| import { createHash, timingSafeEqual } from "node:crypto"; | |
| export function safeEqualSecret( | |
| provided: string | undefined | null, | |
| expected: string | undefined | null, | |
| ): boolean { | |
| if (typeof provided !== "string" || typeof expected !== "string") { | |
| return false; | |
| } | |
| const hash = (s: string) => createHash("sha256").update(s).digest(); | |
| return timingSafeEqual(hash(provided), hash(expected)); | |
| } | |