fixed critical security issues

This commit is contained in:
Mazyar
2026-05-25 13:23:49 +03:30
parent 51defd9438
commit da2d50bd70
4 changed files with 34 additions and 14 deletions
+2 -1
View File
@@ -1,6 +1,7 @@
package document_scraper
import (
"crypto/subtle"
"strings"
"tm/pkg/response"
@@ -25,7 +26,7 @@ func APIKeyMiddleware(apiKey string) echo.MiddlewareFunc {
return response.Unauthorized(c, "API key required. Use X-API-Key header or Authorization: ApiKey <key>")
}
if apiKeyHeader != apiKey {
if subtle.ConstantTimeCompare([]byte(apiKeyHeader), []byte(apiKey)) != 1 {
return response.Unauthorized(c, "Invalid API key")
}