From 1209a3908639214c45be3b1dd538987d6835afad Mon Sep 17 00:00:00 2001
From: Rob Kooper <kooper@illinois.edu>
Date: Wed, 1 May 2024 10:28:13 -0500
Subject: [PATCH] allow for own upload

---
 cdrhook/server.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cdrhook/server.py b/cdrhook/server.py
index 95a3daa..204c3fa 100644
--- a/cdrhook/server.py
+++ b/cdrhook/server.py
@@ -169,8 +169,10 @@ def hook():
     Our main entry point for CDR calls
     """
     # check the signature
-    #if request.headers.get("x-cdr-signature-256"):
-    validate_request(request.data, request.headers.get("x-cdr-signature-256"), config["callback_secret"])
+    if request.headers.get("x-cdr-signature-256"):
+       validate_request(request.data, request.headers.get("x-cdr-signature-256"), config["callback_secret"])
+    elif not request.headers.get("x-cdr-signature-256") == config["callback_secret"]:
+        abort(403, "Request signatures didn't match!")
 
     send_message(request.get_json(), f'{config["prefix"]}cdrhook')
     return {"ok": "success"}