Added ip checks on cron mail route

This commit is contained in:
Michael Schmatz 2014-03-12 08:11:48 -07:00
parent a6fb2a3994
commit 23f62e5598
2 changed files with 16 additions and 2 deletions

View file

@ -16,7 +16,7 @@ sendwithus = require '../sendwithus'
module.exports.setup = (app) ->
app.all config.mail.mailchimpWebhook, handleMailchimpWebHook
app.get '/mail/cron/ladder-update', handleLadderUpdate
getAllLadderScores = (next) ->
query = Level.find({type: 'ladder'})
.select('levelID')
@ -29,8 +29,20 @@ getAllLadderScores = (next) ->
for team in ['humans', 'ogres']
'I ... am not doing this.'
isRequestFromDesignatedCronHandler = (req, res) ->
if req.ip isnt config.mail.cronHandlerPublicIP and req.ip isnt config.mail.cronHandlerPrivateIP
console.log "UNAUTHORIZED ATTEMPT TO SEND TRANSACTIONAL LADDER EMAIL THROUGH CRON MAIL HANDLER"
res.send("You aren't authorized to perform that action. Only the specified Cron handler may perform that action.")
res.end()
return true
return false
handleLadderUpdate = (req, res) ->
log.info("Going to see about sending ladder update emails.")
requestIsFromDesignatedCronHandler = isRequestFromDesignatedCronHandler req, res
unless requestIsFromDesignatedCronHandler then return
res.send('Great work, Captain Cron! I can take it from here.')
res.end()
# TODO: somehow fetch the histograms

View file

@ -26,7 +26,9 @@ config.mail =
mailchimpAPIKey: process.env.COCO_MAILCHIMP_API_KEY or ""
mailchimpWebhook: process.env.COCO_MAILCHIMP_WEBHOOK or "/mail/webhook"
sendwithusAPIKey: process.env.COCO_SENDWITHUS_API_KEY or ""
cronHandlerPublicIP: process.env.COCO_CRON_PUBLIC_IP or ""
cronHandlerPrivateIP: process.env.COCO_CRON_PRIVATE_IP or ""
config.queue =
accessKeyId: process.env.COCO_AWS_ACCESS_KEY_ID or ""
secretAccessKey: process.env.COCO_AWS_SECRET_ACCESS_KEY or ""