var crypto = require('crypto') , qs = require('querystring') ; function sha1 (key, body) { return crypto.createHmac('sha1', key).update(body).digest('base64') } function rfc3986 (str) { return encodeURIComponent(str) .replace(/!/g,'%21') .replace(/\*/g,'%2A') .replace(/\(/g,'%28') .replace(/\)/g,'%29') .replace(/'/g,'%27') ; } function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret, body) { // adapted from https://dev.twitter.com/docs/auth/oauth var base = (httpMethod || 'GET') + "&" + encodeURIComponent( base_uri ) + "&" + Object.keys(params).sort().map(function (i) { // big WTF here with the escape + encoding but it's what twitter wants return escape(rfc3986(i)) + "%3D" + escape(rfc3986(params[i])) }).join("%26") var key = encodeURIComponent(consumer_secret) + '&' if (token_secret) key += encodeURIComponent(token_secret) return sha1(key, base) } exports.hmacsign = hmacsign exports.rfc3986 = rfc3986