Skip to content

Instantly share code, notes, and snippets.

@timborden
Last active May 26, 2016 01:33
Show Gist options
  • Save timborden/300f67be553be17b054a to your computer and use it in GitHub Desktop.
Save timborden/300f67be553be17b054a to your computer and use it in GitHub Desktop.
Simple Node.js Xero OAuth implementation for Private, Public or Partner applications
"use strict";
var restify = require('restify');
var fs = require('fs');
var request = require('request');
var qs = require('qs');
var GET_request = function (req, res, next) {
var options = {
url: process.env.XERO_REQUEST_URL,
cert: fs.readFileSync('certs/xero-public-cert.pem'),
key: fs.readFileSync('certs/xero-private-key.pem'),
oauth: {
signature_method: (process.env.XERO_APP_TYPE == 'public' ? 'HMAC-SHA1' : 'RSA-SHA1'),
consumer_key: process.env.XERO_CONSUMER_KEY,
consumer_secret: (process.env.XERO_APP_TYPE == 'public' ? process.env.XERO_CONSUMER_SECRET : fs.readFileSync('certs/oauth-private-key.pem')),
callback: process.env.APP_URL+'/integrations/xero/access',
}
};
request.post(options, function(error, response, body){
body = qs.parse(body);
/* Log in DB
DB.oauth_token = body.oauth_token
DB.oauth_token_secret = body.oauth_token_secret
*/
res.redirect(process.env.XERO_AUTHORIZE_URL+body.oauth_token, next);
});
};
var GET_access = function (req, res, next) {
if (!('oauth_token' in req.params))
return next(new restify.MissingParameterError());
/* Find in DB using:
DC.oauth_token == req.params.oauth_token
*/
var options = {
url: process.env.XERO_ACCESS_URL,
cert: fs.readFileSync('certs/xero-public-cert.pem'),
key: fs.readFileSync('certs/xero-private-key.pem'),
oauth: {
signature_method: (process.env.XERO_APP_TYPE == 'public' ? 'HMAC-SHA1' : 'RSA-SHA1'),
consumer_key: process.env.XERO_CONSUMER_KEY,
consumer_secret: (process.env.XERO_APP_TYPE == 'public' ? process.env.XERO_CONSUMER_SECRET : fs.readFileSync('certs/oauth-private-key.pem')),
token: DB.oauth_token,
token_secret: DB.oauth_token_secret,
verifier: req.params.oauth_verifier
},
timeout: 120000
};
request.post(options, function(error, response, body){
body = qs.parse(body);
/* Log in DB
DB.oauth_verifier = req.params.oauth_verifier
DB.oauth_access_token = body.oauth_token
DB.oauth_access_token_secret = body.oauth_token_secret
DB.oauth_session_handle = body.oauth_session_handle
DB.xero_org_id = req.params.org
*/
var options = {
url: process.env.XERO_API_URL+'/Organisation',
cert: fs.readFileSync('certs/xero-public-cert.pem'),
key: fs.readFileSync('certs/xero-private-key.pem'),
oauth: {
signature_method: (process.env.XERO_APP_TYPE == 'public' ? 'HMAC-SHA1' : 'RSA-SHA1'),
consumer_key: process.env.XERO_CONSUMER_KEY,
consumer_secret: (process.env.XERO_APP_TYPE == 'public' ? process.env.XERO_CONSUMER_SECRET : fs.readFileSync('certs/oauth-private-key.pem')),
token: DB.oauth_access_token,
token_secret: DB.oauth_access_token_secret
},
json: true
};
request.get(options, function(error, response, body){
console.log(body);
res.redirect(process.env.APP_URL+"/connected", next);
});
});
};
var GET_refresh = function (req, res, next) {
/* Find in DB */
var options = {
url: process.env.XERO_ACCESS_URL,
cert: fs.readFileSync('certs/xero-public-cert.pem'),
key: fs.readFileSync('certs/xero-private-key.pem'),
oauth: {
signature_method: (process.env.XERO_APP_TYPE == 'public' ? 'HMAC-SHA1' : 'RSA-SHA1'),
consumer_key: process.env.XERO_CONSUMER_KEY,
consumer_secret: (process.env.XERO_APP_TYPE == 'public' ? process.env.XERO_CONSUMER_SECRET : fs.readFileSync('certs/oauth-private-key.pem')),
token: DB.oauth_access_token,
token_secret: DB.oauth_access_token_secret,
oauth_session_handle: DB.oauth_session_handle
},
timeout: 120000
};
request.post(options, function(error, response, body){
body = qs.parse(body);
/* Log in DB
DB.oauth_access_token = body.oauth_access_token
DB.oauth_access_token_secret = body.oauth_access_token_secret
DB.oauth_session_handle = body.oauth_session_handle
*/
res.redirect(process.env.APP_URL+"/connected", next);
});
};
module.exports = function(server){
server.get('/auth/xero/request',
GET_request
);
server.get('/auth/xero/access',
restify.queryParser(),
GET_access
);
server.get('/auth/xero/refresh',
restify.queryParser(),
GET_refresh
);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment