diff --git a/lib/sys/monitor.js b/lib/sys/monitor.js new file mode 100644 index 0000000000..dda1d8e7a4 --- /dev/null +++ b/lib/sys/monitor.js @@ -0,0 +1,18 @@ +const secretIsValid = require('./secret-is-valid'); +const serverSecrets = require('../server-secrets'); + +function setRoutes(server) { + server.get('/sys/network', (req, res) => { + if (!secretIsValid(req.password)) { + // An unknown entity tries to connect. Let the connection linger for a minute. + return setTimeout(function() { + res.end(JSON.stringify({errors: [{code: 'invalid_secrets'}]})); + }, 10000); + } + res.end(JSON.stringify({ips: serverSecrets.shieldsIps})); + }); +} + +module.exports = { + setRoutes, +}; diff --git a/lib/sys/secret-is-valid.js b/lib/sys/secret-is-valid.js new file mode 100644 index 0000000000..c13c4600da --- /dev/null +++ b/lib/sys/secret-is-valid.js @@ -0,0 +1,16 @@ +const serverSecrets = require('../server-secrets'); + +function secretIsValid(secret = '') { + return constEq(secret, serverSecrets.shieldsSecret); +} + +function constEq(a, b) { + if (a.length !== b.length) { return false; } + let zero = 0; + for (let i = 0; i < a.length; i++) { + zero |= a.charCodeAt(i) ^ b.charCodeAt(i); + } + return (zero === 0); +} + +module.exports = secretIsValid; diff --git a/server.js b/server.js index e6cf39306c..d472c4741f 100644 --- a/server.js +++ b/server.js @@ -11,6 +11,7 @@ const xml2js = require('xml2js'); const analytics = require('./lib/analytics'); const config = require('./lib/server-config'); const githubAuth = require('./lib/github-auth'); +const sysMonitor = require('./lib/sys/monitor'); const log = require('./lib/log'); const makeBadge = require('./lib/make-badge'); const serverSecrets = require('./lib/server-secrets'); @@ -141,6 +142,9 @@ githubAuth.scheduleAutosaving(); if (serverSecrets && serverSecrets.gh_client_id) { githubAuth.setRoutes(camp); } +if (serverSecrets && serverSecrets.shieldsSecret) { + sysMonitor.setRoutes(camp); +} let githubDebugInterval; if (config.services.github.debug.enabled) {