import * as crypto from 'crypto';

/** Timing-safe string comparison to prevent timing attacks on HMAC verification */
export function timingSafeEqual(a: string, b: string): boolean {
    const bufA = Buffer.from(a);
    const bufB = Buffer.from(b);
    if (bufA.length !== bufB.length) {
        // Run comparison anyway to normalize timing, then return false
        crypto.timingSafeEqual(bufA, bufA);
        return false;
    }
    return crypto.timingSafeEqual(bufA, bufB);
}