Add system endpoint to fetch network information

This is part of an effort to set up an admin monitoring platform.

lib/sys/monitor.js

@@ -0,0 +1,18 @@
+const secretIsValid = require('./secret-is-valid');
+const serverSecrets = require('../server-secrets');
+
+function setRoutes(server) {
+  server.get('/sys/network', (req, res) => {
+    if (!secretIsValid(req.password)) {
+      // An unknown entity tries to connect. Let the connection linger for a minute.
+      return setTimeout(function() {
+        res.end(JSON.stringify({errors: [{code: 'invalid_secrets'}]}));
+      }, 10000);
+    }
+    res.end(JSON.stringify({ips: serverSecrets.shieldsIps}));
+  });
+}
+
+module.exports = {
+  setRoutes,
+};

lib/sys/secret-is-valid.js

@@ -0,0 +1,16 @@
+const serverSecrets = require('../server-secrets');
+
+function secretIsValid(secret = '') {
+  return constEq(secret, serverSecrets.shieldsSecret);
+}
+
+function constEq(a, b) {
+  if (a.length !== b.length) { return false; }
+  let zero = 0;
+  for (let i = 0; i < a.length; i++) {
+    zero |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return (zero === 0);
+}
+
+module.exports = secretIsValid;

server.js

@@ -11,6 +11,7 @@ const xml2js = require('xml2js');
 const analytics = require('./lib/analytics');
 const config = require('./lib/server-config');
 const githubAuth = require('./lib/github-auth');
+const sysMonitor = require('./lib/sys/monitor');
 const log = require('./lib/log');
 const makeBadge = require('./lib/make-badge');
 const serverSecrets = require('./lib/server-secrets');
@@ -141,6 +142,9 @@ githubAuth.scheduleAutosaving();
 if (serverSecrets && serverSecrets.gh_client_id) {
   githubAuth.setRoutes(camp);
 }
+if (serverSecrets && serverSecrets.shieldsSecret) {
+  sysMonitor.setRoutes(camp);
+}
 
 let githubDebugInterval;
 if (config.services.github.debug.enabled) {