fix missing check for bearer in cron auth

author: Pinapelz <yukais@pinapelz.com> 2025-09-08 16:32:19 -0700
committer: Pinapelz <yukais@pinapelz.com> 2025-09-08 16:32:19 -0700
commit: a3364560b0d29ab051c61cf0ad4112afefb2e648 (patch)
tree: 5c0380618ba9856d953065a277323f9befe56c7c /api
parent: f155194356a8231b0c190d7276f203aca49ff028 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/api/app.py b/api/app.py
index 3bb8f95..34fd465 100644
--- a/api/app.py
+++ b/api/app.py
@@ -108,10 +108,13 @@ def verify_answers():
 
 @app.route("/api/clear_sessions")
 def clear_sessions():
-    auth = request.headers.get("Authorization")
+    auth_header = request.headers.get("Authorization")
     cron_secret = os.environ.get("CRON_SECRET")
-    print("Recieved Request to Clear Session: Checking if " + str(auth) + " matches " + str(cron_secret))
-    if auth.strip() != cron_secret.strip():
+    expected_auth = f"Bearer {cron_secret}"
+    print(f"Received Request to Clear Session: Checking if '{auth_header}' matches '{expected_auth}'")
+    if not cron_secret:
+        return jsonify({"error": "CRON_SECRET not configured"}), 500
+    if auth_header != expected_auth:
         return jsonify({"error": "Unauthorized"}), 401
     server = create_database_connection()
     if server.check_health() is False:
author	Pinapelz <yukais@pinapelz.com>	2025-09-08 16:32:19 -0700
committer	Pinapelz <yukais@pinapelz.com>	2025-09-08 16:32:19 -0700
commit	a3364560b0d29ab051c61cf0ad4112afefb2e648 (patch)
tree	5c0380618ba9856d953065a277323f9befe56c7c /api
parent	f155194356a8231b0c190d7276f203aca49ff028 (diff)