9b3db0774b
Now that these s0.server.shields.io entries are set up through the main DNS on Cloudflare, we don't need the shields-server.com domain anymore. One less thing to maintain.
32 lines
981 B
JavaScript
32 lines
981 B
JavaScript
'use strict'
|
|
|
|
const secretIsValid = require('../../../core/server/secret-is-valid')
|
|
|
|
function setRoutes(apiProvider, server) {
|
|
// Allow the admin to obtain the tokens for operational and debugging
|
|
// purposes. This could be used to:
|
|
//
|
|
// - Ensure tokens have been propagated to all servers
|
|
// - Debug GitHub badge failures
|
|
//
|
|
// The admin can authenticate with HTTP Basic Auth, with an empty/any
|
|
// username and the shields secret in the password and an empty/any
|
|
// password.
|
|
//
|
|
// e.g.
|
|
// curl --insecure -u ':very-very-secret' 'https://s0.servers.shields.io/$github-auth/tokens'
|
|
server.ajax.on('github-auth/tokens', (json, end, ask) => {
|
|
if (!secretIsValid(ask.password)) {
|
|
// An unknown entity tries to connect. Let the connection linger for a minute.
|
|
return setTimeout(() => {
|
|
end('Invalid secret.')
|
|
}, 10000)
|
|
}
|
|
end(apiProvider.serializeDebugInfo({ sanitize: false }))
|
|
})
|
|
}
|
|
|
|
module.exports = {
|
|
setRoutes,
|
|
}
|