ez-api/internal/service/admin.go

package service

import (
	"crypto/subtle"
	"errors"
	"os"
)

type AdminService struct {
	adminToken string
}

func NewAdminService() (*AdminService, error) {
	token := os.Getenv("EZ_ADMIN_TOKEN")
	if token == "" {
		return nil, errors.New("EZ_ADMIN_TOKEN environment variable not set")
	}
	return &AdminService{adminToken: token}, nil
}

// ValidateToken performs a constant-time comparison to prevent timing attacks.
func (s *AdminService) ValidateToken(token string) bool {
	return subtle.ConstantTimeCompare([]byte(s.adminToken), []byte(token)) == 1
}