Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance password security with server-side hashing and constant-time comparisons

Browse Source
This commit is contained in:
shuaiplus
2026-03-01 20:22:48 +08:00
committed by Shuai
parent 66f995d981
commit 1a94f8dd44
7 changed files with 88 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/utils/recovery-code.ts
+8 -1
View File
@@ -24,5 +24,12 @@ export function createRecoveryCode(): string {
export function recoveryCodeEquals(input: string, storedCode: string | null | undefined): boolean {
if (!storedCode) return false;
return normalizeRecoveryCode(input) === normalizeRecoveryCode(storedCode);
const a = new TextEncoder().encode(normalizeRecoveryCode(input));
const b = new TextEncoder().encode(normalizeRecoveryCode(storedCode));
if (a.length !== b.length) return false;
let diff = 0;
for (let i = 0; i < a.length; i++) {
diff |= a[i] ^ b[i];
}
return diff === 0;
}