#### Исправление с помощью `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

Но в нашем коде мы используем `secrets.compare_digest()`.

Вкратце: сравнение `stanleyjobsox` с `stanleyjobson` займёт столько же времени, сколько и сравнение `johndoe` с `stanleyjobson`. То же относится и к паролю.

        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          command: pages deploy ./site --project-name=${{ env.PROJECT_NAME }} --branch=${{ env.BRANCH }}
      - name: Deploy Docs Status Error
        if: failure()
        run: uv run ./scripts/deploy_docs_status.py
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

以下是一個更完整的範例。

使用一個依賴來檢查使用者名稱與密碼是否正確。

為此，使用 Python 標準模組 [`secrets`](https://docs.python.org/3/library/secrets.html) 來比對使用者名稱與密碼。

`secrets.compare_digest()` 需要接收 `bytes`，或是只包含 ASCII 字元（英文字符）的 `str`。這表示它無法處理像 `á` 這樣的字元，例如 `Sebastián`。

為了處理這點，我們會先將 `username` 與 `password` 以 UTF-8 編碼成 `bytes`。

接著我們可以使用 `secrets.compare_digest()` 來確認 `credentials.username` 等於 `"stanleyjobson"`，而 `credentials.password` 等於 `"swordfish"`。

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

But in our code we are actually using `secrets.compare_digest()`.

In short, it will take the same time to compare `stanleyjobsox` to `stanleyjobson` than it takes to compare `johndoe` to `stanleyjobson`. And the same for the password.

            if (!lowerData.contains("password") && !lowerData.contains("secret") && !lowerData.contains("token")
                    && !lowerData.contains("key") && !lowerData.contains("credential") && !lowerData.contains("auth")) {
                return data; // No sensitive patterns detected, skip regex
            }
        }

        // Mask passwords and secrets using cached pattern

	// There is no max length enforcement for access keys
	accessKeyMaxLen = 20

	// Minimum length for MinIO secret key for both server
	secretKeyMinLen = 8

	// Maximum secret key length for MinIO, this
	// is used when autogenerating new credentials.
	// There is no max length enforcement for secret keys
	secretKeyMaxLen = 40

	// Alpha numeric table used for generating access keys.

#### Виправте за допомогою `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

Але в нашому коді ми насправді використовуємо `secrets.compare_digest()`.

Коротко, він витрачає однаковий час на порівняння `stanleyjobsox` зі `stanleyjobson`, як і на порівняння `johndoe` зі `stanleyjobson`. І так само для пароля.

import secrets

from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import HTTPBasic, HTTPBasicCredentials

app = FastAPI()

security = HTTPBasic()


def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
    current_username_bytes = credentials.username.encode("utf8")
    correct_username_bytes = b"stanleyjobson"
    is_correct_username = secrets.compare_digest(

        current_username_bytes, correct_username_bytes
    )
    current_password_bytes = credentials.password.encode("utf8")
    correct_password_bytes = b"swordfish"
    is_correct_password = secrets.compare_digest(
        current_password_bytes, correct_password_bytes
    )
    if not (is_correct_username and is_correct_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,

          SMOKESHOW_GITHUB_COVERAGE_THRESHOLD: 100
          SMOKESHOW_GITHUB_CONTEXT: coverage
          SMOKESHOW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SMOKESHOW_GITHUB_PR_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}