From 988184980831455e266bb2577cd0f5c6c470b6a1 Mon Sep 17 00:00:00 2001
From: Bhavya Dhiman <bhavyadhiman7@gmail.com>
Date: Thu, 14 Nov 2024 03:27:20 +0530
Subject: [PATCH] refactor(cookie): remove cookie-parser dependency and use the
 native crypto module to sign cookie

---
 lib/response.js | 4 ++--
 package.json    | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/response.js b/lib/response.js
index 29511a74e0..0e07a9f398 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -24,7 +24,7 @@ var path = require('path');
 var pathIsAbsolute = require('path').isAbsolute;
 var statuses = require('statuses')
 var merge = require('utils-merge');
-var sign = require('cookie-signature').sign;
+var crypto = require('crypto');
 var normalizeType = require('./utils').normalizeType;
 var normalizeTypes = require('./utils').normalizeTypes;
 var setCharset = require('./utils').setCharset;
@@ -746,7 +746,7 @@ res.cookie = function (name, value, options) {
     : String(value);
 
   if (signed) {
-    val = 's:' + sign(val, secret);
+    val = 's:' + val + '.' + crypto.createHmac('sha256', secret).update(val).digest('base64').replace(/\=+$/, '');
   }
 
   if (opts.maxAge != null) {
diff --git a/package.json b/package.json
index 54b4bb5704..aadd8a7e6e 100644
--- a/package.json
+++ b/package.json
@@ -37,7 +37,6 @@
     "content-disposition": "^1.0.0",
     "content-type": "~1.0.4",
     "cookie": "0.7.1",
-    "cookie-signature": "^1.2.1",
     "debug": "4.3.6",
     "depd": "2.0.0",
     "encodeurl": "~2.0.0",