Add CI pipeline with fmt, clippy, and test checks (#23)

* Add CI pipeline with fmt, clippy, and test checks

Runs on push to main and PRs targeting main. Three parallel jobs:
- cargo fmt --check
- cargo clippy -D warnings
- cargo test

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Fix CI failures: remove flaky timing test and run cargo fmt

Remove test_vulnerable_comparison_shows_timing_discrepancy — it relies on
observable timing differences that are unreliable on CI shared runners.
The constant-time verification test remains. Also apply cargo fmt.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address Copilot review: add --locked flags, reword doc comment

- Add --locked to cargo clippy and cargo test in CI to catch Cargo.lock drift
- Reword timing test doc comment to be self-contained after removing the
  paired vulnerable comparison test

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: bowenwang1996

.github/workflows/ci.yml

@@ -0,0 +1,41 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  fmt:
+    name: Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+      - run: cargo fmt --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo clippy --locked --all-targets -- -D warnings
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo test --locked

src/auth.rs

@@ -48,11 +48,6 @@ mod tests {
     use std::hint::black_box;
     use std::time::Instant;
 
-    /// Vulnerable comparison that short-circuits on first mismatch (the old behavior).
-    fn token_eq_vulnerable(a: &str, b: &str) -> bool {
-        a == b
-    }
-
     /// Measure the median duration (in nanoseconds) of `iterations` calls to `compare_fn(a, b)`.
     fn median_nanos(
         a: &str,
@@ -82,43 +77,9 @@ mod tests {
         assert!(token_eq("", ""));
     }
 
-    /// Demonstrates the timing attack vulnerability with standard `==` comparison.
-    ///
-    /// With `==`, comparing a token that differs at byte 0 is faster than comparing
-    /// a token that differs only at the last byte, because `==` short-circuits.
-    /// We measure this as a timing ratio: late_mismatch / early_mismatch.
-    /// A ratio significantly > 1.0 indicates an observable timing discrepancy.
-    #[test]
-    fn test_vulnerable_comparison_shows_timing_discrepancy() {
-        // Use a long token to amplify the timing difference
-        let secret = "a]9$kL2#mP7!xR4&wQ8*nJ5^tY1+hF3@vB6%cD0".repeat(8); // 320 chars
-        let early_mismatch = format!("X{}", &secret[1..]); // differs at byte 0
-        let late_mismatch = format!("{}X", &secret[..secret.len() - 1]); // differs at last byte
-
-        let iterations = 50_000;
-
-        // Warm up
-        median_nanos(&secret, &early_mismatch, token_eq_vulnerable, 1_000);
-        median_nanos(&secret, &late_mismatch, token_eq_vulnerable, 1_000);
-
-        let t_early = median_nanos(&secret, &early_mismatch, token_eq_vulnerable, iterations);
-        let t_late = median_nanos(&secret, &late_mismatch, token_eq_vulnerable, iterations);
-
-        let ratio = t_late as f64 / t_early.max(1) as f64;
-        eprintln!("Vulnerable ==:  early={t_early}ns  late={t_late}ns  ratio={ratio:.2}");
-
-        // Standard == should show the late mismatch taking noticeably longer.
-        // On most systems the ratio is 2-10x+. We use a conservative threshold.
-        assert!(
-            ratio > 1.2,
-            "Expected vulnerable == to show timing discrepancy (ratio {ratio:.2} <= 1.2). \
-             This may fail on unusual hardware; the important thing is the next test passes."
-        );
-    }
-
-    /// Verifies that `token_eq` (constant-time) does NOT exhibit the same timing discrepancy.
-    ///
-    /// The ratio of late_mismatch / early_mismatch should be close to 1.0.
+    /// Verifies that `token_eq` (constant-time) takes the same time regardless of
+    /// where the mismatch occurs. The ratio of late_mismatch / early_mismatch
+    /// should be close to 1.0, indicating no timing leak.
     #[test]
     fn test_constant_time_comparison_no_timing_discrepancy() {
         let secret = "a]9$kL2#mP7!xR4&wQ8*nJ5^tY1+hF3@vB6%cD0".repeat(8);