mirror of
https://github.com/codeninjasllc/codecombat.git
synced 2025-03-14 07:00:01 -04:00
Added ip checks on cron mail route
This commit is contained in:
parent
a6fb2a3994
commit
23f62e5598
2 changed files with 16 additions and 2 deletions
|
@ -16,7 +16,7 @@ sendwithus = require '../sendwithus'
|
|||
module.exports.setup = (app) ->
|
||||
app.all config.mail.mailchimpWebhook, handleMailchimpWebHook
|
||||
app.get '/mail/cron/ladder-update', handleLadderUpdate
|
||||
|
||||
|
||||
getAllLadderScores = (next) ->
|
||||
query = Level.find({type: 'ladder'})
|
||||
.select('levelID')
|
||||
|
@ -29,8 +29,20 @@ getAllLadderScores = (next) ->
|
|||
for team in ['humans', 'ogres']
|
||||
'I ... am not doing this.'
|
||||
|
||||
isRequestFromDesignatedCronHandler = (req, res) ->
|
||||
if req.ip isnt config.mail.cronHandlerPublicIP and req.ip isnt config.mail.cronHandlerPrivateIP
|
||||
console.log "UNAUTHORIZED ATTEMPT TO SEND TRANSACTIONAL LADDER EMAIL THROUGH CRON MAIL HANDLER"
|
||||
res.send("You aren't authorized to perform that action. Only the specified Cron handler may perform that action.")
|
||||
res.end()
|
||||
return true
|
||||
return false
|
||||
|
||||
|
||||
handleLadderUpdate = (req, res) ->
|
||||
log.info("Going to see about sending ladder update emails.")
|
||||
requestIsFromDesignatedCronHandler = isRequestFromDesignatedCronHandler req, res
|
||||
unless requestIsFromDesignatedCronHandler then return
|
||||
|
||||
res.send('Great work, Captain Cron! I can take it from here.')
|
||||
res.end()
|
||||
# TODO: somehow fetch the histograms
|
||||
|
|
|
@ -26,7 +26,9 @@ config.mail =
|
|||
mailchimpAPIKey: process.env.COCO_MAILCHIMP_API_KEY or ""
|
||||
mailchimpWebhook: process.env.COCO_MAILCHIMP_WEBHOOK or "/mail/webhook"
|
||||
sendwithusAPIKey: process.env.COCO_SENDWITHUS_API_KEY or ""
|
||||
|
||||
cronHandlerPublicIP: process.env.COCO_CRON_PUBLIC_IP or ""
|
||||
cronHandlerPrivateIP: process.env.COCO_CRON_PRIVATE_IP or ""
|
||||
|
||||
config.queue =
|
||||
accessKeyId: process.env.COCO_AWS_ACCESS_KEY_ID or ""
|
||||
secretAccessKey: process.env.COCO_AWS_SECRET_ACCESS_KEY or ""
|
||||
|
|
Loading…
Reference in a new issue