discourse/app/controllers/webhooks_controller.rb

require "openssl"

class WebhooksController < ActionController::Base

  def mailgun
    # can't verify data without an API key
    return mailgun_failure if SiteSetting.mailgun_api_key.blank?

    # token is a random string of 50 characters
    token = params["token"]
    return mailgun_failure if token.blank? || token.size != 50

    # prevent replay attack
    key = "mailgun_token_#{token}"
    return mailgun_failure unless $redis.setnx(key, 1)
    $redis.expire(key, 10.minutes)

    # ensure timestamp isn't too far from current time
    timestamp = params["timestamp"]
    return mailgun_failure if (Time.at(timestamp.to_i) - Time.now).abs > 24.hours.to_i

    # check the signature
    return mailgun_failure unless mailgun_verify(timestamp, token, params["signature"])

    event = params["event"]
    message_id = params["Message-Id"].tr("<>", "")
    to_address = params["recipient"]

    # only handle soft bounces, because hard bounces are also handled
    # by the "dropped" event and we don't want to increase bounce score twice
    # for the same message
    if event == "bounced".freeze && params["error"]["4."]
      process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
    elsif event == "dropped".freeze
      process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
    end

    mailgun_success
  end

  def sendgrid
    events = params["_json"] || [params]
    events.each do |event|
      message_id = (event["smtp-id"] || "").tr("<>", "")
      to_address = event["email"]
      if event["event"] == "bounce".freeze
        if event["status"]["4."]
          process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
        else
          process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
        end
      elsif event["event"] == "dropped".freeze
        process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
      end
    end

    render body: nil, status: 200
  end

  def mailjet
    events = params["_json"] || [params]
    events.each do |event|
      message_id = event["CustomID"]
      to_address = event["email"]
      if event["event"] == "bounce".freeze
        if event["hard_bounce"]
          process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
        else
          process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
        end
      end
    end

    render body: nil, status: 200
  end

  def mandrill
    events = params["mandrill_events"]
    events.each do |event|
      message_id = event["msg"]["metadata"]["message_id"] rescue nil
      to_address = event["msg"]["email"] rescue nil

      case event["event"]
      when "hard_bounce"
        process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
      when "soft_bounce"
        process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
      end
    end

    render body: nil, status: 200
  end

  def sparkpost
    events = params["_json"] || [params]
    events.each do |event|
      message_event = event["msys"]["message_event"] rescue nil
      next unless message_event

      message_id   = message_event["rcpt_meta"]["message_id"] rescue nil
      to_address   = message_event["rcpt_to"]                 rescue nil
      bounce_class = message_event["bounce_class"]            rescue nil
      next unless bounce_class

      bounce_class = bounce_class.to_i

      # bounce class definitions: https://support.sparkpost.com/customer/portal/articles/1929896
      if bounce_class < 80
        if bounce_class == 10 || bounce_class == 25 || bounce_class == 30
          process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)
        else
          process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)
        end
      end
    end

    render body: nil, status: 200
  end

  private

    def mailgun_failure
      render body: nil, status: 406
    end

    def mailgun_success
      render body: nil, status: 200
    end

    def mailgun_verify(timestamp, token, signature)
      digest = OpenSSL::Digest::SHA256.new
      data = "#{timestamp}#{token}"
      signature == OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data)
    end

    def process_bounce(message_id, to_address, bounce_score)
      return if message_id.blank? || to_address.blank?

      email_log = EmailLog.find_by(message_id: message_id, to_address: to_address)
      return if email_log.nil?

      email_log.update_columns(bounced: true)
      return if email_log.user.nil? || email_log.user.email.blank?

      Email::Receiver.update_bounce_score(email_log.user.email, bounce_score)
    end

end
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`require "openssl"`

			`class WebhooksController < ActionController::Base`

			`def mailgun`
			`# can't verify data without an API key`
			`return mailgun_failure if SiteSetting.mailgun_api_key.blank?`

			`# token is a random string of 50 characters`
use proper 'Message-Id' field 2016-06-08 18:33:13 -04:00			`token = params["token"]`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`return mailgun_failure if token.blank? \|\| token.size != 50`

			`# prevent replay attack`
			`key = "mailgun_token_#{token}"`
			`return mailgun_failure unless $redis.setnx(key, 1)`
loosen security a bit on mailgun's webhook 2016-06-08 16:38:38 -04:00			`$redis.expire(key, 10.minutes)`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00
			`# ensure timestamp isn't too far from current time`
use proper 'Message-Id' field 2016-06-08 18:33:13 -04:00			`timestamp = params["timestamp"]`
loosen security a bit on mailgun's webhook 2016-06-08 16:38:38 -04:00			`return mailgun_failure if (Time.at(timestamp.to_i) - Time.now).abs > 24.hours.to_i`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00
			`# check the signature`
			`return mailgun_failure unless mailgun_verify(timestamp, token, params["signature"])`

use proper 'Message-Id' field 2016-06-08 18:33:13 -04:00			`event = params["event"]`
			`message_id = params["Message-Id"].tr("<>", "")`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`to_address = params["recipient"]`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00
			`# only handle soft bounces, because hard bounces are also handled`
			`# by the "dropped" event and we don't want to increase bounce score twice`
			`# for the same message`
			`if event == "bounced".freeze && params["error"]["4."]`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`elsif event == "dropped".freeze`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`end`

loosen security a bit on mailgun's webhook 2016-06-08 16:38:38 -04:00			`mailgun_success`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`end`

FEATURE: sendgrid webhooks 2016-06-01 15:48:06 -04:00			`def sendgrid`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`events = params["_json"] \|\| [params]`
			`events.each do \|event\|`
loosen security a bit on mailgun's webhook 2016-06-08 16:38:38 -04:00			`message_id = (event["smtp-id"] \|\| "").tr("<>", "")`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`to_address = event["email"]`
FEATURE: sendgrid webhooks 2016-06-01 15:48:06 -04:00			`if event["event"] == "bounce".freeze`
			`if event["status"]["4."]`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)`
FEATURE: sendgrid webhooks 2016-06-01 15:48:06 -04:00			`else`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)`
FEATURE: sendgrid webhooks 2016-06-01 15:48:06 -04:00			`end`
			`elsif event["event"] == "dropped".freeze`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)`
FEATURE: sendgrid webhooks 2016-06-01 15:48:06 -04:00			`end`
			`end`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil, status: 200`
FEATURE: sendgrid webhooks 2016-06-01 15:48:06 -04:00			`end`

FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`def mailjet`
			`events = params["_json"] \|\| [params]`
			`events.each do \|event\|`
loosen security a bit on mailgun's webhook 2016-06-08 16:38:38 -04:00			`message_id = event["CustomID"]`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`to_address = event["email"]`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`if event["event"] == "bounce".freeze`
			`if event["hard_bounce"]`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`else`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`end`
			`end`
			`end`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil, status: 200`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`end`

FEATURE: support for mandrill webhooks 2016-06-13 06:31:01 -04:00			`def mandrill`
			`events = params["mandrill_events"]`
			`events.each do \|event\|`
			`message_id = event["msg"]["metadata"]["message_id"] rescue nil`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`to_address = event["msg"]["email"] rescue nil`
FEATURE: support for mandrill webhooks 2016-06-13 06:31:01 -04:00
			`case event["event"]`
			`when "hard_bounce"`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)`
FEATURE: support for mandrill webhooks 2016-06-13 06:31:01 -04:00			`when "soft_bounce"`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)`
FEATURE: support for mandrill webhooks 2016-06-13 06:31:01 -04:00			`end`
			`end`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil, status: 200`
FEATURE: support for mandrill webhooks 2016-06-13 06:31:01 -04:00			`end`

FEATURE: sparkpost webhook 2016-09-27 01:13:34 -04:00			`def sparkpost`
			`events = params["_json"] \|\| [params]`
			`events.each do \|event\|`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`message_event = event["msys"]["message_event"] rescue nil`
			`next unless message_event`

			`message_id = message_event["rcpt_meta"]["message_id"] rescue nil`
			`to_address = message_event["rcpt_to"] rescue nil`
			`bounce_class = message_event["bounce_class"] rescue nil`
			`next unless bounce_class`
FEATURE: sparkpost webhook 2016-09-27 01:13:34 -04:00
			`bounce_class = bounce_class.to_i`

			`# bounce class definitions: https://support.sparkpost.com/customer/portal/articles/1929896`
			`if bounce_class < 80`
			`if bounce_class == 10 \|\| bounce_class == 25 \|\| bounce_class == 30`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.hard_bounce_score)`
FEATURE: sparkpost webhook 2016-09-27 01:13:34 -04:00			`else`
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`process_bounce(message_id, to_address, SiteSetting.soft_bounce_score)`
FEATURE: sparkpost webhook 2016-09-27 01:13:34 -04:00			`end`
			`end`
			`end`

Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil, status: 200`
FEATURE: sparkpost webhook 2016-09-27 01:13:34 -04:00			`end`

FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`private`

			`def mailgun_failure`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil, status: 406`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`end`

			`def mailgun_success`
Fix all the errors to get our tests green on Rails 5.1. 2017-08-31 00:06:56 -04:00			`render body: nil, status: 200`
FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`end`

			`def mailgun_verify(timestamp, token, signature)`
			`digest = OpenSSL::Digest::SHA256.new`
			`data = "#{timestamp}#{token}"`
			`signature == OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data)`
			`end`

FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`def process_bounce(message_id, to_address, bounce_score)`
			`return if message_id.blank? \|\| to_address.blank?`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00
FIX: bounce webhooks should also use recipient address 2017-02-05 13:06:35 -05:00			`email_log = EmailLog.find_by(message_id: message_id, to_address: to_address)`
FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`return if email_log.nil?`

			`email_log.update_columns(bounced: true)`
FIX: don't error out when we receive a bounce associated to a deleted user 2016-10-26 04:13:05 -04:00			`return if email_log.user.nil? \|\| email_log.user.email.blank?`

FEATURE: mailjet webhook 2016-06-06 13:47:45 -04:00			`Email::Receiver.update_bounce_score(email_log.user.email, bounce_score)`
			`end`

FEATURE: webhooks support for mailgun 2016-05-30 11:11:17 -04:00			`end`