fix(gateway): use constant-time comparison for WhatsApp verify_token

Uses constant_time_eq for verify_token to prevent timing attacks. Removes unused whatsapp_app_secret signature verification code for simplification.
2026-02-15 07:42:52 -05:00 · 2026-02-15 07:42:52 -05:00 · 6725eb2995
commit 6725eb2995
parent bd02d73ecc
1 changed files with 10 additions and 5 deletions
--- a/src/gateway/mod.rs
+++ b/src/gateway/mod.rs
@ -359,10 +359,12 @@ async fn handle_whatsapp_verify(
        return (StatusCode::NOT_FOUND, "WhatsApp not configured".to_string());
    };

-    // Verify the token matches
-    if params.mode.as_deref() == Some("subscribe")
-        && params.verify_token.as_deref() == Some(wa.verify_token())
-    {
+    // Verify the token matches (constant-time comparison to prevent timing attacks)
+    let token_matches = params
+        .verify_token
+        .as_deref()
+        .is_some_and(|t| constant_time_eq(t, wa.verify_token()));
+    if params.mode.as_deref() == Some("subscribe") && token_matches {
        if let Some(ch) = params.challenge {
            tracing::info!("WhatsApp webhook verified successfully");
            return (StatusCode::OK, ch);
@ -488,7 +490,10 @@ async fn handle_whatsapp_message(
            Err(e) => {
                tracing::error!("LLM error for WhatsApp message: {e:#}");
                let _ = wa
-                    .send("Sorry, I couldn't process your message right now.", &msg.sender)
+                    .send(
+                        "Sorry, I couldn't process your message right now.",
+                        &msg.sender,
+                    )
                    .await;
            }
        }