Added ip checks on cron mail route

server/routes/mail.coffee

@@ -29,8 +29,20 @@ getAllLadderScores = (next) ->
       for team in ['humans', 'ogres']
         'I ... am not doing this.'
 
+isRequestFromDesignatedCronHandler = (req, res) ->
+  if req.ip isnt config.mail.cronHandlerPublicIP and req.ip isnt config.mail.cronHandlerPrivateIP
+    console.log "UNAUTHORIZED ATTEMPT TO SEND TRANSACTIONAL LADDER EMAIL THROUGH CRON MAIL HANDLER"
+    res.send("You aren't authorized to perform that action. Only the specified Cron handler may perform that action.")
+    res.end()
+    return true
+  return false
+  
+    
 handleLadderUpdate = (req, res) ->
   log.info("Going to see about sending ladder update emails.")
+  requestIsFromDesignatedCronHandler = isRequestFromDesignatedCronHandler req, res
+  unless requestIsFromDesignatedCronHandler then return
+    
   res.send('Great work, Captain Cron! I can take it from here.')
   res.end()
   # TODO: somehow fetch the histograms

server_config.coffee

@@ -26,6 +26,8 @@ config.mail =
   mailchimpAPIKey: process.env.COCO_MAILCHIMP_API_KEY or ""
   mailchimpWebhook: process.env.COCO_MAILCHIMP_WEBHOOK or "/mail/webhook"
   sendwithusAPIKey: process.env.COCO_SENDWITHUS_API_KEY or ""
+  cronHandlerPublicIP: process.env.COCO_CRON_PUBLIC_IP or ""
+  cronHandlerPrivateIP: process.env.COCO_CRON_PRIVATE_IP or ""
   
 config.queue =
   accessKeyId: process.env.COCO_AWS_ACCESS_KEY_ID or ""