From 83179f21ab4cb620348c506ec6d2cab9d35690fd Mon Sep 17 00:00:00 2001
From: Bluenix <bluenixdev@gmail.com>
Date: Wed, 19 Oct 2022 23:13:44 +0200
Subject: [PATCH] Fix not comparing admin token to passed token

---
 litecord/auth.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/litecord/auth.py b/litecord/auth.py
index 3c3c0ae..7f4a76b 100644
--- a/litecord/auth.py
+++ b/litecord/auth.py
@@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import base64
 import binascii
+from hmac import compare_digest
 
 import bcrypt
 from itsdangerous import TimestampSigner, BadSignature
@@ -47,7 +48,9 @@ async def raw_token_check(token: str, db=None) -> int:
     Forbidden
         If token validation fails.
     """
-    if app.config["ADMIN_TOKEN"] is not None:
+    if app.config["ADMIN_TOKEN"] is not None and compare_digest(
+        token, app.config["ADMIN_TOKEN"]
+    ):
         return app.config["ADMIN_ID"]
 
     db = db or app.db