MCPcopy Index your code
hub / github.com/coder/mux / safeEq

Function safeEq

src/node/orpc/authMiddleware.ts:16–30  ·  view source on GitHub ↗
(a: string, b: string)

Source from the content-addressed store, hash-verified

14// Tradeoff: this allocates temporary buffers. That's acceptable here (called once
15// per auth check) and avoids tricky timing branches.
16export function safeEq(a: string, b: string): boolean {
17 const bufA = Buffer.from(a);
18 const bufB = Buffer.from(b);
19
20 const maxLen = Math.max(bufA.length, bufB.length);
21
22 // timingSafeEqual requires equal-length buffers.
23 const paddedA = Buffer.alloc(maxLen);
24 const paddedB = Buffer.alloc(maxLen);
25 bufA.copy(paddedA);
26 bufB.copy(paddedB);
27
28 const bytesMatch = timingSafeEqual(paddedA, paddedB);
29 return bytesMatch && bufA.length === bufB.length;
30}
31
32function extractBearerToken(header: string | string[] | undefined): string | null {
33 const h = Array.isArray(header) ? header[0] : header;

Callers 3

createAuthMiddlewareFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected