mashery · rowanhill · Dec 2, 2013 · Dec 7, 2013
diff --git a/README.md b/README.md
@@ -288,11 +288,13 @@ Line:
     (5) is set to "key"
 
 8. "signature" is a JSON object that contains the details about
-   the API call signing requirements. The signature routine coded
-   in app.js is a hash of the string concatenation of API key, 
+   the API call signing requirements. The bundled signature
+   routines create a hash of the string concatenation of API key,
    API key secret and timestamp (epoch).
 
-9. "type" key value is either *signed_md5* or *signed_sha256*.
+9. "type" key value is a module in the `signers` directory, or in
+   the directory specified by `customSignersDir` in config.json.
+   By default this is either *signed_md5* or *signed_sha256*.
    More signature methods are available with crypto.js, but have
    not been included in the code as options.
 

diff --git a/app.js b/app.js
@@ -34,7 +34,6 @@ var express     = require('express'),
     url         = require('url'),
     http        = require('http'),
     https       = require('https'),
-    crypto      = require('crypto'),
     redis       = require('redis'),
     RedisStore  = require('connect-redis')(express);
 
@@ -78,6 +77,14 @@ if (!fs.existsSync(config.apiConfigDir)) {
     process.exit(1);
 }
 
+if (config.customSignersDir) {
+    config.customSignersDir = path.resolve(config.customSignersDir);
+    if (!fs.existsSync(config.customSignersDir)) {
+        console.error("Could not find custom request signers directory: " + config.customSignersDir);
+        process.exit(1);
+    }
+}
+
 try {
     var apisConfig = require(path.join(config.apiConfigDir, 'apiconfig.json'));
     if (config.debug) {
@@ -783,23 +790,6 @@ function processRequest(req, res, next) {
             options.path += apiConfig.keyParam + '=' + apiKey;
         }
 
-        // Perform signature routine, if any.
-        if (apiConfig.signature) {
-            var timeStamp, sig;
-            if (apiConfig.signature.type == 'signed_md5') {
-                // Add signature parameter
-                timeStamp = Math.round(new Date().getTime()/1000);
-                sig = crypto.createHash('md5').update('' + apiKey + apiSecret + timeStamp + '').digest(apiConfig.signature.digest);
-                options.path += '&' + apiConfig.signature.sigParam + '=' + sig;
-            }
-            else if (apiConfig.signature.type == 'signed_sha256') { // sha256(key+secret+epoch)
-                // Add signature parameter
-                timeStamp = Math.round(new Date().getTime()/1000);
-                sig = crypto.createHash('sha256').update('' + apiKey + apiSecret + timeStamp + '').digest(apiConfig.signature.digest);
-                options.path += '&' + apiConfig.signature.sigParam + '=' + sig;
-            }
-        }
-
         // Setup headers, if any
         if (reqQuery.headerNames && reqQuery.headerNames.length > 0) {
             if (config.debug) {
@@ -848,6 +838,27 @@ function processRequest(req, res, next) {
             doRequest = http.request;
         }
 
+        // Perform signature routine, if any.
+        if (apiConfig.signature) {
+            var signerModuleName = null;
+            if (fs.existsSync(path.join(config.customSignersDir, apiConfig.signature.type + '.js'))) {
+                signerModuleName = config.customSignersDir + '/' + apiConfig.signature.type + '.js';
+            } else if (fs.existsSync(path.join('./signers', apiConfig.signature.type + '.js'))) {
+                signerModuleName = './signers/' + apiConfig.signature.type + '.js';
+            }
+
+            if (signerModuleName != null) {
+                var signer = require(signerModuleName);
+                if (signer.signRequest) {
+                    signer.signRequest(httpMethod, url, requestBody, options, apiKey, apiSecret, apiConfig.signature);
+                } else {
+                    console.error('Signer "' + apiConfig.signature.type + '" does not have a signRequest() method');
+                }
+            } else {
+                console.error('Could not find signer "' + apiConfig.signature.type + '"');
+            }
+        }
+
         // API Call. response is the response from the API, res is the response we will send back to the user.
         var apiCall = doRequest(options, function(response) {
             response.setEncoding('utf-8');

diff --git a/config.json.sample b/config.json.sample
@@ -9,6 +9,7 @@
         "username" : "",
         "password" : ""
     },
+    "customSignersDir" : null,
     "redis" : {
         "host" : "localhost",
         "port" : 6379,

diff --git a/signers/common/crypto_hash.js b/signers/common/crypto_hash.js
@@ -0,0 +1,10 @@
+var crypto = require('crypto');
+
+var signRequest = function(hashType, options, apiKey, apiSecret, signatureConfig) {
+    // Add signature parameter
+    var timeStamp = Math.round(new Date().getTime()/1000);
+    var sig = crypto.createHash(hashType).update('' + apiKey + apiSecret + timeStamp + '').digest(signatureConfig.digest);
+    options.path += '&' + signatureConfig.sigParam + '=' + sig;
+};
+
+exports.signRequest = signRequest;
diff --git a/signers/signed_md5.js b/signers/signed_md5.js
@@ -0,0 +1,7 @@
+var cryptoHash = require('./common/crypto_hash.js');
+
+var signRequest = function(httpMethod, url, requestBody, options, apiKey, apiSecret, signatureConfig) {
+    cryptoHash.signRequest('md5', options, apiKey, apiSecret, signatureConfig);
+};
+
+exports.signRequest = signRequest;
diff --git a/signers/signed_sha256.js b/signers/signed_sha256.js
@@ -0,0 +1,7 @@
+var cryptoHash = require('./common/crypto_hash.js');
+
+var signRequest = function(httpMethod, url, requestBody, options, apiKey, apiSecret, signatureConfig) {
+    cryptoHash.signRequest('sha256', options, apiKey, apiSecret, signatureConfig);
+};
+
+exports.signRequest = signRequest;