From 97d776f67f094cc3ba9bfd8c27efca68d6392768 Mon Sep 17 00:00:00 2001
From: Pinapelz <yukais@pinapelz.com>
Date: Mon, 6 Nov 2023 19:38:36 -0800
Subject: add checking cron secret as part of header

---
 api/app.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/app.py b/api/app.py
index be747e7..37fe900 100644
--- a/api/app.py
+++ b/api/app.py
@@ -212,7 +212,8 @@ def verify_answers():
 def clear_sessions():
     auth = request.headers.get("Authorization")
     stored_auth = os.environ.get("AUTHORIZATION")
-    if auth != stored_auth:
+    cron_secret = os.environ.get("CRON_SECRET")
+    if auth != stored_auth or auth != cron_secret:
         return jsonify({"error": "Unauthorized"}), 401
     server = create_database_connection()
     if server.check_health() is False:
-- 
cgit v1.2.3