Support token header for health check token, and general cleanup of the health_check feature.

author: DJ Mountney <david@twkie.net> 2016-05-12 03:27:08 +0300
committer: DJ Mountney <david@twkie.net> 2016-05-12 03:27:08 +0300
commit: c8f23bd2edc19f968446b149120df1f7798eb4b1 (patch)
tree: 1b922eff4ebae5350ce4d44417877ef05993bfa1 /app/controllers/health_check_controller.rb
parent: 0e0caf4d17c28b6b0f3488b25efa265ce2804cc4 (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/app/controllers/health_check_controller.rb b/app/controllers/health_check_controller.rb
index b974489836f..037da7d2bce 100644
--- a/app/controllers/health_check_controller.rb
+++ b/app/controllers/health_check_controller.rb
@@ -1,13 +1,22 @@
 class HealthCheckController < HealthCheck::HealthCheckController
   before_action :validate_health_check_access!
 
-  protected
+  private
 
   def validate_health_check_access!
-    return render_404 unless params[:token].presence && params[:token] == current_application_settings.health_check_access_token
+    render_404 unless token_valid?
+  end
+
+  def token_valid?
+    token = params[:token].presence || request.headers['TOKEN']
+    token.present? &&
+      ActiveSupport::SecurityUtils.variable_size_secure_compare(
+        token,
+        current_application_settings.health_check_access_token
+      )
   end
 
   def render_404
-    render file: Rails.root.join("public", "404"), layout: false, status: "404"
+    render file: Rails.root.join('public', '404'), layout: false, status: '404'
   end
 end
author	DJ Mountney <david@twkie.net>	2016-05-12 03:27:08 +0300
committer	DJ Mountney <david@twkie.net>	2016-05-12 03:27:08 +0300
commit	c8f23bd2edc19f968446b149120df1f7798eb4b1 (patch)
tree	1b922eff4ebae5350ce4d44417877ef05993bfa1 /app/controllers/health_check_controller.rb
parent	0e0caf4d17c28b6b0f3488b25efa265ce2804cc4 (diff)