5 var crypto = require('crypto');
8 * Sign the given `val` with `secret`.
11 * @param {String} secret
16 exports.sign = function(val, secret){
17 if ('string' != typeof val) throw new TypeError('cookie required');
18 if ('string' != typeof secret) throw new TypeError('secret required');
19 return val + '.' + crypto
20 .createHmac('sha256', secret)
27 * Unsign and decode the given `val` with `secret`,
28 * returning `false` if the signature is invalid.
31 * @param {String} secret
32 * @return {String|Boolean}
36 exports.unsign = function(val, secret){
37 if ('string' != typeof val) throw new TypeError('cookie required');
38 if ('string' != typeof secret) throw new TypeError('secret required');
39 var str = val.slice(0, val.lastIndexOf('.'))
40 , mac = exports.sign(str, secret);
42 return sha1(mac) == sha1(val) ? str : false;
50 return crypto.createHash('sha1').update(str).digest('hex');