reenable client security (OOPS)

2020-01-29 13:45:31 -06:00 · 2020-01-29 13:45:31 -06:00 · 2732c3a149
commit 2732c3a149
parent d65d9c79c0
1 changed files with 7 additions and 7 deletions
--- a/src/httpapi/security/client.py
+++ b/src/httpapi/security/client.py
@ -51,13 +51,13 @@ class ClientAPISecurity:
                return
            if request.path.startswith('/site/'): return

-            # try:
-            #     if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
-            #         if not hmac.compare_digest(request.form['token'], client_api.clientToken):
-            #             abort(403)
-            # except KeyError:
-            #     if not hmac.compare_digest(request.form['token'], client_api.clientToken):
-            #         abort(403)
+            try:
+                if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
+                    if not hmac.compare_digest(request.form['token'], client_api.clientToken):
+                        abort(403)
+            except KeyError:
+                if not hmac.compare_digest(request.form['token'], client_api.clientToken):
+                    abort(403)

        @client_api_security_bp.after_app_request
        def after_req(resp):