git.stevedylan.dev

chore: added slow equal for auth ccheck 5a517c76

Steve · 2026-02-19 13:17 2 file(s) · +3 −1

Cargo.toml +1 −0

28	28		open = "5.3.3"
29	29		rust-embed = "8"
30	30		dotenvy = "0.15"
	31	+	subtle = "2"

src/server.rs +2 −1

use askama::Template;
use askama_web::WebTemplate;
use subtle::ConstantTimeEq;
use axum::{
    Form, Json, Router,
    extract::{Path, Request, State},

        .get("x-api-key")
        .and_then(|v| v.to_str().ok());
    match provided {
        Some(k) if k == server_key => Ok(next.run(request).await),
        Some(k) if k.as_bytes().ct_eq(server_key.as_bytes()).into() => Ok(next.run(request).await),
        _ => Err((
            StatusCode::UNAUTHORIZED,
            Json(serde_json::json!({"error": "Invalid or missing API key"})),

1	1		use askama::Template;
2	2		use askama_web::WebTemplate;
	3	+	use subtle::ConstantTimeEq;
3	4		use axum::{
4	5		Form, Json, Router,
5	6		extract::{Path, Request, State},

127	128		.get("x-api-key")
128	129		.and_then(\|v\| v.to_str().ok());
129	130		match provided {
130		-	Some(k) if k == server_key => Ok(next.run(request).await),
	131	+	Some(k) if k.as_bytes().ct_eq(server_key.as_bytes()).into() => Ok(next.run(request).await),
131	132		_ => Err((
132	133		StatusCode::UNAUTHORIZED,
133	134		Json(serde_json::json!({"error": "Invalid or missing API key"})),