From 2732c3a1494b3ec75776cd6fa0dd51792e32ee44 Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@firemail.cc>
Date: Wed, 29 Jan 2020 13:45:31 -0600
Subject: [PATCH] reenable client security (OOPS)

---
 src/httpapi/security/client.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/httpapi/security/client.py b/src/httpapi/security/client.py
index 86609d70..fbb6b288 100644
--- a/src/httpapi/security/client.py
+++ b/src/httpapi/security/client.py
@@ -51,13 +51,13 @@ class ClientAPISecurity:
                 return
             if request.path.startswith('/site/'): return
 
-            # try:
-            #     if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
-            #         if not hmac.compare_digest(request.form['token'], client_api.clientToken):
-            #             abort(403)
-            # except KeyError:
-            #     if not hmac.compare_digest(request.form['token'], client_api.clientToken):
-            #         abort(403)
+            try:
+                if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
+                    if not hmac.compare_digest(request.form['token'], client_api.clientToken):
+                        abort(403)
+            except KeyError:
+                if not hmac.compare_digest(request.form['token'], client_api.clientToken):
+                    abort(403)
 
         @client_api_security_bp.after_app_request
         def after_req(resp):