Runscope OAuth signature generator (Pre-request Scripts)

OAuth.js

/*
This snippet uses variables.get() for oauth token/secret which means
you need to store those in the Shared Environment as a raw text.
OR you may also want to consider using get_secret() instead.
*/
const oauth_consumer_key = variables.get("oauth_consumer_key");
const oauth_consumer_secret = variables.get("oauth_consumer_secret");
const oauth_token = variables.get("oauth_token");
const oauth_secret = variables.get("oauth_secret");
const oauth_signing_key = oauth_consumer_secret + '&' + oauth_secret;

// create random oauth_nonce string
const random_source = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
var oauth_nonce = '';
for (var i = 0; i < 32; i++) {
    oauth_nonce += random_source.charAt(Math.floor(Math.random() * random_source.length));
}

const oauth_parameter_string_object = {};
oauth_parameter_string_object.oauth_consumer_key = oauth_consumer_key;
oauth_parameter_string_object.oauth_token = oauth_token;
oauth_parameter_string_object.oauth_nonce = encodeURIComponent(encode_base64(oauth_nonce));
oauth_parameter_string_object.oauth_signature_method = 'HMAC-SHA1';
oauth_parameter_string_object.oauth_version = '1.0';
oauth_parameter_string_object.oauth_timestamp = moment().unix();

// for Authorization request header (copy object)
const oauth_authorization_header_object = {};
for (var key in oauth_parameter_string_object) {
    oauth_authorization_header_object[key] = oauth_parameter_string_object[key];
}

// parse request.params
for (var i = 0; i < request.params.length; i++) {
    oauth_parameter_string_object[encodeURIComponent(request.params[i].name)] = encodeURIComponent(request.params[i].value);
}

// sort object by key
const oauth_parameter_string_object_ordered = {};
Object.keys(oauth_parameter_string_object).sort().forEach(function(key) {
    oauth_parameter_string_object_ordered[key] = oauth_parameter_string_object[key];
});

// convert object into array
const oauth_parameter_string_array = [];
for (var key in oauth_parameter_string_object_ordered) {
    oauth_parameter_string_array.push(key + "=" + oauth_parameter_string_object_ordered[key]);
}

// generate parameter string
const oauth_parameter_string = oauth_parameter_string_array.join('&');

// generate base string
const host = request.scheme + '://' + request.host;
const oauth_base_string = request.method + '&' + encodeURIComponent(host + request.path) + '&' + encodeURIComponent(oauth_parameter_string);

// generate signature
const oauth_signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA1(oauth_base_string, oauth_signing_key));

oauth_authorization_header_object.oauth_signature = encodeURIComponent(oauth_signature);

// convert object into array (for Authorization header string)
const oauth_authorization_header_array = [];
for (var key in oauth_authorization_header_object) {
    oauth_authorization_header_array.push(key + '=' + '"' + oauth_authorization_header_object[key] + '"');
}

const oauth_authorization_header = oauth_authorization_header_array.join(', ');

// generate Authorization header
request.headers.Authorization = 'OAuth ' + oauth_authorization_header;


/*
Escape URI parameters using encodeURIComponent
Runscope does encode URI parameters in a similar fashion to encodeURI by default.
*/
if(request.params.length !== 0) {
    // parse request.params
    const request_parameter_array = [];
    for (var i = 0; i < request.params.length; i++) {
        request_parameter_array[i] = request.params[i].name + '=' + encodeURIComponent(request.params[i].value);
    }
    const request_parameter_string = request_parameter_array.join('&');

    request.url = host + request.path + '?' + request_parameter_string;
}