pub fn verify_api_key(
expected: Option<&NonEmptyString>,
provided: Option<&str>,
) -> boolExpand description
Uses constant-time verification to check API key correspondence.
If the API keys correspond, returns true,
otherwise false.
ยงCryptographic security
The function short-circuits if lengths of expected and provided are unequal.
While this allows an attacker to extract the key length,
it is order of magnitudes safer than using a simple string equality test,
which would allow the attacker to gradually know the exact key
over many requests.