Commit
Fix Bun usage gotchas: password verify, safeCompare, entrypoint guards
Commit details
Commit notes
Three correctness/robustness issues found while reviewing Bun API usage:
- auth/password.ts: Bun.password.verify() THROWS on malformed/legacy/corrupt hashes (UnsupportedAlgorithm/InvalidEncoding) rather than returning false. comparePassword now catches and returns false, so a bad stored hash surfaces as "invalid credentials" instead of a 500 and the constant-time login path stays uniform. Added a regression test.
- utils/crypto.ts: safeCompare hand-rolled an XOR loop and, on length mismatch, called Bun.hash() (a fast NON-cryptographic hash) and discarded the result — a no-op that did nothing for timing safety. Replaced with SHA-256 digests compared via node:crypto timingSafeEqual (native in Bun): genuinely constant-time regardless of input length.
- index.ts / worker.ts: the server and worker booted unconditionally at module load. Since index.ts also exports the `App` type for Eden inference, a runtime import would accidentally boot the server/DB/cron. Guarded both with `if (import.meta.main)` (true for `bun run` and compiled binaries, false on import) — the idiomatic Bun entrypoint pattern.
[private session redacted]
- Files changed
- 5
- Lines added
- +57
- Lines removed
- −36