Node middleware that decodes FB cookies

fb_auth.coffee

crypto = require 'crypto'

class FBSession
  constructor: (@app_id, @app_secret) ->
    @state = 'logged_out'
    
  initialize: (req) =>
    @req = req
    req.fbSession = () => if @state is 'logged_in' then this else null
    
  getSignature: (params) =>
    hash = crypto.createHash 'md5'
    keys = Object.keys(params).sort()
    payload = ""
    payload += "#{key}=#{value}" for key, value of params
    payload += @app_secret
    hash.update payload
    return hash.digest 'hex'

  verifyFBSession: (session) =>
    verify_signature = session.sig
    delete session.sig
    return verify_signature is this.getSignature(session)

  eatCookie: (cookie) =>
    return unless cookie
    params = require('querystring').parse cookie
    if this.verifyFBSession(params)
      @state = 'logged_in'
      @params = params


# Hook up this middleware and you're set
module.exports.cookieMiddleware = (fb_app_id, fb_app_secret) ->
  return ((req, res, next) ->
    fb_session = new FBSession(fb_app_id, fb_app_secret)
    fb_session.initialize req
    fb_session.eatCookie req.cookies['fbs_'+fb_app_id]
    next()
  )

module.exports.FBSession = FBSession