From bf9658533f5d2b92e5568d763ba340c108cbb74a Mon Sep 17 00:00:00 2001 From: Star Rauchenberger Date: Sat, 7 Dec 2024 12:43:26 -0500 Subject: Imported uploader credentials from thoughts --- app/controllers/uploader_controller.rb | 9 +++++++-- config/credentials.yml.enc | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/app/controllers/uploader_controller.rb b/app/controllers/uploader_controller.rb index 72d4c2e..f092b29 100644 --- a/app/controllers/uploader_controller.rb +++ b/app/controllers/uploader_controller.rb @@ -14,8 +14,13 @@ class UploaderController < ApplicationController login = request.headers["X-User-Login"].presence token = request.headers["X-User-Token"].presence - # TODO: Replace this. - unless authenticate_pokeviewer(login, token) + unless login == Rails.application.credentials.uploader_username + head :unauthorized + end + + unless ActiveSupport::SecurityUtils.secure_compare( + ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token), + ::Digest::SHA256.hexdigest(token)) head :unauthorized end end diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc index 892da90..978f5bf 100644 --- a/config/credentials.yml.enc +++ b/config/credentials.yml.enc @@ -1 +1 @@ -a80N/OS2zsSVSokXt4rDedH25GrVioPd1iPqhBeIORy2DmpN+dpn8rD4klvB8gBvoL6KCI5DH0hWdLQVyXDi14Zv/wL0K84bQGElmtKuF3jFOLfJDKW2YrqA+x1IniGpQtKtIBnHmuHa5K5tincoV6ob/LHqaMHta5vOPIWHjIFgDd/EOOJD/NRNwIc+oC6yR2nVJhzhyGDNZg7btI0/4QFrQR5IXg1LAluv8YcmE7FzcYhM2khEyvAe7tBwwOA1wf6z5SHXrcCy1VJLYg0Ph0lVt9zFXTpdXvEZt4AZsf1WP7uJ44MVRzus2nJWQ+m5BaxCIuYIEpTd0tanGbTcmpA7EjO33IMEr/fGde0Ztx1XHPcXyZo35rCKxqrqFtOrj0N0GzzIj68gIQkwVGWSvR64/xsn--wOLF0LajEZbe+4bt--tZvMCBw1brR32eeI3v9oHw== \ No newline at end of file +E7kTejJXW9KIN8TBmhXXBlgqWpftPLNIea0NYzGwsQ3ZO/DKM3HawiiNhci6gEUj5okG59VFWy8tDT5cKskSm9RQa3xa9rFmDZNO8Tm0iay5E4rC+j4u4ypu0BzPyc6z0jn+uQci8lF8B0waZmTX0S+hQbB3JeBhU3M8N/gYCdDsSTUElCKwB3DuUmI08uR0BKhUYHI/STzo17aJt2DGheRoXBy4ZUDJfudszJKi19vujGKfrpZDh+87bObdfdYQelBT4aP4bbIuvbd4IGl4+YPycJwc9ySRs9n/E5sPrvOqvMDlN0CPRTs8RyIpmBki9MIGryYb9OnN7eBiLClUa2XUWGTeUb/qmiIEPpZ1yhAFWuuHpDB9oIH7dr3kFb3IW9TLlL1K726KYz1hKnw0v/xLvXkjk9Dku7YlyF5lujFji1t/j5om1gBHlkAAhHYMuXsGnxMbTsL1Ss9aizpwzvgpY1Z3os5U5HgIaWRa2h/iVZ46J7K0h4H1--MLboXTxcS75HeJ7H--O5eVtUYXgh+x8lx89p/eWQ== \ No newline at end of file -- cgit 1.4.1