From a3364560b0d29ab051c61cf0ad4112afefb2e648 Mon Sep 17 00:00:00 2001
From: Pinapelz <yukais@pinapelz.com>
Date: Mon, 8 Sep 2025 16:32:19 -0700
Subject: fix missing check for bearer in cron auth

---
 api/app.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'api/app.py')

diff --git a/api/app.py b/api/app.py
index 3bb8f95..34fd465 100644
--- a/api/app.py
+++ b/api/app.py
@@ -108,10 +108,13 @@ def verify_answers():
 
 @app.route("/api/clear_sessions")
 def clear_sessions():
-    auth = request.headers.get("Authorization")
+    auth_header = request.headers.get("Authorization")
     cron_secret = os.environ.get("CRON_SECRET")
-    print("Recieved Request to Clear Session: Checking if " + str(auth) + " matches " + str(cron_secret))
-    if auth.strip() != cron_secret.strip():
+    expected_auth = f"Bearer {cron_secret}"
+    print(f"Received Request to Clear Session: Checking if '{auth_header}' matches '{expected_auth}'")
+    if not cron_secret:
+        return jsonify({"error": "CRON_SECRET not configured"}), 500
+    if auth_header != expected_auth:
         return jsonify({"error": "Unauthorized"}), 401
     server = create_database_connection()
     if server.check_health() is False:
-- 
cgit v1.2.3