import { createHash, timingSafeEqual } from "node:crypto"; export function hashToken(token: string): Buffer { return createHash("sha256").update(token, "utf8").digest(); } export function safeTokenEqual(actual: string, expected: string): boolean { return timingSafeEqual(hashToken(actual), hashToken(expected)); } export function shortHash(token: string): string { return hashToken(token).toString("hex").slice(0, 12); } export function extractBearer(headerValue: string | undefined | null): string | null { if (!headerValue || typeof headerValue !== "string") return null; const m = /^Bearer\s+(.+)$/i.exec(headerValue.trim()); return m ? m[1] : null; }