discourse/app/controllers/webhooks_controller.rb

118 lines
3.3 KiB
Ruby
Raw Normal View History

2016-05-30 23:11:17 +08:00
require "openssl"
class WebhooksController < ActionController::Base
def mailgun
# can't verify data without an API key
return mailgun_failure if SiteSetting.mailgun_api_key.blank?
# token is a random string of 50 characters
2016-06-09 06:33:13 +08:00
token = params["token"]
2016-05-30 23:11:17 +08:00
return mailgun_failure if token.blank? || token.size != 50
# prevent replay attack
key = "mailgun_token_#{token}"
return mailgun_failure unless $redis.setnx(key, 1)
$redis.expire(key, 10.minutes)
2016-05-30 23:11:17 +08:00
# ensure timestamp isn't too far from current time
2016-06-09 06:33:13 +08:00
timestamp = params["timestamp"]
return mailgun_failure if (Time.at(timestamp.to_i) - Time.now).abs > 24.hours.to_i
2016-05-30 23:11:17 +08:00
# check the signature
return mailgun_failure unless mailgun_verify(timestamp, token, params["signature"])
2016-06-09 06:33:13 +08:00
event = params["event"]
message_id = params["Message-Id"].tr("<>", "")
2016-05-30 23:11:17 +08:00
# only handle soft bounces, because hard bounces are also handled
# by the "dropped" event and we don't want to increase bounce score twice
# for the same message
if event == "bounced".freeze && params["error"]["4."]
process_bounce(message_id, SiteSetting.soft_bounce_score)
2016-05-30 23:11:17 +08:00
elsif event == "dropped".freeze
process_bounce(message_id, SiteSetting.hard_bounce_score)
2016-05-30 23:11:17 +08:00
end
mailgun_success
2016-05-30 23:11:17 +08:00
end
2016-06-02 03:48:06 +08:00
def sendgrid
2016-06-07 01:47:45 +08:00
events = params["_json"] || [params]
events.each do |event|
message_id = (event["smtp-id"] || "").tr("<>", "")
2016-06-02 03:48:06 +08:00
if event["event"] == "bounce".freeze
if event["status"]["4."]
process_bounce(message_id, SiteSetting.soft_bounce_score)
2016-06-02 03:48:06 +08:00
else
process_bounce(message_id, SiteSetting.hard_bounce_score)
2016-06-02 03:48:06 +08:00
end
elsif event["event"] == "dropped".freeze
process_bounce(message_id, SiteSetting.hard_bounce_score)
2016-06-02 03:48:06 +08:00
end
end
render nothing: true, status: 200
end
2016-06-07 01:47:45 +08:00
def mailjet
events = params["_json"] || [params]
events.each do |event|
message_id = event["CustomID"]
2016-06-07 01:47:45 +08:00
if event["event"] == "bounce".freeze
if event["hard_bounce"]
process_bounce(message_id, SiteSetting.hard_bounce_score)
2016-06-07 01:47:45 +08:00
else
process_bounce(message_id, SiteSetting.soft_bounce_score)
2016-06-07 01:47:45 +08:00
end
end
end
render nothing: true, status: 200
end
2016-06-13 18:31:01 +08:00
def mandrill
events = params["mandrill_events"]
events.each do |event|
message_id = event["msg"]["metadata"]["message_id"] rescue nil
next unless message_id
case event["event"]
when "hard_bounce"
process_bounce(message_id, SiteSetting.hard_bounce_score)
2016-06-13 18:31:01 +08:00
when "soft_bounce"
process_bounce(message_id, SiteSetting.soft_bounce_score)
2016-06-13 18:31:01 +08:00
end
end
render nothing: true, status: 200
end
2016-05-30 23:11:17 +08:00
private
def mailgun_failure
render nothing: true, status: 406
end
def mailgun_success
render nothing: true, status: 200
end
def mailgun_verify(timestamp, token, signature)
digest = OpenSSL::Digest::SHA256.new
data = "#{timestamp}#{token}"
signature == OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data)
end
def process_bounce(message_id, bounce_score)
2016-06-07 01:47:45 +08:00
return if message_id.blank?
email_log = EmailLog.find_by(message_id: message_id)
return if email_log.nil?
email_log.update_columns(bounced: true)
Email::Receiver.update_bounce_score(email_log.user.email, bounce_score)
end
2016-05-30 23:11:17 +08:00
end