Imported uploader credentials from thoughts

author: Star Rauchenberger <fefferburbia@gmail.com> 2024-12-07 12:43:26 -0500
committer: Star Rauchenberger <fefferburbia@gmail.com> 2024-12-07 12:43:26 -0500
commit: bf9658533f5d2b92e5568d763ba340c108cbb74a (patch)
tree: afd1f8368483a7607b01bdf325c2ccaab51a82f1 /app/controllers
parent: 505934f510c0e4f5965054fdd3ffaccb63c7604c (diff)
download: pokeviewer-bf9658533f5d2b92e5568d763ba340c108cbb74a.tar.gz
pokeviewer-bf9658533f5d2b92e5568d763ba340c108cbb74a.tar.bz2
pokeviewer-bf9658533f5d2b92e5568d763ba340c108cbb74a.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/uploader_controller.rb b/app/controllers/uploader_controller.rb
index 72d4c2e..f092b29 100644
--- a/app/controllers/uploader_controller.rb
+++ b/app/controllers/uploader_controller.rb

@@ -14,8 +14,13 @@ class UploaderController < ApplicationController
      login = request.headers["X-User-Login"].presence
      token = request.headers["X-User-Token"].presence
-      # TODO: Replace this.
+      unless login == Rails.application.credentials.uploader_username
-      unless authenticate_pokeviewer(login, token)
+        head :unauthorized
+      end
+      unless ActiveSupport::SecurityUtils.secure_compare(
+        ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token),
+        ::Digest::SHA256.hexdigest(token))
        head :unauthorized
      end
    end
author	Star Rauchenberger <fefferburbia@gmail.com>	2024-12-07 12:43:26 -0500
committer	Star Rauchenberger <fefferburbia@gmail.com>	2024-12-07 12:43:26 -0500
commit	bf9658533f5d2b92e5568d763ba340c108cbb74a (patch)
tree	afd1f8368483a7607b01bdf325c2ccaab51a82f1 /app/controllers
parent	505934f510c0e4f5965054fdd3ffaccb63c7604c (diff)
download	pokeviewer-bf9658533f5d2b92e5568d763ba340c108cbb74a.tar.gz pokeviewer-bf9658533f5d2b92e5568d763ba340c108cbb74a.tar.bz2 pokeviewer-bf9658533f5d2b92e5568d763ba340c108cbb74a.zip