From b7c783aa1522138ff2f5d5ae1dbb07dbe4962d1b Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Wed, 26 Oct 2016 10:24:16 +0300
Subject: [PATCH] Support sending API secret as header

---
 app/Http/Middleware/ApiCheck.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 5af66866f037..6e7e73223d20 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -30,7 +30,8 @@ class ApiCheck {
         $hasApiSecret = false;
 
         if ($secret = env(API_SECRET)) {
-            $hasApiSecret = hash_equals($request->api_secret ?: '', $secret);
+            $requestSecret = Request::header('X-Ninja-Secret') ?: ($request->api_secret ?: '');
+            $hasApiSecret = hash_equals($requestSecret, $secret);
         }
 
         if ($loggingIn) {