Sh4yy / cloudflare-email

This is a simple proxy server that can be used for sending free transactional emails through Cloudflare workers.

Repository from Github https://github.comSh4yy/cloudflare-email

Use constant time equality check for auth token

pethin opened this issue a year ago · comments

Peter Nguyen commented a year ago

Replace === with crypto.subtle.timingSafeEqual in https://github.com/Sh4yy/cloudflare-email/blob/main/src/middlewares/auth.ts#L16 to prevent timing attacks.

Example: https://developers.cloudflare.com/workers/examples/protect-against-timing-attacks/

Márk Zsibók (D3v) commented 8 months ago

Like this @pethin https://github.com/D3vl0per/cloudflare-email/blob/main/src/middlewares/auth.ts?

Kieran Klukas commented 8 months ago

Can you create a PR @D3vl0per?

Márk Zsibók (D3v) commented 8 months ago

Done #18 @kcoderhtml !

Kieran Klukas commented 8 months ago

thnks! hopefully @Sh4yy can merge both our PRs soon!