50 lines
1.2 KiB
JavaScript
50 lines
1.2 KiB
JavaScript
"use strict";
|
|
|
|
const test = require("node:test");
|
|
const assert = require("node:assert/strict");
|
|
const { hmacSHA256Hex, hmacSHA256Base64, verifySignature } = require("../src/lib/signature");
|
|
|
|
test("verifies valid signature", () => {
|
|
const payload = JSON.stringify({ hello: "world" });
|
|
const secret = "topsecret";
|
|
const sig = hmacSHA256Hex(payload, secret);
|
|
|
|
assert.equal(
|
|
verifySignature({ payload, secret, signature: `sha256=${sig}` }),
|
|
true,
|
|
);
|
|
});
|
|
|
|
test("rejects invalid signature", () => {
|
|
const payload = JSON.stringify({ hello: "world" });
|
|
const secret = "topsecret";
|
|
|
|
assert.equal(
|
|
verifySignature({ payload, secret, signature: "sha256=deadbeef" }),
|
|
false,
|
|
);
|
|
});
|
|
|
|
test("rejects missing signature", () => {
|
|
const payload = "abc";
|
|
const secret = "topsecret";
|
|
|
|
assert.equal(verifySignature({ payload, secret, signature: "" }), false);
|
|
});
|
|
|
|
test("verifies valid base64 signature", () => {
|
|
const payload = JSON.stringify({ hello: "world" });
|
|
const secret = "topsecret";
|
|
const sig = hmacSHA256Base64(payload, secret);
|
|
|
|
assert.equal(
|
|
verifySignature({
|
|
payload,
|
|
secret,
|
|
signature: `sha256=${sig}`,
|
|
encoding: "base64",
|
|
}),
|
|
true,
|
|
);
|
|
});
|