diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/uploader_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
| diff --git a/app/controllers/uploader_controller.rb b/app/controllers/uploader_controller.rb index 72d4c2e..f092b29 100644 --- a/app/controllers/uploader_controller.rb +++ b/app/controllers/uploader_controller.rb | |||
| @@ -14,8 +14,13 @@ class UploaderController < ApplicationController | |||
| 14 | login = request.headers["X-User-Login"].presence | 14 | login = request.headers["X-User-Login"].presence |
| 15 | token = request.headers["X-User-Token"].presence | 15 | token = request.headers["X-User-Token"].presence |
| 16 | 16 | ||
| 17 | # TODO: Replace this. | 17 | unless login == Rails.application.credentials.uploader_username |
| 18 | unless authenticate_pokeviewer(login, token) | 18 | head :unauthorized |
| 19 | end | ||
| 20 | |||
| 21 | unless ActiveSupport::SecurityUtils.secure_compare( | ||
| 22 | ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token), | ||
| 23 | ::Digest::SHA256.hexdigest(token)) | ||
| 19 | head :unauthorized | 24 | head :unauthorized |
| 20 | end | 25 | end |
| 21 | end | 26 | end |