module Cloudinary::AuthToken

def self.generate(options = {})
  key = options[:key]
  raise "Missing auth token key configuration" unless key
  name = options[:token_name] || "__cld_token__"
  start = options[:start_time]
  expiration = options[:expiration]
  ip = options[:ip]
  acl = options[:acl]
  if acl.present?
    acl = acl.is_a?(String) ? [acl] : acl
  end
  duration = options[:duration]
  url = options[:url]
  start = Time.new.getgm.to_i if start == 'now'
  if expiration.nil? || expiration == 0
    if !(duration.nil? || duration == 0)
      expiration = (start || Time.new.getgm.to_i) + duration
    else
      raise 'Must provide either expiration or duration'
    end
  end
  if url.blank? && acl.blank?
    raise 'AuthToken must contain either an acl or a url property'
  end
  token = []
  token << "ip=#{ip}" if ip
  token << "st=#{start}" if start
  token << "exp=#{expiration}"
  token << "acl=#{escape_to_lower(acl.join('!'))}" if acl && acl.size > 0
  to_sign = token.clone
  to_sign << "url=#{escape_to_lower(url)}" if url && (acl.blank? || acl.size == 0)
  auth = digest(to_sign.join(SEPARATOR), key)
  token << "hmac=#{auth}"
  "#{name}=#{token.join(SEPARATOR)}"
end