"use strict";

const test = require("node:test");
const assert = require("node:assert/strict");
const { hmacSHA256Hex, verifySignature } = require("../src/lib/signature");

test("verifies valid signature", () => {
  const payload = JSON.stringify({ hello: "world" });
  const secret = "topsecret";
  const sig = hmacSHA256Hex(payload, secret);

  assert.equal(
    verifySignature({ payload, secret, signature: `sha256=${sig}` }),
    true,
  );
});

test("rejects invalid signature", () => {
  const payload = JSON.stringify({ hello: "world" });
  const secret = "topsecret";

  assert.equal(
    verifySignature({ payload, secret, signature: "sha256=deadbeef" }),
    false,
  );
});

test("rejects missing signature", () => {
  const payload = "abc";
  const secret = "topsecret";

  assert.equal(verifySignature({ payload, secret, signature: "" }), false);
});