index.js (1230B)
1 /** 2 * Module dependencies. 3 */ 4 5 var crypto = require('crypto'); 6 7 /** 8 * Sign the given `val` with `secret`. 9 * 10 * @param {String} val 11 * @param {String} secret 12 * @return {String} 13 * @api private 14 */ 15 16 exports.sign = function(val, secret){ 17 if ('string' != typeof val) throw new TypeError("Cookie value must be provided as a string."); 18 if ('string' != typeof secret) throw new TypeError("Secret string must be provided."); 19 return val + '.' + crypto 20 .createHmac('sha256', secret) 21 .update(val) 22 .digest('base64') 23 .replace(/\=+$/, ''); 24 }; 25 26 /** 27 * Unsign and decode the given `val` with `secret`, 28 * returning `false` if the signature is invalid. 29 * 30 * @param {String} val 31 * @param {String} secret 32 * @return {String|Boolean} 33 * @api private 34 */ 35 36 exports.unsign = function(val, secret){ 37 if ('string' != typeof val) throw new TypeError("Signed cookie string must be provided."); 38 if ('string' != typeof secret) throw new TypeError("Secret string must be provided."); 39 var str = val.slice(0, val.lastIndexOf('.')) 40 , mac = exports.sign(str, secret); 41 42 return sha1(mac) == sha1(val) ? str : false; 43 }; 44 45 /** 46 * Private 47 */ 48 49 function sha1(str){ 50 return crypto.createHash('sha1').update(str).digest('hex'); 51 }