pub fn verify_token(expected: &str, provided: &str) -> boolExpand description
Constant-time comparison of two token strings.
Returns false if either side is empty or lengths differ;
otherwise a byte-level XOR accumulator avoids the short-circuit
behaviour of ==. Guards against timing side-channels even
though the tokens themselves aren’t secret enough for it to
matter much in practice — the cost is one extra loop and the
code clarity is worth it.