MCPcopy
hub / github.com/RedPlanetHQ/core / verifySecurityKey

Function verifySecurityKey

packages/cli/src/server/api/auth.ts:17–25  ·  view source on GitHub ↗
(rawToken: string | undefined)

Source from the content-addressed store, hash-verified

15 * Constant-time comparison.
16 */
17export function verifySecurityKey(rawToken: string | undefined): boolean {
18 if (!rawToken) return false;
19 const expected = getPreferences().gateway?.securityKeyHash;
20 if (!expected) return false;
21 const got = hashKey(rawToken);
22 const a = Buffer.from(got, 'hex');
23 const b = Buffer.from(expected, 'hex');
24 return a.length === b.length && timingSafeEqual(a, b);
25}
26
27/** Extract the bearer token from an Authorization header, or null. */
28export function extractBearer(header: string | undefined): string | null {

Callers 1

makeAuthHookFunction · 0.85

Calls 2

getPreferencesFunction · 0.90
hashKeyFunction · 0.85

Tested by

no test coverage detected