Spaces:
Running
Running
Commit ·
e491b0b
1
Parent(s): a3f34a5
Use timing-safe comparison for admin token
Browse filesCo-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
app.py
CHANGED
|
@@ -5,9 +5,9 @@ Pre-loaded workspace, global daily question limit, themed to match appsimple.io.
|
|
| 5 |
|
| 6 |
from __future__ import annotations
|
| 7 |
|
|
|
|
| 8 |
import json
|
| 9 |
import os
|
| 10 |
-
|
| 11 |
import tempfile
|
| 12 |
import time
|
| 13 |
from collections.abc import Generator
|
|
@@ -513,7 +513,7 @@ def build_app() -> gr.Blocks:
|
|
| 513 |
def check_admin_reset(request: gr.Request):
|
| 514 |
token = request.query_params.get("admin", "")
|
| 515 |
reset = request.query_params.get("reset", "")
|
| 516 |
-
if ADMIN_TOKEN and token
|
| 517 |
_reset_counter()
|
| 518 |
print("Admin reset: daily counter cleared")
|
| 519 |
return ""
|
|
|
|
| 5 |
|
| 6 |
from __future__ import annotations
|
| 7 |
|
| 8 |
+
import hmac
|
| 9 |
import json
|
| 10 |
import os
|
|
|
|
| 11 |
import tempfile
|
| 12 |
import time
|
| 13 |
from collections.abc import Generator
|
|
|
|
| 513 |
def check_admin_reset(request: gr.Request):
|
| 514 |
token = request.query_params.get("admin", "")
|
| 515 |
reset = request.query_params.get("reset", "")
|
| 516 |
+
if ADMIN_TOKEN and hmac.compare_digest(token, ADMIN_TOKEN) and reset:
|
| 517 |
_reset_counter()
|
| 518 |
print("Admin reset: daily counter cleared")
|
| 519 |
return ""
|