UNPKG

@juspay/neurolink

Version:

Universal AI Development Platform with working MCP integration, multi-provider support, voice (TTS/STT/realtime), and professional CLI. 58+ external MCP servers discoverable, multimodal file processing, RAG pipelines. Build, test, and deploy AI applicatio

github.com/juspay/neurolink

juspay/neurolink

23 lines (22 loc) 941 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
import crypto from "crypto"; /** * Constant-time bearer-token comparison. * * Bug 2 mitigation: a normal `===` compare on bearer tokens leaks the token * length and the position of the first mismatching byte through timing * differences, which is reachable when the voice server is bound publicly * (`VOICE_SERVER_ALLOW_PUBLIC=1`). * * Returns `false` for any comparison whose lengths differ — this avoids the * `RangeError` that `crypto.timingSafeEqual` throws on mismatched buffers * while still preserving the constant-time property for equal-length inputs * (which is the only case an attacker can probe). */ export function timingSafeEqualString(provided, expected) { const providedBuf = Buffer.from(provided, "utf8"); const expectedBuf = Buffer.from(expected, "utf8"); if (providedBuf.length !== expectedBuf.length) { return false; } return crypto.timingSafeEqual(providedBuf, expectedBuf); }