diff options
Diffstat (limited to 'app/controllers/health_check_controller.rb')
-rw-r--r-- | app/controllers/health_check_controller.rb | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/health_check_controller.rb b/app/controllers/health_check_controller.rb index b974489836f..037da7d2bce 100644 --- a/app/controllers/health_check_controller.rb +++ b/app/controllers/health_check_controller.rb @@ -1,13 +1,22 @@ class HealthCheckController < HealthCheck::HealthCheckController before_action :validate_health_check_access! - protected + private def validate_health_check_access! - return render_404 unless params[:token].presence && params[:token] == current_application_settings.health_check_access_token + render_404 unless token_valid? + end + + def token_valid? + token = params[:token].presence || request.headers['TOKEN'] + token.present? && + ActiveSupport::SecurityUtils.variable_size_secure_compare( + token, + current_application_settings.health_check_access_token + ) end def render_404 - render file: Rails.root.join("public", "404"), layout: false, status: "404" + render file: Rails.root.join('public', '404'), layout: false, status: '404' end end |