Audit changes

2026-06-14 05:53:12 +02:00
parent 353ef07f92
commit cc21bee798
7 changed files with 10 additions and 13 deletions
--- a/hub/handler.go
+++ b/hub/handler.go
@@ -1,7 +1,6 @@
 package hub

 import (
-	"crypto/subtle"
 	"errors"
 	"log"
 	"net/http"
@@ -64,8 +63,9 @@ func (app *App) handlePeer(pattern string, fn peerHandlerFunc) {
 			return
 		}

+		// Not doing constant time compare because index lookup time dominates.
 		peer, err := app.api.Peer_GetByAPIKey(apiKey)
-		if err != nil || subtle.ConstantTimeCompare([]byte(peer.APIKey), []byte(apiKey)) != 1 {
+		if err != nil {
 			http.Error(w, "Not authorized", http.StatusUnauthorized)
 			return
 		}