From bf9658533f5d2b92e5568d763ba340c108cbb74a Mon Sep 17 00:00:00 2001 From: Star Rauchenberger Date: Sat, 7 Dec 2024 12:43:26 -0500 Subject: Imported uploader credentials from thoughts --- app/controllers/uploader_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/uploader_controller.rb b/app/controllers/uploader_controller.rb index 72d4c2e..f092b29 100644 --- a/app/controllers/uploader_controller.rb +++ b/app/controllers/uploader_controller.rb @@ -14,8 +14,13 @@ class UploaderController < ApplicationController login = request.headers["X-User-Login"].presence token = request.headers["X-User-Token"].presence - # TODO: Replace this. - unless authenticate_pokeviewer(login, token) + unless login == Rails.application.credentials.uploader_username + head :unauthorized + end + + unless ActiveSupport::SecurityUtils.secure_compare( + ::Digest::SHA256.hexdigest(Rails.application.credentials.uploader_token), + ::Digest::SHA256.hexdigest(token)) head :unauthorized end end -- cgit 1.4.1