"use strict";

const test = require("node:test");
const assert = require("node:assert/strict");
const { hmacSHA256Hex, hmacSHA256Base64, verifySignature } = require("../src/lib/signature");

test("verifies valid signature", () => {
  const payload = JSON.stringify({ hello: "world" });
  const secret = "topsecret";
  const sig = hmacSHA256Hex(payload, secret);

  assert.equal(
    verifySignature({ payload, secret, signature: `sha256=${sig}` }),
    true,
  );
});

test("rejects invalid signature", () => {
  const payload = JSON.stringify({ hello: "world" });
  const secret = "topsecret";

  assert.equal(
    verifySignature({ payload, secret, signature: "sha256=deadbeef" }),
    false,
  );
});

test("rejects missing signature", () => {
  const payload = "abc";
  const secret = "topsecret";

  assert.equal(verifySignature({ payload, secret, signature: "" }), false);
});

test("verifies valid base64 signature", () => {
  const payload = JSON.stringify({ hello: "world" });
  const secret = "topsecret";
  const sig = hmacSHA256Base64(payload, secret);

  assert.equal(
    verifySignature({
      payload,
      secret,
      signature: `sha256=${sig}`,
      encoding: "base64",
    }),
    true,
  );
});