GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix timing attack

pull/1113/head
bestgopher 2021-01-15 15:59:13 +08:00
parent 93022ee817
commit 07563a1845
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
middleware/basicauth/config.go
View File

@ -1,7 +1,9 @@
package basicauth
import (
"crypto/subtle"
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/utils"
)
// Config defines the config for middleware.
@ -82,11 +84,11 @@ func configDefault(config ...Config) Config {
}
if cfg.Authorizer == nil {
cfg.Authorizer = func(user, pass string) bool {
user, exist := cfg.Users[user]
userPwd, exist := cfg.Users[user]
if !exist {
return false
}
return user == pass
return subtle.ConstantTimeCompare(utils.UnsafeBytes(userPwd), utils.UnsafeBytes(pass)) == 1
}
}
if cfg.Unauthorized == nil {