Audit changes.

2026-06-13 18:07:21 +02:00
parent 8983c0d651
commit 68f01f9823
1 changed files with 2 additions and 1 deletions
--- a/hub/handler.go
+++ b/hub/handler.go
@@ -1,6 +1,7 @@
 package hub

 import (
+	"crypto/subtle"
 	"errors"
 	"log"
 	"net/http"
@@ -64,7 +65,7 @@ func (app *App) handlePeer(pattern string, fn peerHandlerFunc) {
 		}

 		peer, err := app.api.Peer_GetByAPIKey(apiKey)
-		if err != nil {
+		if err != nil || subtle.ConstantTimeCompare([]byte(peer.APIKey), []byte(apiKey)) != 1 {
 			http.Error(w, "Not authorized", http.StatusUnauthorized)
 			return
 		}