(rawToken: string | undefined)
| 15 | * Constant-time comparison. |
| 16 | */ |
| 17 | export function verifySecurityKey(rawToken: string | undefined): boolean { |
| 18 | if (!rawToken) return false; |
| 19 | const expected = getPreferences().gateway?.securityKeyHash; |
| 20 | if (!expected) return false; |
| 21 | const got = hashKey(rawToken); |
| 22 | const a = Buffer.from(got, 'hex'); |
| 23 | const b = Buffer.from(expected, 'hex'); |
| 24 | return a.length === b.length && timingSafeEqual(a, b); |
| 25 | } |
| 26 | |
| 27 | /** Extract the bearer token from an Authorization header, or null. */ |
| 28 | export function extractBearer(header: string | undefined): string | null { |
no test coverage detected