tstachl/ENV

## ENV
BASE_URL:        https://desk-oauth-express.herokuapp.com
CONSUMER_KEY:    MY_CONSUMER_KEY
CONSUMER_SECRET: MY_CONSUMER_SECRET
SESSION_SECRET:  MY_SESSION_SECRET

## index.jade
doctype html
html(lang="en")
  head
    meta(charset="utf-8")
    meta(http-equiv="X-UA-Compatible" content="IE=edge")
    meta(name="viewport" content="width=device-width, initial-scale=1")
    title!= title
    link(href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet")
    link(href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet")
    link(href="//maxcdn.bootstrapcdn.com/bootswatch/3.2.0/slate/bootstrap.min.css", rel="stylesheet")
  body
    div.navbar.navbar.navbar-fixed-top(role="navigation")
      div.container
        div.navbar-header
          button.navbar-toggle.collapsed(type="button" data-toggle="collapse" data-target=".navbar-collapse")
            span.sr-only Toggle navigation
            span.icon-bar
            span.icon-bar
            span.icon-bar
          a.navbar-brand(href="/") #{title}
        div.navbar-collapse.collapse
          if !logged_in
            form.navbar-form.navbar-right(role="form" method="post" action="/")
              div.form-group
                div.input-group
                  div.input-group-addon https://
                  input.form-control.input-sm(type="text" name="site" placeholder="devel.desk.com")
              button.btn.btn-success.btn-sm(type="submit") Sign in
          else
            form.navbar-form.navbar-right(role="form" method="get" action="/logout")
              button.btn.btn-danger.btn-sm.navbar-right(type="submit") Logout

    div.jumbotron
      div.container
        h1!= message
        p This is a template for a simple marketing or informational website. It includes a large callout called a jumbotron and three supporting pieces of content. Use it as a starting point to create something more unique.
        p
          a.btn.btn-primary.btn-lg(href="#" role="button") Learn more &raquo;

    div.container
      div.row
        div.col-md-4
          h2 Heading
          p Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui.
          p
            a.btn.btn-default(href="#" role="button") View details &raquo;
        div.col-md-4
          h2 Heading
          p Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui.
          p
            a.btn.btn-default(href="#" role="button") View details &raquo;
        div.col-md-4
          h2 Heading
          p Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui.
          p
            a.btn.btn-default(href="#" role="button") View details &raquo;
    script(src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js")
    script(src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js")

## index.js
var express = require('express');
var session = require('express-session');
var OAuth   = require('oauth').OAuth;
var app     = express();

app.set('base_url', process.env.BASE_URL);
app.set('consumer_key', process.env.CONSUMER_KEY);
app.set('consumer_secret', process.env.CONSUMER_SECRET);
app.set('session_secret', process.env.SESSION_SECRET);
app.set('title', 'OAuth 1.0a Test');
app.set('views', './');
app.set('view engine', 'jade');

app.engine('jade', require('jade').__express);

app.use(require('body-parser').urlencoded({ extended: false }));
app.use(session({ secret: app.get('session_secret') }));

app.get('/', function(req, res) {
  if (req.session.oauth && req.session.access_token) {
    var oauth = new OAuth(
      req.session.oauth._requestUrl,
      req.session.oauth._accessUrl,
      req.session.oauth._consumerKey,
      req.session.oauth._consumerSecret,
      req.session.oauth._version,
      req.session.oauth._authorize_callback,
      req.session.oauth._signatureMethod
    );

    oauth.getProtectedResource(
      req.session.base_url + '/api/v2/users/me',
      'GET',
      req.session.access_token,
      req.session.access_token_secret,
      function(err, data, response) {
        if (err) {
          console.error(err);
          req.session.destroy(function(err) {
            if (err) console.error(err);
            res.redirect('/');
          });
        }

        data = JSON.parse(data);
        res.render('index', { title: app.get('title'), message: 'Welcome ' + data.public_name, logged_in: true, data: data });
      }
    )
  } else {
    res.render('index', { title: app.get('title'), message: 'Welcome Guest', logged_in: false });
  }
});

app.get('/logout', function(req, res) {
  req.session.destroy(function(err) {
    if (err) console.error(err);
    res.redirect('/');
  });
});

app.get('/callback', function(req, res) {
  var oauth = new OAuth(
    req.session.oauth._requestUrl,
    req.session.oauth._accessUrl,
    req.session.oauth._consumerKey,
    req.session.oauth._consumerSecret,
    req.session.oauth._version,
    req.session.oauth._authorize_callback,
    req.session.oauth._signatureMethod
  );

  oauth.getOAuthAccessToken(
    req.session.oauth_token,
    req.session.oauth_token_secret,
    req.param('oauth_verifier'),
    function(err, oauth_access_token, oauth_access_token_secret, results) {
      if (err) {
        // log the error
        console.error(err);
      } else {
        // store token and secret to session
        req.session.access_token = oauth_access_token;
        req.session.access_token_secret = oauth_access_token_secret;
      }
      // redirect to homepage
      res.redirect('/');
    }
  )
});

app.post('/', function(req, res) {
  req.session.base_url = 'https://' + req.body.site;

  console.log(app.get('consumer_key'));
  console.log(app.get('consumer_secret'));
  console.log(app.get('base_url'));

  var oauth = new OAuth(
    req.session.base_url + '/oauth/request_token',
    req.session.base_url + '/oauth/access_token',
    app.get('consumer_key'),
    app.get('consumer_secret'),
    '1.0A',
    app.get('base_url') + '/callback',
    'HMAC-SHA1'
  );

  oauth.getOAuthRequestToken(function(err, oauth_token, oauth_token_secret, results) {
    if (err) {
      // log the error and redirect to homepage
      console.error(err);
      res.redirect('/');
    } else {
      // store token and secret to session
      req.session.oauth = oauth;
      req.session.oauth_token = oauth_token;
      req.session.oauth_token_secret = oauth_token_secret;
      // redirect to authorize
      res.redirect(req.session.base_url + '/oauth/authorize?oauth_token=' + oauth_token);
    }
  })
});

var server = app.listen(process.env.PORT || 3000, function() {
  console.log('Listening on port %d', server.address().port);
});

## package.json
{
  "name": "desk_oauth",
  "version": "0.0.0",
  "description": "A test project implementing desk oauth 1.0a in a js application.",
  "main": "index.js",
  "scripts": {
    "production": "node index.js",
    "development": "nodemon index.js",
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "private": true,
  "author": "Thomas Stachl <thomas@stachl.me> (http://stachl.me/)",
  "license": "MIT",
  "devDependencies": {
    "nodemon": "^1.2.1"
  },
  "dependencies": {
    "body-parser": "^1.9.0",
    "express": "^4.9.4",
    "express-session": "^1.8.2",
    "jade": "^1.7.0",
    "oauth": "^0.9.12"
  }
}
	BASE_URL: https://desk-oauth-express.herokuapp.com
	CONSUMER_KEY: MY_CONSUMER_KEY
	CONSUMER_SECRET: MY_CONSUMER_SECRET
	SESSION_SECRET: MY_SESSION_SECRET
	doctype html
	html(lang="en")
	head
	meta(charset="utf-8")
	meta(http-equiv="X-UA-Compatible" content="IE=edge")
	meta(name="viewport" content="width=device-width, initial-scale=1")
	title!= title
	link(href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet")
	link(href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet")
	link(href="//maxcdn.bootstrapcdn.com/bootswatch/3.2.0/slate/bootstrap.min.css", rel="stylesheet")
	body
	div.navbar.navbar.navbar-fixed-top(role="navigation")
	div.container
	div.navbar-header
	button.navbar-toggle.collapsed(type="button" data-toggle="collapse" data-target=".navbar-collapse")
	span.sr-only Toggle navigation
	span.icon-bar
	span.icon-bar
	span.icon-bar
	a.navbar-brand(href="/") #{title}
	div.navbar-collapse.collapse
	if !logged_in
	form.navbar-form.navbar-right(role="form" method="post" action="/")
	div.form-group
	div.input-group
	div.input-group-addon https://
	input.form-control.input-sm(type="text" name="site" placeholder="devel.desk.com")
	button.btn.btn-success.btn-sm(type="submit") Sign in
	else
	form.navbar-form.navbar-right(role="form" method="get" action="/logout")
	button.btn.btn-danger.btn-sm.navbar-right(type="submit") Logout

	div.jumbotron
	div.container
	h1!= message
	p This is a template for a simple marketing or informational website. It includes a large callout called a jumbotron and three supporting pieces of content. Use it as a starting point to create something more unique.
	p
	a.btn.btn-primary.btn-lg(href="#" role="button") Learn more »

	div.container
	div.row
	div.col-md-4
	h2 Heading
	p Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui.
	p
	a.btn.btn-default(href="#" role="button") View details »
	div.col-md-4
	h2 Heading
	p Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui.
	p
	a.btn.btn-default(href="#" role="button") View details »
	div.col-md-4
	h2 Heading
	p Donec id elit non mi porta gravida at eget metus. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus. Etiam porta sem malesuada magna mollis euismod. Donec sed odio dui.
	p
	a.btn.btn-default(href="#" role="button") View details »
	script(src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js")
	script(src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js")
	var express = require('express');
	var session = require('express-session');
	var OAuth = require('oauth').OAuth;
	var app = express();

	app.set('base_url', process.env.BASE_URL);
	app.set('consumer_key', process.env.CONSUMER_KEY);
	app.set('consumer_secret', process.env.CONSUMER_SECRET);
	app.set('session_secret', process.env.SESSION_SECRET);
	app.set('title', 'OAuth 1.0a Test');
	app.set('views', './');
	app.set('view engine', 'jade');

	app.engine('jade', require('jade').__express);

	app.use(require('body-parser').urlencoded({ extended: false }));
	app.use(session({ secret: app.get('session_secret') }));

	app.get('/', function(req, res) {
	if (req.session.oauth && req.session.access_token) {
	var oauth = new OAuth(
	req.session.oauth._requestUrl,
	req.session.oauth._accessUrl,
	req.session.oauth._consumerKey,
	req.session.oauth._consumerSecret,
	req.session.oauth._version,
	req.session.oauth._authorize_callback,
	req.session.oauth._signatureMethod
	);

	oauth.getProtectedResource(
	req.session.base_url + '/api/v2/users/me',
	'GET',
	req.session.access_token,
	req.session.access_token_secret,
	function(err, data, response) {
	if (err) {
	console.error(err);
	req.session.destroy(function(err) {
	if (err) console.error(err);
	res.redirect('/');
	});
	}

	data = JSON.parse(data);
	res.render('index', { title: app.get('title'), message: 'Welcome ' + data.public_name, logged_in: true, data: data });
	}
	)
	} else {
	res.render('index', { title: app.get('title'), message: 'Welcome Guest', logged_in: false });
	}
	});

	app.get('/logout', function(req, res) {
	req.session.destroy(function(err) {
	if (err) console.error(err);
	res.redirect('/');
	});
	});

	app.get('/callback', function(req, res) {
	var oauth = new OAuth(
	req.session.oauth._requestUrl,
	req.session.oauth._accessUrl,
	req.session.oauth._consumerKey,
	req.session.oauth._consumerSecret,
	req.session.oauth._version,
	req.session.oauth._authorize_callback,
	req.session.oauth._signatureMethod
	);

	oauth.getOAuthAccessToken(
	req.session.oauth_token,
	req.session.oauth_token_secret,
	req.param('oauth_verifier'),
	function(err, oauth_access_token, oauth_access_token_secret, results) {
	if (err) {
	// log the error
	console.error(err);
	} else {
	// store token and secret to session
	req.session.access_token = oauth_access_token;
	req.session.access_token_secret = oauth_access_token_secret;
	}
	// redirect to homepage
	res.redirect('/');
	}
	)
	});

	app.post('/', function(req, res) {
	req.session.base_url = 'https://' + req.body.site;

	console.log(app.get('consumer_key'));
	console.log(app.get('consumer_secret'));
	console.log(app.get('base_url'));

	var oauth = new OAuth(
	req.session.base_url + '/oauth/request_token',
	req.session.base_url + '/oauth/access_token',
	app.get('consumer_key'),
	app.get('consumer_secret'),
	'1.0A',
	app.get('base_url') + '/callback',
	'HMAC-SHA1'
	);

	oauth.getOAuthRequestToken(function(err, oauth_token, oauth_token_secret, results) {
	if (err) {
	// log the error and redirect to homepage
	console.error(err);
	res.redirect('/');
	} else {
	// store token and secret to session
	req.session.oauth = oauth;
	req.session.oauth_token = oauth_token;
	req.session.oauth_token_secret = oauth_token_secret;
	// redirect to authorize
	res.redirect(req.session.base_url + '/oauth/authorize?oauth_token=' + oauth_token);
	}
	})
	});

	var server = app.listen(process.env.PORT \|\| 3000, function() {
	console.log('Listening on port %d', server.address().port);
	});
	{
	"name": "desk_oauth",
	"version": "0.0.0",
	"description": "A test project implementing desk oauth 1.0a in a js application.",
	"main": "index.js",
	"scripts": {
	"production": "node index.js",
	"development": "nodemon index.js",
	"test": "echo \"Error: no test specified\" && exit 1"
	},
	"private": true,
	"author": "Thomas Stachl <thomas@stachl.me> (http://stachl.me/)",
	"license": "MIT",
	"devDependencies": {
	"nodemon": "^1.2.1"
	},
	"dependencies": {
	"body-parser": "^1.9.0",
	"express": "^4.9.4",
	"express-session": "^1.8.2",
	"jade": "^1.7.0",
	"oauth": "^0.9.12"
	}
	}