LOADING…
0%
Complete changelog

Commit

Fix Bun usage gotchas: password verify, safeCompare, entrypoint guards

Commit details

Commit notes

Three correctness/robustness issues found while reviewing Bun API usage:

- auth/password.ts: Bun.password.verify() THROWS on malformed/legacy/corrupt hashes (UnsupportedAlgorithm/InvalidEncoding) rather than returning false. comparePassword now catches and returns false, so a bad stored hash surfaces as "invalid credentials" instead of a 500 and the constant-time login path stays uniform. Added a regression test.

- utils/crypto.ts: safeCompare hand-rolled an XOR loop and, on length mismatch, called Bun.hash() (a fast NON-cryptographic hash) and discarded the result — a no-op that did nothing for timing safety. Replaced with SHA-256 digests compared via node:crypto timingSafeEqual (native in Bun): genuinely constant-time regardless of input length.

- index.ts / worker.ts: the server and worker booted unconditionally at module load. Since index.ts also exports the `App` type for Eden inference, a runtime import would accidentally boot the server/DB/cron. Guarded both with `if (import.meta.main)` (true for `bun run` and compiled binaries, false on import) — the idiomatic Bun entrypoint pattern.

[private session redacted]

Files changed
5
Lines added
+57
Lines removed
−36
This page is a permanent record of commit 51c19eca.