madwork/parse-cookie.coffee

## parse-cookie.coffee
# Credits to Alfonso de la Osa
# https://github.com/botverse/node-rails-cookies
crypto = require('crypto')

module.exports = (options) ->
  secret = crypto.pbkdf2Sync(options.base, options.salt, options.iterations, options.keylen / 2)
  signed_secret = crypto.pbkdf2Sync(options.base, options.signed_salt, options.iterations, options.keylen)
  (cookie, cipherName) ->
    signed_parts = cookie.split('--')
    hmac = crypto.createHmac('sha1', signed_secret)
    digest = undefined
    hmac.update signed_parts[0]
    digest = hmac.digest('hex')
    message = new Buffer(signed_parts[0], 'base64').toString()
    parts = message.split('--').map((part) ->
      new Buffer(part, 'base64')
    )
    cipher = crypto.createDecipheriv(cipherName, secret, parts[1])
    part = new Buffer(cipher.update(parts[0])).toString('utf8')
    final = cipher.final('utf8')
    [
      part
      final
    ].join ''

# ---
# generated by js2coffee 2.1.0

## parse-cookie.js
// Credits to Alfonso de la Osa
// https://github.com/botverse/node-rails-cookies

var crypto = require('crypto');

module.exports = function(options) {
  var secret = crypto.pbkdf2Sync(options.base, options.salt, options.iterations, options.keylen / 2),
      signed_secret = crypto.pbkdf2Sync(options.base, options.signed_salt, options.iterations, options.keylen);

  return function(cookie, cipherName) {
    var signed_parts = cookie.split('--'), hmac = crypto.createHmac('sha1', signed_secret), digest;

    hmac.update(signed_parts[0]);
    digest = hmac.digest('hex');

    var message = (new Buffer(signed_parts[0], 'base64').toString()),
      parts = message.split('--').map(function(part) {
        return new Buffer(part, 'base64');
      });

    var cipher = crypto.createDecipheriv(cipherName, secret, parts[1]),
        part = new Buffer(cipher.update(parts[0])).toString('utf8'),
        final = cipher.final('utf8');

    return [part, final].join('');
  }
};

## test.js
var parser = require('./parse-cookie');

var cookie = "ZGhTbEhmUzZBYWhDSUwxY1FhSE1sNU50UnpZa0lCYnlUMjZXNUM0VWJNQ1VCS3hqQVRFNWh5eEllakE5STFtcmtCQm5sbXpJeGZjSFJKWGcvSStwL0NMMDlzRXpTOVZCd1h3L3poY0pnait0M3VEc3lnL1orcUVVdDFlUFRLWEZ2eXU1RmQ0c3ZKL2czWFlBb0Fwa3hQa3BFOGpQWmVlM0FxWjVyKzNja0NmQzZKRVIxUmpDalZiUjgvYUFDbzdDLS1WQlhpQzRnaW5XN2lqNGJ3eldVRGpBPT0--863d5f35812a0de3c02104cb96a7479650602942%3D%3D--9379ccf91a2d979516615948e1f310e72ddd6521",
    params = {
      base: 'fdb79a5ddfb30d9639ab15fb149712c6b783d2baa10ca07e0ababfab1453a7eb9d94b686799151c963af8a5c28571127c5a221615d14ba8fe863a720ed49a003',
      salt: 'encrypted cookie',
      signed_salt: 'signed encrypted cookie',
      iterations: 1000,
      keylen: 64
    };

decryptor = parser(params);
message = decryptor(cookie, 'aes-256-cbc');

console.log(message);
// => {"session_id":"717fdab32b88a55f09c853349f198ae5","rails":"awesome!","_csrf_token":"exj0VLeC4FzAfBTfDrCYMYuxD2cYzH9chf/U8PuK+E8="}
	var parser = require('./parse-cookie');

	var cookie = "ZGhTbEhmUzZBYWhDSUwxY1FhSE1sNU50UnpZa0lCYnlUMjZXNUM0VWJNQ1VCS3hqQVRFNWh5eEllakE5STFtcmtCQm5sbXpJeGZjSFJKWGcvSStwL0NMMDlzRXpTOVZCd1h3L3poY0pnait0M3VEc3lnL1orcUVVdDFlUFRLWEZ2eXU1RmQ0c3ZKL2czWFlBb0Fwa3hQa3BFOGpQWmVlM0FxWjVyKzNja0NmQzZKRVIxUmpDalZiUjgvYUFDbzdDLS1WQlhpQzRnaW5XN2lqNGJ3eldVRGpBPT0--863d5f35812a0de3c02104cb96a7479650602942%3D%3D--9379ccf91a2d979516615948e1f310e72ddd6521",
	params = {
	base: 'fdb79a5ddfb30d9639ab15fb149712c6b783d2baa10ca07e0ababfab1453a7eb9d94b686799151c963af8a5c28571127c5a221615d14ba8fe863a720ed49a003',
	salt: 'encrypted cookie',
	signed_salt: 'signed encrypted cookie',
	iterations: 1000,
	keylen: 64
	};

	decryptor = parser(params);
	message = decryptor(cookie, 'aes-256-cbc');

	console.log(message);
	// => {"session_id":"717fdab32b88a55f09c853349f198ae5","rails":"awesome!","_csrf_token":"exj0VLeC4FzAfBTfDrCYMYuxD2cYzH9chf/U8PuK+E8="}