diff --git a/parse-cookie.js b/parse-cookie.js index c6ba0ad..5675885 100644 --- a/parse-cookie.js +++ b/parse-cookie.js @@ -15,12 +15,11 @@ function compare(a, b) { } module.exports = function(options) { - var secret = crypto.pbkdf2Sync(options.base, options.salt, options.iterations, options.keylen / 2) - , signed_secret = crypto.pbkdf2Sync(options.base, options.signed_salt, options.iterations, options.keylen) + var secret = crypto.pbkdf2Sync(options.base, options.salt, options.iterations, options.keylen / 2, 'sha1') + , signed_secret = crypto.pbkdf2Sync(options.base, options.signed_salt, options.iterations, options.keylen, 'sha1') ; - return function(cookie, cipherName) { - + var decrypter = function(cookie, cipherName) { var signed_parts = cookie.split('--') , hmac = crypto.createHmac('sha1', signed_secret) , digest @@ -43,5 +42,38 @@ module.exports = function(options) { ; return [part, final].join(''); + }; + + /* + To preserve backwards compatibility, I've left the return value of this function the same + and added the functions below for future use. I'll leave it up to the original author to + introduce any breaking changes. --endotronic + */ + decrypter.decode = decrypter; + decrypter.encode = function(message, cipherName, callback) { + crypto.pseudoRandomBytes(16, function(err, iv) { + if (err) { + callback(err); + } + + var cipher = crypto.createCipheriv(cipherName, secret, iv) + , part = new Buffer(cipher.update(new Buffer(message))) + , final = cipher.final(), + encryptedMessage = Buffer.concat([part, final]).toString('base64') + ; + + var fullMessage = new Buffer([encryptedMessage, iv.toString('base64')].join('--')).toString('base64') + , hmac = crypto.createHmac('sha1', signed_secret) + , digest + ; + + hmac.update(fullMessage); + digest = hmac.digest('hex'); + + var cookie = [fullMessage, digest].join('--'); + callback(null, cookie); + }); } -}; \ No newline at end of file + + return decrypter; +}; diff --git a/test.js b/test.js index fb70273..9ed5c48 100644 --- a/test.js +++ b/test.js @@ -1,5 +1,5 @@ var parser = require('./parse-cookie'); -var BSON = require('bson'); +var BSON = require('bson').BSONPure.BSON; var cookie = "bEtaTXFvOHlCQjliaVBUUi9BMVB6aFcyeHE5MFJ3YjFaZ1ZHREk5anltUWpxMEgwZkczbHN6ZkFHSW84bURCNFpuVmZuMklJUHJWNU0wTnNObG0ybXVhVXNNL25LL3M4U0FGZ3JZQlhSV00yUFgrdU9sVG9mZGNpUkpZRUhTK2xGZ2hOdVdqb0tVZVIvMlZFZWVodllJRm5jWWhrYnhiUHM1bDhHTmx0Uks2WVlCSzBQbm40Vzhxcy90ZWdsMmZ0YkJGYWV5RWk0ZTRJbDlhTDNqNk9HSk9xSklDSk1ScHF6cFUwTUVib3RFWjlha1ZSd0xWc09ZT1VXSTRNc0piaThDZEI2a0MydHF6c2FnbWEyb0EyZjBMTHZ4UDhzcng2Njk4VXV1azNHZTg2RUpKZG9BZ3Z6M1Z4WXhBMkhRNlFoNXROL2dmem44MkFyZml2b1RRNHNKSFArZGhLZDdDTFZ1MzUvYk1Yb29tY04xeXk2VklhazVRdklLeVhvSEtLdnNNSVdkKzJDTWlJd2Mvb3NuQkp5T2FmSlpLR2FqaStBOTM3Yy9hVm4xUG5yS2piWUxMNWZ2UmdEdERSYjR4a0ljUW1KMjIwR3NFSnQ4a2ozeWc1alVZZ1hJczFZTU9xMjJrSnhoZFNUcVJqN0s4UGdwYjBlVlpFVjQ0dGZQMENSU0c5N1d4bEhjQU9HcmVHdXYzeERBPT0tLTNJNnhIN1ljY0xzNFZFa0JMRWJCR1E9PQ==--93c96ef70cb7a6abaea56b1e17426210d5054ea5" , params = { @@ -12,9 +12,18 @@ var cookie = "bEtaTXFvOHlCQjliaVBUUi9BMVB6aFcyeHE5MFJ3YjFaZ1ZHREk5anltUWpxMEgwZk , cipher = 'aes-256-cbc' ; +/* The original test is broken, even after fixing the usage of the BSON library. + I'll let the original author address this. --endotronic + decryptor = parser(params); message = decryptor(cookie, cipher); - json = BSON.deserialize(message); -console.log(json); +console.log(json);*/ + +var message = 'this is a test'; +parser(params).encode(message, cipher, function(err, encodedMessage) { + var decodedMessage = parser(params).decode(encodedMessage, cipher); + var success = (decodedMessage == message); + console.log('encode/decode success: ' + success); +});