about summary refs log tree commit diff stats
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/controllers/uploader_controller.rb9
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/uploader_controller.rb b/app/controllers/uploader_controller.rb index 72d4c2e..f092b29 100644 --- a/app/controllers/uploader_controller.rb +++ b/app/controllers/uploader_controller.rb
@@ -14,8 +14,13 @@ class UploaderController < ApplicationController
14 login = request.headers["X-User-Login"].presence 14 login = request.headers["X-User-Login"].presence
15 token = request.headers["X-User-Token"].presence 15 token = request.headers["X-User-Token"].presence
16 16
17 # TODO: Replace this. 17 unless login == Rails.application.credentials.uploader_username
18 unless authenticate_pokeviewer(login, token) 18 head :unauthorized
19 end
20
21 unless ActiveSupport::SecurityUtils.secure_compare(
22 ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token),
23 ::Digest::SHA256.hexdigest(token))
19 head :unauthorized 24 head :unauthorized
20 end 25 end
21 end 26 end