| /** |
| * Module dependencies. |
| */ |
| |
| var crypto = require('crypto'); |
| |
| /** |
| * Sign the given `val` with `secret`. |
| * |
| * @param {String} val |
| * @param {String} secret |
| * @return {String} |
| * @api private |
| */ |
| |
| exports.sign = function(val, secret){ |
| if ('string' != typeof val) throw new TypeError("Cookie value must be provided as a string."); |
| if ('string' != typeof secret) throw new TypeError("Secret string must be provided."); |
| return val + '.' + crypto |
| .createHmac('sha256', secret) |
| .update(val) |
| .digest('base64') |
| .replace(/\=+$/, ''); |
| }; |
| |
| /** |
| * Unsign and decode the given `val` with `secret`, |
| * returning `false` if the signature is invalid. |
| * |
| * @param {String} val |
| * @param {String} secret |
| * @return {String|Boolean} |
| * @api private |
| */ |
| |
| exports.unsign = function(val, secret){ |
| if ('string' != typeof val) throw new TypeError("Signed cookie string must be provided."); |
| if ('string' != typeof secret) throw new TypeError("Secret string must be provided."); |
| var str = val.slice(0, val.lastIndexOf('.')) |
| , mac = exports.sign(str, secret); |
| |
| return sha1(mac) == sha1(val) ? str : false; |
| }; |
| |
| /** |
| * Private |
| */ |
| |
| function sha1(str){ |
| return crypto.createHash('sha1').update(str).digest('hex'); |
| } |