written on top
var signature = getMessageSignature(path, params, nonce);
var options = multipartFormData(params, config.url, config.key, nonce, signature);
request.post(options, function(error, response, body) {
...
}
}
I am getting this error in the request body.error :
message: 'HMAC authentication key and signature was given, but they
are invalid
I want to get result by HTTP request in which I would like to know how can I parse the post parameter in the same and get the result.
var http = require("http");
var email = "email";
var password = '12345';
var response_string='010000000157065146a6b32b224b87d47c1b0283b1ae2fa5bd4f9af9ebc45928110f87fbae00000000700';
var post_params="jsonrpc= 1.0&id=curltest&method=decoderawtransaction¶ms="+response_string;
http.request({
host: "127.0.0.1",
port:"8332",
path:"/path",
method: "POST",
headers: {
"Authorization": "Basic " + new Buffer( email + ":" + password ).toString('base64')
}
}, function(res){
var response = "";
res.on('data', function(chunk){
response += chunk;
console.log("res"+response);
});
res.on('end',function(){
response = JSON.parse(response);
console.log("res1"+response);
});
}).end();
How can i parse the post_params variable in request.
I can write this Instagram API call using jQuery, but I'm not sure how to get Node and/or socket to do the same. Any help?
function getData(url){
$.ajax({
url: url,
dataType :"jsonp",
success: function(data){
console.log('success');
console.log(data);
}
});
}
var tag = "myTag";
var accessToken = "myAccessToken"
var url = 'https://api.instagram.com/v1/tags/' + tag + '/media/recent?access_token=' + accessToken + '&callback=callBackFunction';
getData(url);
Another way to do this would be to use request module
var request = require('request');
request('your url',function(error,response,body){
//body will contain the response from the api endpoint.
});
This should work as you would like it to (adding some extra STATUS, HEADERS and BODY markers) :
var http = require('http');
var myhost = "https://api.instagram.com/";
var tag = "myTag";
var accessToken = "myAccessToken"
var myurl = tag + '/media/recent?access_token=' + accessToken + '&callback=callBackFunction';
var options = {
hostname: myhost,
port: 80,
path: myurl,
method: 'GET'
};
var req = http.request(options, function(res) {
console.log('STATUS: ' + res.statusCode);
console.log('HEADERS: ' + JSON.stringify(res.headers));
res.setEncoding('utf8');
res.on('data', function (chunk) {
console.log('BODY: ' + chunk);
});
});
I'm trying to upload video to youtube programatically. I chose to use Node.js for the task.
I get an XML response as well as an HTTP Status Code of 201 and I see the video appear in video manager, however the video always has the message "Failed (unable to convert video file)".
I can upload the file through YouTube's own uploader on their page and there are no problems. I only have to upload to a single account, so I set up the OAuth2 for the account and stored the refresh token. The refresh token is hard-coded, though I replace it with a variable below.
Does the refresh token need to, itself, be refreshed?
My code:
var qs = require('querystring'),
https = require('https'),
fs = require('fs');
var p_data = qs.stringify({
client_id: myClientID,
client_secret: myClientSecret,
refresh_token: refreshTokenForAccount,
grant_type: 'refresh_token'
});
var p_options = {
host: 'accounts.google.com',
port: '443',
method: 'POST',
path: '/o/oauth2/token',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': p_data.length,
'X-GData-Key': myDeveloperKey
}
};
var file_path = process.argv[1] || "video.mp4";
var json = "";
var p_req = https.request(p_options, function(resp){
resp.setEncoding( 'utf8' );
resp.on('data', function( chunk ){
json += chunk;
});
resp.on("end", function(){
debugger;
var access_token = JSON.parse(json).access_token;
var title="test upload1",
description="Second attempt at an API video upload",
keywords="",
category="Comedy";
var file_reader = fs.createReadStream(file_path, {encoding: 'binary'});
var file_contents = '';
file_reader.on('data', function(data)
{
file_contents += data;
});
file_reader.on('end', function()
{
var xml =
'<?xml version="1.0"?>' +
'<entry xmlns="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/" xmlns:yt="http://gdata.youtube.com/schemas/2007">' +
' <media:group>' +
' <media:title type="plain">' + title + '</media:title>' +
' <media:description type="plain">' + description + '</media:description>' +
' <media:category scheme="http://gdata.youtube.com/schemas/2007/categories.cat">' + category + '</media:category>' +
' <media:keywords>' + keywords + '</media:keywords>' +
' </media:group>' +
'</entry>';
var boundary = Math.random();
var post_data = [];
var part = '';
part = "--" + boundary + "\r\nContent-Type: application/atom+xml; charset=UTF-8\r\n\r\n" + xml + "\r\n";
post_data.push(new Buffer(part, "utf8"));
part = "--" + boundary + "\r\nContent-Type: video/mp4\r\nContent-Transfer-Encoding: binary\r\n\r\n";
post_data.push(new Buffer(part, 'utf8'));
post_data.push(new Buffer(file_contents, 'binary'));
post_data.push(new Buffer("\r\n--" + boundary + "--\r\n\r\n", 'utf8'));
var post_length = 0;
for(var i = 0; i < post_data.length; i++)
{
post_length += post_data[i].length;
}
var options = {
host: 'uploads.gdata.youtube.com',
port: 443,
path: '/feeds/api/users/default/uploads',
method: 'POST',
headers: {
'Authorization': 'Bearer ' + access_token,
'X-GData-Key': myDeveloperKey,
'Slug': 'video.mp4',
'Content-Type': 'multipart/related; boundary="' + boundary + '"',
'Content-Length': post_length,
'Connection': 'close'
}
}
var req = https.request(options, function(res)
{
res.setEncoding('utf8');
console.dir(res.statusCode);
console.dir(res.headers);
var response = '';
res.on('data', function(chunk)
{
response += chunk;
});
res.on('end', function()
{
console.log( "We got response: " );
console.log(response);
});
});
for (var i = 0; i < post_data.length; i++)
{
req.write(post_data[i]);
}
req.on('error', function(e) {
console.error(e);
});
req.end();
});
});
});
p_req.write(p_data);
p_req.end();
The problem was in the file being uploaded.
This line: var file_path = process.argv[1] || "video.mp4"; should have been var file_path = process.argv[2] || "video.mp4";
Note argv[1] is the absolute path to the script being run, argv[2] is the first command line argument passed to the script.
Of course YouTube would fail to convert the "video", it wasn't video at all it was the script being run.