require "openssl" class WebhooksController < ActionController::Base def mailgun # can't verify data without an API key return mailgun_failure if SiteSetting.mailgun_api_key.blank? # token is a random string of 50 characters token = params.delete("token") return mailgun_failure if token.blank? || token.size != 50 # prevent replay attack key = "mailgun_token_#{token}" return mailgun_failure unless $redis.setnx(key, 1) $redis.expire(key, 8.hours) # ensure timestamp isn't too far from current time timestamp = params.delete("timestamp") return mailgun_failure if (Time.at(timestamp.to_i) - Time.now).abs > 1.hour.to_i # check the signature return mailgun_failure unless mailgun_verify(timestamp, token, params["signature"]) handled = false event = params.delete("event") # only handle soft bounces, because hard bounces are also handled # by the "dropped" event and we don't want to increase bounce score twice # for the same message if event == "bounced".freeze && params["error"]["4."] handled = mailgun_process(params, Email::Receiver::SOFT_BOUNCE_SCORE) elsif event == "dropped".freeze handled = mailgun_process(params, Email::Receiver::HARD_BOUNCE_SCORE) end handled ? mailgun_success : mailgun_failure end private def mailgun_failure render nothing: true, status: 406 end def mailgun_success render nothing: true, status: 200 end def mailgun_verify(timestamp, token, signature) digest = OpenSSL::Digest::SHA256.new data = "#{timestamp}#{token}" signature == OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data) end def mailgun_process(params, bounce_score) return false if params["message-headers"].blank? return_path_header = params["message-headers"].first { |h| h[0] == "Return-Path".freeze } return false if return_path_header.blank? return_path = return_path_header[1] return false if return_path.blank? bounce_key = return_path[/\+verp-(\h{32})@/, 1] return false if bounce_key.blank? email_log = EmailLog.find_by(bounce_key: bounce_key) return false if email_log.nil? email_log.update_columns(bounced: true) Email::Receiver.update_bounce_score(email_log.user.email, bounce_score) true end end