isValidLegacyKey checks if the key matches any configured API key using constant-time comparison to prevent timing attacks.
(key string, appConfig *config.ApplicationConfig)
| 538 | // isValidLegacyKey checks if the key matches any configured API key |
| 539 | // using constant-time comparison to prevent timing attacks. |
| 540 | func isValidLegacyKey(key string, appConfig *config.ApplicationConfig) bool { |
| 541 | for _, validKey := range appConfig.ApiKeys { |
| 542 | if subtle.ConstantTimeCompare([]byte(key), []byte(validKey)) == 1 { |
| 543 | return true |
| 544 | } |
| 545 | } |
| 546 | return false |
| 547 | } |
| 548 | |
| 549 | // isExemptPath returns true if the path should skip authentication. |
| 550 | func isExemptPath(path string, appConfig *config.ApplicationConfig) bool { |