heimoshuiyu/postmoogle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

switch to password hashes

Browse Source
This commit is contained in:
Aine
2022-09-23 11:17:34 +03:00
parent ce53d85806
commit 4bf0f0dee3
5 changed files with 25 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
utils/utils.go
View File

@@ -1,7 +1,6 @@
package utils
import (
"crypto/subtle"
"strconv"
"strings"
)
@@ -34,24 +33,3 @@ func Bool(str string) bool {
func SanitizeBoolString(str string) string {
return strconv.FormatBool(Bool(str))
}
// Compare strings with constant time to prevent timing attacks
func Compare(actual, expected string) bool {
actualb := []byte(actual)
expectedb := []byte(expected)
if expected == "" {
// Just to keep constant time
_ = subtle.ConstantTimeCompare(expectedb, expectedb) == 1
return false
}
// actual comparison
if subtle.ConstantTimeEq(int32(len(actual)), int32(len(expected))) == 1 {
return subtle.ConstantTimeCompare(actualb, expectedb) == 1
}
// Just to keep constant time
_ = subtle.ConstantTimeCompare(expectedb, expectedb) == 1
return false
}