clarify auth types

Author: thornjad

lib/http-server.js

@@ -107,9 +107,8 @@ function HttpServer(options) {
       // an attacker knowledge of whether the username is correct via a timing
       // attack.
       if (credentials) {
-        // since the `name` and `pass` attributes of `credentials` are always string type
-        // https://github.com/DefinitelyTyped/DefinitelyTyped/blob/HEAD/types/basic-auth/index.d.ts#L15-L16
-        // so we use `.toString()` to fix https://github.com/http-party/http-server/issues/583
+        // if credentials is defined, name and pass are guaranteed to be string
+        // type
         var usernameEqual = secureCompare(options.username.toString(), credentials.name);
         var passwordEqual = secureCompare(options.password.toString(), credentials.pass);
         if (usernameEqual && passwordEqual) {