search

Sh4yy / cloudflare-email

This is a simple proxy server that can be used for sending free transactional emails through Cloudflare workers.
MIT License
1.45k stars 338 forks source link

Use constant time equality check for auth token #14

Open pethin opened 6 months ago

pethin commented 6 months ago

Replace === with crypto.subtle.timingSafeEqual in https://github.com/Sh4yy/cloudflare-email/blob/main/src/middlewares/auth.ts#L16 to prevent timing attacks.

Example: https://developers.cloudflare.com/workers/examples/protect-against-timing-attacks/

D3vl0per commented 4 months ago

Like this @pethin https://github.com/D3vl0per/cloudflare-email/blob/main/src/middlewares/auth.ts?

kcoderhtml commented 4 months ago

Can you create a PR @D3vl0per?

D3vl0per commented 4 months ago

Done #18 @kcoderhtml !

kcoderhtml commented 4 months ago

thnks! hopefully @Sh4yy can merge both our PRs soon!