CD
Cloudflare Developers4mo ago
q_p

TypeScript node:crypto timingSafeEqual function not found

I'm trying to implement Twitch EventSub webhook handler in my Worker based on Twitch example code https://dev.twitch.tv/docs/eventsub/handling-webhook-events/#simple-nodejs-example It uses crypto library functions createHmac and timingSafeEqual Reading cloudflare docs I understood that I need to use node:crypto and the docs says that both createHmac and timingSafeEqual are supported in https://developers.cloudflare.com/workers/runtime-apis/nodejs/crypto/ So I created a new worker project as described here https://developers.cloudflare.com/workers/get-started/guide/#1-create-a-new-worker-project by running npm create cloudflare@latest and selecting "Hello World" Worker as template and Yes for TypeScript support I then modified src/index.ts (didn't change anything else) for testing purposes with this: 
import { createHmac, timingSafeEqual } from 'node:crypto';
import { Buffer } from 'node:buffer';

// Prepend this string to the HMAC that's created from the message
const HMAC_PREFIX = 'sha256=';

// Verify whether our hash matches the hash that Twitch passed in the header.
function verifyMessage(hmac, verifySignature) {
    return timingSafeEqual(Buffer.from(hmac), Buffer.from(verifySignature));
}

export default {
    async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
        const hmac = HMAC_PREFIX + createHmac('sha256', 'MySecret')
            .update('MyMessage')
            .digest('hex');

        if (verifyMessage(hmac, hmac)) {
            console.log('timingSafeEqual true');
        } else {
            console.log('timingSafeEqual false');
        }

        return new Response('');
    }
};
import { createHmac, timingSafeEqual } from 'node:crypto';
import { Buffer } from 'node:buffer';

// Prepend this string to the HMAC that's created from the message
const HMAC_PREFIX = 'sha256=';

// Verify whether our hash matches the hash that Twitch passed in the header.
function verifyMessage(hmac, verifySignature) {
    return timingSafeEqual(Buffer.from(hmac), Buffer.from(verifySignature));
}

export default {
    async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
        const hmac = HMAC_PREFIX + createHmac('sha256', 'MySecret')
            .update('MyMessage')
            .digest('hex');

        if (verifyMessage(hmac, hmac)) {
            console.log('timingSafeEqual true');
        } else {
            console.log('timingSafeEqual false');
        }

        return new Response('');
    }
};
Then I ran npm run start and opened the local worker page, but in console I see this: [wrangler:err] TypeError: timingSafeEqual is not a function Why? The documenation says that timingSafeEqual is supported. Am I missing something?
5 Replies
Hello, I’m Allie!
Hello, I’m Allie!4mo ago
Did you do this part?
To use Node.js APIs in your Worker, add the nodejs_compat compatibility flag to your wrangler.toml file.
q_p
q_p4mo ago
I didn't change anything besides the src/index.ts after running npm create cloudflare@latest with hello world and typescript options selected Looking at my wrangler.toml it's already set to: 
compatibility_date = "2024-05-12"
compatibility_flags = ["nodejs_compat"]
compatibility_date = "2024-05-12"
compatibility_flags = ["nodejs_compat"]
So it should be working? The createHmac is working, but timingSafeEqual is throwing error Anyone? Pls? Is the documentation wrong and timingSafeEqual isn't actually supported? Hello, pls halp 😦 should I create a bug report on github instead?
Hello, I’m Allie!
Hello, I’m Allie!4mo ago
Sorry about that. Found it, going to make an issue now...
Hello, I’m Allie!
Hello, I’m Allie!4mo ago
https://github.com/cloudflare/workerd/issues/2172
GitHub
🐛 [bug] crypto.timingSafeEqual === undefined · Issue #2172 · cl...
Versions wrangler@3.57.1 miniflare@3.20240512.0 workerd@1.20240512.0 Issue According to Misc | Node Crypto, the timingSafeEqual function should be supported by nodejs_compat. However, when logging ...
q_p
q_p4mo ago
Thank you
Want results from more Discord servers?
Add your server