Permalink
Browse files

Refactor and fix authentication

  • Loading branch information...
1 parent e02401e commit f8d316e212d315a13f7d09149f1fd05624a20399 @byroot byroot committed Dec 8, 2015
Showing with 7 additions and 4 deletions.
  1. +7 −4 lib/dashing/app.rb
View
@@ -23,6 +23,11 @@ def production?
def protected!
# override with auth logic
end
+
+ def authenticated?(token)
+ return true unless settings.auth_token
+ token && Rack::Utils.secure_compare(settings.auth_token, token)
+ end
end
set :root, Dir.pwd
@@ -89,8 +94,7 @@ def protected!
request.body.rewind
body = JSON.parse(request.body.read)
body['dashboard'] ||= params['id']
- auth_token = body.delete("auth_token")
- if !settings.auth_token || settings.auth_token == auth_token
+ if authenticated?(body.delete("auth_token"))
send_event(params['id'], body, 'dashboards')
204 # response without entity body
else
@@ -102,8 +106,7 @@ def protected!
post '/widgets/:id' do
request.body.rewind
body = JSON.parse(request.body.read)
- auth_token = body.delete("auth_token")
- if !settings.auth_token || settings.auth_token == auth_token
+ if authenticated?(body.delete("auth_token"))
send_event(params['id'], body)
204 # response without entity body
else

0 comments on commit f8d316e

Please sign in to comment.