Skip to content

Commit

Permalink
feat: add timing safe equal comparison
Browse files Browse the repository at this point in the history
* chore: add tsscmp@1.0.6 as dependency
* feat: add timing safe equal comparison

Co-authored-by: Blake Embrey <hello@blakeembrey.com>
  • Loading branch information
UlisesGascon and blakeembrey committed Sep 30, 2024
1 parent d3b6a63 commit bac1e6a
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
5 changes: 4 additions & 1 deletion index.js
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
var timingSafeCompare = require('tsscmp');
var http = require('http');

/*!
Expand Down Expand Up @@ -53,7 +54,9 @@ module.exports = function basicAuth(callback, realm) {
if ('string' != typeof password) throw new Error('password argument required');
realm = arguments[2];
callback = function(user, pass){
return user == username && pass == password;
const usernameValid = timingSafeCompare(user, username);
const passwordValid = timingSafeCompare(pass, password);
return usernameValid && passwordValid;
}
}

Expand Down
7 changes: 5 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,15 @@
"url": "https://github.com/expressjs/basic-auth-connect/issues"
},
"devDependencies": {
"connect": "*",
"mocha": "*",
"should": "*",
"supertest": "*",
"connect": "*"
"supertest": "*"
},
"scripts": {
"test": "make test"
},
"dependencies": {
"tsscmp": "^1.0.6"
}
}

0 comments on commit bac1e6a

Please sign in to comment.