Commit
refactor(security): Use Bun native crypto functions
Commit details
Commit notes
- Replace node:crypto timingSafeEqual with XOR-based constant-time comparison - Use Bun.CryptoHasher for SHA-256 hashing (synchronous, faster) - Use Bun.hash() for timing normalization in length mismatch case - Remove async/await from hashToken and verifyTokenHash (now synchronous) - Update tests to reflect synchronous function signatures
Performance improvement: Bun's native crypto is significantly faster than Web Crypto API's async digest functions.
Co-authored-by: armin.naimi <[email redacted]>
- Files changed
- 3
- Lines added
- +63
- Lines removed
- −57