/**
 * Module dependencies.
 */

var crypto = require('crypto');

/**
 * Sign the given `val` with `secret`.
 *
 * @param {String} val
 * @param {String} secret
 * @return {String}
 * @api private
 */

exports.sign = function (val, secret) {
  if ('string' != typeof val)
    throw new TypeError('Cookie value must be provided as a string.');
  if ('string' != typeof secret)
    throw new TypeError('Secret string must be provided.');
  return (
    val +
    '.' +
    crypto
      .createHmac('sha256', secret)
      .update(val)
      .digest('base64')
      .replace(/\=+$/, '')
  );
};

/**
 * Unsign and decode the given `val` with `secret`,
 * returning `false` if the signature is invalid.
 *
 * @param {String} val
 * @param {String} secret
 * @return {String|Boolean}
 * @api private
 */

exports.unsign = function (val, secret) {
  if ('string' != typeof val)
    throw new TypeError('Signed cookie string must be provided.');
  if ('string' != typeof secret)
    throw new TypeError('Secret string must be provided.');
  var str = val.slice(0, val.lastIndexOf('.')),
    mac = exports.sign(str, secret);

  return sha1(mac) == sha1(val) ? str : false;
};

/**
 * Private
 */

function sha1(str) {
  return crypto.createHash('sha1').update(str).digest('hex');
}