How to generate oauth signature in dart

Issue

I am working on a fitness app using flutter. I am attempting to use Fatsecret API for food and recipe database.

I am new to flutter and API’s in general (previously as a junior android developer, only worked with firebase). Now I am stuck at generating OAuth signature for fatsecret API.

Fatsecret documentation for signature generation, but i dont understand it.

This is my code

import 'dart:convert';

import 'package:convert/convert.dart';
import 'package:crypto/crypto.dart';
import 'package:http/http.dart' as http;
import 'package:random_string/random_string.dart';
import 'package:sortedmap/sortedmap.dart';

// FatSecret API
class FsApiService {
  /// I used these tuts for reference

  // https://blog.dantup.com/2017/01/simplest-dart-code-to-post-a-tweet- 
  // using-oauth/

  // http://platform.fatsecret.com/api/Default.aspx?screen=rapiauth
  // https://github.com/EugeneHoran/Android-FatSecret-REST-API

  // https://stackoverflow.com/questions/49797558/how-to-make-http-post- 
  // request-with-url-encoded-body-in-flutter
  
  //https://groups.google.com/a/dartlang.org/forum/#!topic/cloud/Ci1gFhYBSDQ
  
  // https://stackoverflow.com/questions/28910178/calculating-an-oauth- 
  // signature

 static const API_KEY = 'API_KEY_HERE';

 static const SHARED_SECRET = 'SHARED_SECRET_HERE';

 static const APP_METHOD = 'POST';

 static const REQUEST_URL =  
 'http://platform.fatsecret.com/rest/server.api';

 static const SIGNATURE_METHOD = 'HMAC-SHA1';

 static const OAUTH_VERSION = '1.0';

 var _sigHasher;

 FsApiService() {
   var bytes = utf8.encode('$SHARED_SECRET&');
   _sigHasher = new Hmac(sha1, bytes);
 }

 /// Fetches all foods from Fatsecret Api
 fetchAllFoodsFromApi() async {
   Map<String, String> params = {
     'oauth_consumer_key': API_KEY,
     'oauth_signature_method': SIGNATURE_METHOD,
     'oauth_timestamp': 
          (DateTime.now().millisecondsSinceEpoch).toString(),
     'oauth_nonce': nounce(),
     'oauth_version': (1.0).toString(),
     'format': 'json',
     'method': 'foods.search',
     'search_expression': 'cheese'
  };

  var signatureUri = _generateSignature(APP_METHOD, REQUEST_URL, params);
  params['oauth_signature'] = signatureUri;

  var sortedParams = SortedMap.from(params);

  var client = http.Client();

  final response = await client.post(
    REQUEST_URL,
    headers: sortedParams,
  );

  print(response.statusCode);
  print(response.body);

  print('$signatureUri');
  print('$sortedParams');
  print('$params');
}

String nonce() {
  return randomString(8);
}

String _generateSignature(
    String method, String baseUrl, Map<String, String> params) {
  var encodedMethod = Uri.encodeComponent(method);
  var encodedUrl = Uri.encodeComponent(baseUrl);

  var sortedParams = SortedMap.from(params);
  var concatedParams = _toQueryString(sortedParams);

  var encodedParams = Uri.encodeComponent(concatedParams);

  var finalUrl = '$encodedMethod&${_encode(encodedUrl.toString())}' 
                        + '&${_encode(encodedParams)}';

  var base64converted = base64.encode(_hash(finalUrl));

  print('encoded method = $encodedMethod');
  print('encoded url = $encodedUrl');
  print('encoded params = $encodedParams');
  print('final url = $finalUrl');
  print('base64converted = $base64converted');

  return base64converted;
}

String _toQueryString(Map<String, String> data) {
  var items = data.keys.map((k) => "$k=${_encode(data[k])}").toList();

  items.sort();

  return items.join('&');
}

String _encode(String data) {
  return percent.encode(data.codeUnits);
}

List<int> _hash(String data) => _sigHasher.convert(data.codeUnits).bytes;
}

When I run the app, following error message is shown in logcat

2018-11-01 19:53:17.681 25882-25907/com.example.ninjaapp I/flutter: 200
2018-11-01 19:53:17.735 25882-25907/com.example.ninjaapp I/flutter: <?xml 
version="1.0" encoding="utf-8" ?>
    <error xmlns="http://platform.fatsecret.com/api/1.0/" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xsi:schemaLocation="http://platform.fatsecret.com/api/1.0/ 
  http://platform.fatsecret.com/api/1.0/fatsecret.xsd">
        <code>2</code>
        <message>Missing required oauth parameter: 
                         oauth_signature_method</message>
    </error>

am I creating the signature in an incorrect way? Or can anyone see where I am going wrong?

Thank You!

Solution

API Class

import 'dart:async';
import 'dart:convert';
import 'dart:math';
import 'package:http/http.dart' as http;
import 'package:convert/convert.dart';
import 'package:crypto/crypto.dart';

// TwitterApi class adapted from DanTup:
// https://blog.dantup.com/2017/01/simplest-dart-code-to-post-a-tweet-using-oauth/
class FatSecretApi {

  final String fatSecretApiBaseUrl = "platform.fatsecret.com";

  bool isJson = true;

  final String consumerKey, consumerKeySecret, accessToken, accessTokenSecret;

  Hmac _sigHasher;

  FatSecretApi(this.consumerKey, this.consumerKeySecret, this.accessToken,
      this.accessTokenSecret) {
    var bytes = utf8.encode("$consumerKeySecret&$accessTokenSecret");
    _sigHasher = new Hmac(sha1, bytes);
  }

  FatSecretApi forceXml() {
    this.isJson = false;
    return this;
  }

  /// Sends a tweet with the supplied text and returns the response from the Twitter API.
  Future<http.Response> request(Map<String, String> data) {
    if (isJson) {
      data["format"] = "json";
    }
    return _callGetApi("rest/server.api", data);
  }

  Future<http.Response> _callGetApi(String url, Map<String, String> data) {
    Uri requestUrl = Uri.https(fatSecretApiBaseUrl, url);

    print(data["method"]);
    _setAuthParams("GET", requestUrl.toString(), data);

    requestUrl = Uri.https(requestUrl.authority, requestUrl.path, data);

    String oAuthHeader = _generateOAuthHeader(data);

    // Build the OAuth HTTP Header from the data.
    // Build the form data (exclude OAuth stuff that's already in the header).
//    var formData = _filterMap(data, (k) => !k.startsWith("oauth_"));
    return _sendGetRequest(requestUrl, oAuthHeader);
  }

  void _setAuthParams(String requestMethod, String url, Map<String, String> data) {

    // Timestamps are in seconds since 1/1/1970.
    // var timestamp = new DateTime.now().toUtc().difference(_epochUtc).inSeconds;
    var millisecondsSinceEpoch = new DateTime.now().toUtc().millisecondsSinceEpoch;
    var timestamp = (millisecondsSinceEpoch  / 100).round();

    // Add all the OAuth headers we'll need to use when constructing the hash.
    data["oauth_consumer_key"] = consumerKey;
    data["oauth_signature_method"] = "HMAC-SHA1";
    data["oauth_timestamp"] = timestamp.toString();
    data["oauth_nonce"] = _randomString(8); // Required, but Twitter doesn't appear to use it
    if (accessToken != null && accessToken.isNotEmpty) data["oauth_token"] = accessToken;
    data["oauth_version"] = "1.0";

    // Generate the OAuth signature and add it to our payload.
    data["oauth_signature"] = _generateSignature(requestMethod, Uri.parse(url), data);
  }

  /// Generate an OAuth signature from OAuth header values.
  String _generateSignature(String requestMethod, Uri url, Map<String, String> data) {
    var sigString = _toQueryString(data);
    var fullSigData = "$requestMethod&${_encode(url.toString())}&${_encode(sigString)}";

    return base64.encode(_hash(fullSigData));
  }

  /// Generate the raw OAuth HTML header from the values (including signature).
  String _generateOAuthHeader(Map<String, String> data) {
    var oauthHeaderValues = _filterMap(data, (k) => k.startsWith("oauth_"));

    return "OAuth " + _toOAuthHeader(oauthHeaderValues);
  }

  /// Send HTTP Request and return the response.
  Future<http.Response> _sendGetRequest(Uri fullUrl, String oAuthHeader) async {
    return await http.get(fullUrl, headers: { });
  }

  Map<String, String> _filterMap(
      Map<String, String> map, bool test(String key)) {
    return new Map.fromIterable(map.keys.where(test), value: (k) => map[k]);
  }

  String _toQueryString(Map<String, String> data) {
    var items = data.keys.map((k) => "$k=${_encode(data[k])}").toList();
    items.sort();

    return items.join("&");
  }

  String _toOAuthHeader(Map<String, String> data) {
    var items = data.keys.map((k) => "$k=\"${_encode(data[k])}\"").toList();
    items.sort();

    return items.join(", ");
  }

  List<int> _hash(String data) => _sigHasher.convert(data.codeUnits).bytes;

  String _encode(String data) => percent.encode(data.codeUnits);

  String _randomString(int length) {
    var rand = new Random();
    var codeUnits = new List.generate(
        length,
            (index){
          return rand.nextInt(26)+97;
        }
    );

    return new String.fromCharCodes(codeUnits);
  }
}

And Use it like following

import 'dart:async';
import 'dart:convert';

import 'package:flutter_test_app/error/FatSecretException.dart';
import 'package:flutter_test_app/model/dayNutrientsEntry.dart';
import 'package:flutter_test_app/network/fatSecretApi.dart';
import 'package:flutter_test_app/model/foodItem.dart';
import 'package:flutter_test_app/model/auth/user_fat_secret_auth_model.dart';

class RestClient {
  // if  you don't have one, generate from fatSecret API
  String consumerKey;

  // if  you don't have one, generate from fatSecret API
  String consumerKeySecret;

  // creates a new RestClient instance.
  // try to make singleton too avoid multiple instances
  // make sure to set AppConfig consumer keys and secrets.
  RestClient() {
    this.consumerKey = 'CONSUMER_KEY';
    this.consumerKeySecret = 'CONSUMER_KEY_SECRET';
  }

  /*
   * Sends an API call to "food.search" method on fatSecret APi
   * the method inputs a query string to search in food
   * Return Type [SearchFoodItem]
   * please refer to model package.
   */
  Future<List<SearchFoodItem>> searchFood(String query) async {
    List<SearchFoodItem> list = [];

    // FatSecretApi be sure that consumer keys are set before you send a call
    FatSecretApi foodSearch = FatSecretApi(
      this.consumerKey,
      this.consumerKeySecret,
      "",
      "",
    );

    var result = await foodSearch
        .request({"search_expression": query, "method": "foods.search"})
        .then((res) => res.body)
        .then(json.decode)
        .then((json) => json["foods"])
        .then((json) => json["food"])
        .catchError((err) {
          print(err);
        });

    // Create a POJO class and parse it
    result.forEach((foodItem) => list.add(SearchFoodItem.fromJson(foodItem)));
    return list;
  }

  /*
   * Sends an API call to "profile.create" method on fatSecret APi
   * the method inputs unique user Id
   * Return Type [Map]
   * please refer to fatSecret return types
   */
  Future<Map> createProfile(String userId) async {

    // Be sure that consumer keys are set before you send a call
    FatSecretApi api = FatSecretApi(this.consumerKey, this.consumerKeySecret, "", "");

    var response =
        api.request({"method": "profile.create", "user_id": userId});

    var jsonBody = await response.then((res) => res.body).then(json.decode);

    if (jsonBody["error"] != null) {
      var errorMap = jsonBody["error"];
      throw FatSecretException(errorMap["code"], errorMap["message"]);
    }

    var profile = jsonBody["profile"];
    return profile;
  }

  /*
   * Sends an API call to "profile.get_auth" method on fatSecret APi
   * the method inputs unique user Id
   * Return Type [Map]
   * please refer to fatSecret return types
   */
  Future<Map> getProfileAuth(String userId) async {
    //var session = await Preferences().getUserSession();
    var api =
        new FatSecretApi(this.consumerKey, this.consumerKeySecret, "", "");
    var jsonBody = await api
        .request({"method": "profile.get_auth", "user_id": userId})
        .then((res) => res.body)
        .then(json.decode);
//          .then((json) => json["profile"]);
    if (jsonBody["error"] != null) {
      var errorMap = jsonBody["error"];
      throw new FatSecretException(errorMap["code"], errorMap["message"]);
    }

    var profile = jsonBody["profile"];
    return profile;
  }

  /*
   * Sends an API call to "food_entries.get_month" method on fatSecret APi
   * the method inputs [Date] and [UserFatSecretAuthModel] optional
   * if you want to access some other user you can set UserFatSecretAuthModel in parameters
   * Return Type [DayNutrientsEntry]
   * please refer to model package
   */
  Future<List<DayNutrientsEntry>> getMonthFoodEntries(
      {String date, UserFatSecretAuthModel user}) async {
    if (user == null) {
      // set user if you have already stored user in preferences
//      var user = await Preferences().getUserSession();
    }

    List<DayNutrientsEntry> list = [];

    var api = new FatSecretApi(this.consumerKey, this.consumerKeySecret,
        user?.authToken, user?.authSecret);
    Map<String, String> params = {"method": "food_entries.get_month"};

    if (date != null && date.isNotEmpty) params["date"] = date;

    try {
      var r = await api
          .request(params)
          .then((res) => res.body)
          .then(json.decode)
          .then((json) => json["month"])
          .then((json) => json["day"]);

      if (r is List) {
        r.forEach((foodItem) => list.add(DayNutrientsEntry.fromJson(foodItem)));
      } else {
        list.add(DayNutrientsEntry.fromJson(r));
      }
    } catch (e) {}
    return list;
  }
}

Answered By – Haaris Ahamed

Answer Checked By – Candace Johnson (FlutterFixes Volunteer)

Leave a Reply

Your email address will not be published.