crypto = require('crypto')

settings = require('settings-sharelatex')

cipherLabel = settings.cipherLabel
throw Error("cipherLabel must not contain a colon (:)") if cipherLabel?.match(/:/)

cipherPassword = settings.cipherPasswords[settings.cipherLabel]
throw Error("cipherPassword not set") if not cipherPassword?
throw Error("cipherPassword too short") if cipherPassword.length < 16

ALGORITHM = 'aes-256-ctr'

keyFn = (password, salt, callback)->
	return crypto.pbkdf2(password, salt, 10000, 64, callback)

module.exports =

	encryptJson: (json, callback)->
		string = JSON.stringify(json)
		salt = crypto.randomBytes(16)
		keyFn cipherPassword, salt, (err, key)->
			if err?
				logger.err err:err, "error getting Fn key"
				return callback(err)
			cipher = crypto.createCipher(ALGORITHM,  key)
			crypted  = cipher.update(string, 'utf8', 'base64') + cipher.final('base64')
			callback(null, cipherLabel + ":" + salt.toString('hex') + ":" + crypted)

	decryptToJson: (encryptedJson, callback)->
		[label, salt, cipherText] = encryptedJson.split(':', 3)
		password = settings.cipherPasswords[label]
		return callback(new Error("invalid password")) if not password? or password.length < 16
		keyFn password, new Buffer(salt, 'hex'), (err, key)->
			if err?
				logger.err err:err, "error getting Fn key"
				return callback(err)
			decipher = crypto.createDecipher(ALGORITHM, key)
			dec = decipher.update(cipherText, 'base64', 'utf8') + decipher.final('utf8')
			try
				json = JSON.parse(dec)
			catch e
				return callback(new Error("error decrypting token"))
			callback(null, json)