Skip to content

feat: safe timing helper#5080

Open
Julien-R44 wants to merge 1 commit into7.xfrom
feat/safe-timing
Open

feat: safe timing helper#5080
Julien-R44 wants to merge 1 commit into7.xfrom
feat/safe-timing

Conversation

@Julien-R44
Copy link
Member

@Julien-R44 Julien-R44 commented Mar 20, 2026

Add safeTiming helper to prevent timing attacks by ensuring a callback always takes at least a minimum amount of time to execute.

import { safeTiming } from '@adonisjs/core/helpers'

return safeTiming(200, async () => {
  const user = await User.findBy('email', email)
  if (user) await sendResetEmail(user)
  return { message: 'If this email exists, you will receive a reset link.' }
})

supports returnEarly() to skip the delay when you want fast responses on success but constant time on failure

return safeTiming(200, async (timing) => {
  const token = await Token.findBy('value', request.header('x-api-key'))
  if (token) {
    timing.returnEarly()
    return token.owner
  }
  throw new UnauthorizedException()
})

inspired by laravel's timebox. Thought it was nice to have this in the core

@Julien-R44 Julien-R44 requested a review from thetutlage March 20, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thetutlage thetutlage Awaiting requested review from thetutlage

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Julien-R44