class Warden::CookieSession::EncryptedCookie

  attr_reader :store, :cookie, :secret, :encryptor

  def initialize(store:, cookie:, secret:)
    @store = store
    @cookie = cookie
    @secret = secret
    raise ArgumentError.new('secret must be 32 bytes') if @secret.length != 32

    @encryptor ||= ActiveSupport::MessageEncryptor.new(secret)
  end

  def get
    value = store[cookie]
    return nil unless value

    JSON(encryptor.decrypt_and_verify(value))
  end

  def put(data, domain: nil)
    c = {
      value: encryptor.encrypt_and_sign(data.to_json)
    }
    c[:domain] = domain if domain

    store[cookie] = c
  end

  def clear
    store.delete(cookie)
  end

end