add checking cron secret as part of header

author: Pinapelz <yukais@pinapelz.com> 2023-11-06 19:38:36 -0800
committer: Pinapelz <yukais@pinapelz.com> 2023-11-06 19:38:36 -0800
commit: 97d776f67f094cc3ba9bfd8c27efca68d6392768 (patch)
tree: b19c347479b38e5fdee5a4dceb3cc02a9ceef5b0 /api
parent: ec7e04c5aa9dda26022c9d891a7f7e6856420692 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/api/app.py b/api/app.py
index be747e7..37fe900 100644
--- a/api/app.py
+++ b/api/app.py
@@ -212,7 +212,8 @@ def verify_answers():
 def clear_sessions():
     auth = request.headers.get("Authorization")
     stored_auth = os.environ.get("AUTHORIZATION")
-    if auth != stored_auth:
+    cron_secret = os.environ.get("CRON_SECRET")
+    if auth != stored_auth or auth != cron_secret:
         return jsonify({"error": "Unauthorized"}), 401
     server = create_database_connection()
     if server.check_health() is False:
author	Pinapelz <yukais@pinapelz.com>	2023-11-06 19:38:36 -0800
committer	Pinapelz <yukais@pinapelz.com>	2023-11-06 19:38:36 -0800
commit	97d776f67f094cc3ba9bfd8c27efca68d6392768 (patch)
tree	b19c347479b38e5fdee5a4dceb3cc02a9ceef5b0 /api
parent	ec7e04c5aa9dda26022c9d891a7f7e6856420692 (diff)