diff --git a/app/Http/Controllers/AccountApiController.php b/app/Http/Controllers/AccountApiController.php index 1920978c0e77..f81e50510928 100644 --- a/app/Http/Controllers/AccountApiController.php +++ b/app/Http/Controllers/AccountApiController.php @@ -27,11 +27,14 @@ class AccountApiController extends BaseAPIController $this->accountRepo = $accountRepo; } - public function ping() + public function ping(Request $request) { $headers = Utils::getApiHeaders(); - return Response::make(RESULT_SUCCESS, 200, $headers); + if(hash_equals(env(API_SECRET),$request->api_secret)) + return Response::make(RESULT_SUCCESS, 200, $headers); + else + return $this->errorResponse(['message'=>'API Secret does not match .env variable'], 400); } public function register(RegisterRequest $request) diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php index 6e7e73223d20..2db5aefc3c77 100644 --- a/app/Http/Middleware/ApiCheck.php +++ b/app/Http/Middleware/ApiCheck.php @@ -38,7 +38,7 @@ class ApiCheck { // check API secret if ( ! $hasApiSecret) { sleep(ERROR_DELAY); - return Response::json('Invalid value for API_SECRET', 403, $headers); + return Response::json(['message'=>'Invalid value for API_SECRET'], 403, $headers); } } else { // check for a valid token @@ -50,7 +50,7 @@ class ApiCheck { Session::set('token_id', $token->id); } else { sleep(ERROR_DELAY); - return Response::json('Invalid token', 403, $headers); + return Response::json(['message'=>'Invalid token'], 403, $headers); } } @@ -59,7 +59,7 @@ class ApiCheck { } if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) { - return Response::json('API requires pro plan', 403, $headers); + return Response::json(['message'=>'API requires pro plan'], 403, $headers); } else { $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();