mirror of
https://github.com/discourse/discourse.git
synced 2024-12-01 05:43:38 +08:00
c3070288ea
* FEATURE: Verify Sendgrid webhook signature * FEATURE: Verify more webhook signatures * DEV: Add test for AWS webhook * FEATURE: Implement algorithm for Mandrill * FEATURE: Add warning if webhooks are unsafe
313 lines
9.6 KiB
Ruby
313 lines
9.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "openssl"
|
|
|
|
class WebhooksController < ActionController::Base
|
|
skip_before_action :verify_authenticity_token
|
|
|
|
def mailgun
|
|
return signature_failure if SiteSetting.mailgun_api_key.blank?
|
|
|
|
params["event-data"] ? handle_mailgun_new(params) : handle_mailgun_legacy(params)
|
|
end
|
|
|
|
def sendgrid
|
|
if SiteSetting.sendgrid_verification_key.present?
|
|
return signature_failure if !valid_sendgrid_signature?
|
|
else
|
|
Rails.logger.warn(
|
|
"Received a Sendgrid webhook, but no verification key has been configured. This is unsafe behaviour and will be disallowed in the future.",
|
|
)
|
|
end
|
|
|
|
events = params["_json"] || [params]
|
|
events.each do |event|
|
|
message_id = Email::MessageIdService.message_id_clean((event["smtp-id"] || ""))
|
|
to_address = event["email"]
|
|
error_code = event["status"]
|
|
if event["event"] == "bounce"
|
|
if error_code[Email::SMTP_STATUS_TRANSIENT_FAILURE]
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score, error_code)
|
|
else
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score, error_code)
|
|
end
|
|
elsif event["event"] == "dropped"
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score, error_code)
|
|
end
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def mailjet
|
|
if SiteSetting.mailjet_webhook_token.present?
|
|
return signature_failure if !valid_mailjet_token?
|
|
else
|
|
Rails.logger.warn(
|
|
"Received a Mailjet webhook, but no token has been configured. This is unsafe behaviour and will be disallowed in the future.",
|
|
)
|
|
end
|
|
|
|
events = params["_json"] || [params]
|
|
events.each do |event|
|
|
message_id = event["CustomID"]
|
|
to_address = event["email"]
|
|
if event["event"] == "bounce"
|
|
if event["hard_bounce"]
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
|
|
else
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
|
|
end
|
|
end
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def mandrill
|
|
if SiteSetting.mandrill_authentication_key.present?
|
|
return signature_failure if !valid_mandrill_signature?
|
|
else
|
|
Rails.logger.warn(
|
|
"Received a Mandrill webhook, but no authentication key has been configured. This is unsafe behaviour and will be disallowed in the future.",
|
|
)
|
|
end
|
|
|
|
JSON
|
|
.parse(params["mandrill_events"])
|
|
.each do |event|
|
|
message_id = event.dig("msg", "metadata", "message_id")
|
|
to_address = event.dig("msg", "email")
|
|
error_code = event.dig("msg", "diag")
|
|
|
|
case event["event"]
|
|
when "hard_bounce"
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score, error_code)
|
|
when "soft_bounce"
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score, error_code)
|
|
end
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def mandrill_head
|
|
# Mandrill sends a HEAD request to validate the webhook before saving
|
|
# Rails interprets it as a GET request
|
|
success
|
|
end
|
|
|
|
def postmark
|
|
if SiteSetting.postmark_webhook_token.present?
|
|
return signature_failure if !valid_postmark_token?
|
|
else
|
|
Rails.logger.warn(
|
|
"Received a Postmark webhook, but no token has been configured. This is unsafe behaviour and will be disallowed in the future.",
|
|
)
|
|
end
|
|
|
|
# see https://postmarkapp.com/developer/webhooks/bounce-webhook#bounce-webhook-data
|
|
# and https://postmarkapp.com/developer/api/bounce-api#bounce-types
|
|
|
|
message_id = params["MessageID"]
|
|
to_address = params["Email"]
|
|
type = params["Type"]
|
|
case type
|
|
when "HardBounce", "SpamNotification", "SpamComplaint"
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
|
|
when "SoftBounce"
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def sparkpost
|
|
if SiteSetting.sparkpost_webhook_token.present?
|
|
return signature_failure if !valid_sparkpost_token?
|
|
else
|
|
Rails.logger.warn(
|
|
"Received a Sparkpost webhook, but no token has been configured. This is unsafe behaviour and will be disallowed in the future.",
|
|
)
|
|
end
|
|
|
|
events = params["_json"] || [params]
|
|
events.each do |event|
|
|
message_event = event.dig("msys", "message_event")
|
|
next unless message_event
|
|
|
|
message_id = message_event.dig("rcpt_meta", "message_id")
|
|
to_address = message_event["rcpt_to"]
|
|
bounce_class = message_event["bounce_class"]
|
|
next unless bounce_class
|
|
|
|
bounce_class = bounce_class.to_i
|
|
|
|
# bounce class definitions: https://support.sparkpost.com/customer/portal/articles/1929896
|
|
if bounce_class < 80
|
|
if bounce_class == 10 || bounce_class == 25 || bounce_class == 30
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
|
|
else
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
|
|
end
|
|
end
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def aws
|
|
raw = request.raw_post
|
|
json = JSON.parse(raw)
|
|
|
|
case json["Type"]
|
|
when "SubscriptionConfirmation"
|
|
Jobs.enqueue(:confirm_sns_subscription, raw: raw, json: json)
|
|
when "Notification"
|
|
Jobs.enqueue(:process_sns_notification, raw: raw, json: json)
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
private
|
|
|
|
def signature_failure
|
|
render body: nil, status: 406
|
|
end
|
|
|
|
def success
|
|
render body: nil, status: 200
|
|
end
|
|
|
|
def valid_mailgun_signature?(token, timestamp, signature)
|
|
# token is a random 50 characters string
|
|
return false if token.blank? || token.size != 50
|
|
|
|
# prevent replay attacks
|
|
key = "mailgun_token_#{token}"
|
|
return false unless Discourse.redis.setnx(key, 1)
|
|
Discourse.redis.expire(key, 10.minutes)
|
|
|
|
# ensure timestamp isn't too far from current time
|
|
return false if (Time.at(timestamp.to_i) - Time.now).abs > 12.hours.to_i
|
|
|
|
# check the signature
|
|
signature ==
|
|
OpenSSL::HMAC.hexdigest("SHA256", SiteSetting.mailgun_api_key, "#{timestamp}#{token}")
|
|
end
|
|
|
|
def handle_mailgun_legacy(params)
|
|
unless valid_mailgun_signature?(params["token"], params["timestamp"], params["signature"])
|
|
return signature_failure
|
|
end
|
|
|
|
event = params["event"]
|
|
message_id = Email::MessageIdService.message_id_clean(params["Message-Id"])
|
|
to_address = params["recipient"]
|
|
error_code = params["code"]
|
|
|
|
# only handle soft bounces, because hard bounces are also handled
|
|
# by the "dropped" event and we don't want to increase bounce score twice
|
|
# for the same message
|
|
if event == "bounced" && params["error"][Email::SMTP_STATUS_TRANSIENT_FAILURE]
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score, error_code)
|
|
elsif event == "dropped"
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score, error_code)
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def handle_mailgun_new(params)
|
|
signature = params["signature"]
|
|
unless valid_mailgun_signature?(
|
|
signature["token"],
|
|
signature["timestamp"],
|
|
signature["signature"],
|
|
)
|
|
return signature_failure
|
|
end
|
|
|
|
data = params["event-data"]
|
|
error_code = params.dig("delivery-status", "code")
|
|
message_id = data.dig("message", "headers", "message-id")
|
|
to_address = data["recipient"]
|
|
severity = data["severity"]
|
|
|
|
if data["event"] == "failed"
|
|
if severity == "temporary"
|
|
process_bounce(message_id, to_address, SiteSetting.soft_bounce_score, error_code)
|
|
elsif severity == "permanent"
|
|
process_bounce(message_id, to_address, SiteSetting.hard_bounce_score, error_code)
|
|
end
|
|
end
|
|
|
|
success
|
|
end
|
|
|
|
def valid_sendgrid_signature?
|
|
signature = request.headers["X-Twilio-Email-Event-Webhook-Signature"]
|
|
timestamp = request.headers["X-Twilio-Email-Event-Webhook-Timestamp"]
|
|
request.body.rewind
|
|
payload = request.body.read
|
|
|
|
hashed_payload = Digest::SHA256.digest("#{timestamp}#{payload}")
|
|
decoded_signature = Base64.decode64(signature)
|
|
|
|
begin
|
|
public_key = OpenSSL::PKey::EC.new(Base64.decode64(SiteSetting.sendgrid_verification_key))
|
|
rescue StandardError => err
|
|
Rails.logger.error("Invalid Sendgrid verification key")
|
|
return false
|
|
end
|
|
|
|
public_key.dsa_verify_asn1(hashed_payload, decoded_signature)
|
|
end
|
|
|
|
def valid_mailjet_token?
|
|
ActiveSupport::SecurityUtils.secure_compare(params[:t], SiteSetting.mailjet_webhook_token)
|
|
end
|
|
|
|
def valid_mandrill_signature?
|
|
signature = request.headers["X-Mandrill-Signature"]
|
|
|
|
payload = "#{Discourse.base_url}/webhooks/mandrill"
|
|
params
|
|
.permit(:mandrill_events)
|
|
.to_h
|
|
.sort_by(&:first)
|
|
.each do |key, value|
|
|
payload += key.to_s
|
|
payload += value
|
|
end
|
|
|
|
payload_signature =
|
|
OpenSSL::HMAC.digest("sha1", SiteSetting.mandrill_authentication_key, payload)
|
|
ActiveSupport::SecurityUtils.secure_compare(
|
|
signature,
|
|
Base64.strict_encode64(payload_signature),
|
|
)
|
|
end
|
|
|
|
def valid_postmark_token?
|
|
ActiveSupport::SecurityUtils.secure_compare(params[:t], SiteSetting.postmark_webhook_token)
|
|
end
|
|
|
|
def valid_sparkpost_token?
|
|
ActiveSupport::SecurityUtils.secure_compare(params[:t], SiteSetting.sparkpost_webhook_token)
|
|
end
|
|
|
|
def process_bounce(message_id, to_address, bounce_score, bounce_error_code = nil)
|
|
return if message_id.blank? || to_address.blank?
|
|
|
|
email_log = EmailLog.find_by(message_id: message_id, to_address: to_address)
|
|
return if email_log.nil?
|
|
|
|
email_log.update_columns(bounced: true, bounce_error_code: bounce_error_code)
|
|
return if email_log.user.nil? || email_log.user.email.blank?
|
|
|
|
Email::Receiver.update_bounce_score(email_log.user.email, bounce_score)
|
|
end
|
|
end
|