actionmailbox-resend 1.0.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bd1828862b0a6a228916314fd02c579d573596972ad0cb0504f8ae96fd72ea36
+  data.tar.gz: fe4b3c151880d5add134675a66497f4e6a76883e87ededfe308850fb365288af
+SHA512:
+  metadata.gz: b79b0224ec90f1cec399ed59519d77e10067bb1d9a6fd1962b534b6ec10513de5425124ec128d4c9197f6f4b09ebfe381ee0e273f2746dfdb561505b32048ec4
+  data.tar.gz: 6967142b8eb1eb58e72662fd0f09f0f4c8f3cf037260d1120170ce1312fd32445b38816ddadfeac83b2dd4f868ad9840c6d165d28491b1d826efe10285e67f00

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 rcoenen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,120 @@
+# ActionMailbox Resend
+
+A Rails Engine providing [Resend](https://resend.com) email ingress support for [ActionMailbox](https://guides.rubyonrails.org/action_mailbox_basics.html).
+
+This gem works with **any Rails application** that uses ActionMailbox. It receives webhooks from Resend's inbound email API, verifies signatures via Svix, reconstructs RFC822 MIME messages (including attachments and inline images), and delivers them to ActionMailbox for processing.
+
+> **Note:** This gem was originally developed to add Resend support to [Chatwoot](https://chatwoot.com), but it's a general-purpose ActionMailbox ingress that works with any Rails application.
+
+## Features
+
+- Webhook-based email ingestion via Resend's email receiving API
+- Cryptographic signature verification using Svix
+- Full attachment support (regular + inline images)
+- Data URI to CID conversion for inline images
+- Email threading support (In-Reply-To, References headers)
+- SSRF protection with URL allow-listing
+- Idempotency via webhook deduplication
+- Request size limits and HTTP timeouts
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "actionmailbox-resend"
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+## Configuration
+
+### Environment Variables
+
+Set the following environment variables:
+
+```bash
+RESEND_API_KEY=re_xxx           # Your Resend API key
+RESEND_WEBHOOK_SECRET=whsec_xxx  # Your Resend webhook signing secret
+```
+
+### Mount the Engine
+
+In your `config/routes.rb`:
+
+```ruby
+Rails.application.routes.draw do
+  mount ActionMailbox::Resend::Engine, at: "/rails/action_mailbox/resend"
+end
+```
+
+This creates the webhook endpoint at:
+```
+POST /rails/action_mailbox/resend/inbound_emails
+```
+
+## Resend Setup
+
+1. **Enable Inbound Emails** in your Resend dashboard
+2. **Configure Email Forwarding** to forward emails to your domain
+3. **Add Webhook Endpoint**: `https://your-domain.com/rails/action_mailbox/resend/inbound_emails`
+4. **Copy Webhook Signing Secret** to your `RESEND_WEBHOOK_SECRET` environment variable
+
+## How It Works
+
+1. **Webhook Reception**: Resend sends a webhook when an email is received
+2. **Signature Verification**: The gem verifies the Svix signature to ensure authenticity
+3. **Email Fetch**: Full email content is fetched from Resend's API (webhooks only contain email IDs)
+4. **Attachment Download**: Attachments are fetched via a two-step process (metadata → download URL → content)
+5. **RFC822 Construction**: The JSON email data is converted to a proper RFC822 MIME message
+6. **ActionMailbox Delivery**: The message is submitted to ActionMailbox for processing
+
+### RFC822 Reconstruction
+
+Unlike other email providers that send emails in RFC822 format, Resend provides structured JSON. This gem handles the complex conversion including:
+
+- Proper multipart MIME boundaries
+- Content-Type headers for each part
+- Content-Transfer-Encoding for attachments
+- Content-ID for inline images
+- Data URI to CID reference conversion
+
+## Security
+
+- **Svix Signature Verification**: All webhooks are cryptographically verified
+- **SSRF Protection**: Attachment downloads are restricted to `*.resend.com` and `*.resend.app` domains
+- **Size Limits**: 10MB max request size, 25MB max attachment size
+- **Timeout Protection**: 5s connection timeout, 10s read timeout
+- **Redirect Blocking**: Prevents redirect-based SSRF attacks
+- **Idempotency**: 24-hour deduplication via `svix-id` header
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rspec` to run the tests.
+
+```bash
+git clone https://github.com/rcoenen/actionmailbox-resend.git
+cd actionmailbox-resend
+bin/setup
+bundle exec rspec
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/rcoenen/actionmailbox-resend.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Related Links
+
+- [Resend Inbound Email Docs](https://resend.com/docs/api-reference/emails/receive-email)
+- [Resend Webhooks](https://resend.com/docs/webhooks)
+- [Svix Webhook Verification](https://docs.svix.com/receiving/verifying-payloads/how)
+- [Rails ActionMailbox](https://guides.rubyonrails.org/action_mailbox_basics.html)
+- [Chatwoot](https://chatwoot.com)

data/app/controllers/action_mailbox/resend/inbound_emails_controller.rb

@@ -0,0 +1,497 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+# rubocop:disable Metrics/ClassLength
+module ActionMailbox
+  module Resend
+    # Controller to handle inbound email webhooks from Resend
+    # Receives JSON webhook payload, verifies signature, fetches full email from Resend API,
+    # converts to RFC822, and processes via ActionMailbox
+    class InboundEmailsController < ActionController::Base
+      skip_forgery_protection
+
+      MAX_REQUEST_SIZE = 10.megabytes
+      MAX_ATTACHMENT_SIZE = 25.megabytes
+      ALLOWED_HOST_PATTERN = /\A[a-z0-9-]+\.resend\.(com|app)\z/i
+
+      before_action :verify_authenticity
+      before_action :validate_request_size
+      before_action :check_idempotency
+
+      # rubocop:disable Metrics/AbcSize
+      def create
+        # Parse webhook payload
+        payload = JSON.parse(request.body.read)
+
+        # Only process email.received events
+        return head :ok unless payload['type'] == 'email.received'
+
+        # Extract email_id from webhook
+        email_id = payload.dig('data', 'email_id')
+        return head(422) if email_id.blank?
+
+        # Fetch full email from Resend API
+        email_data = fetch_email_from_resend(email_id)
+        return head(:internal_server_error) if email_data.nil?
+
+        # Add email_id to email_data since Resend API doesn't include it in the response
+        email_data['email_id'] = email_id
+
+        # Build RFC822 MIME message with full content
+        mime_message = build_rfc822_message(email_data)
+
+        # Submit to ActionMailbox for processing
+        ActionMailbox::InboundEmail.create_and_extract_message_id!(mime_message)
+
+        # Mark webhook as processed to prevent duplicates
+        mark_processed(request.headers['svix-id'])
+
+        head :ok
+      rescue JSON::ParserError => e
+        Rails.logger.error("Resend webhook: Invalid JSON - #{e.message}")
+        head :bad_request
+      rescue StandardError => e
+        Rails.logger.error("Resend webhook: Processing error - #{e.message}")
+        Rails.logger.error(e.backtrace.join("\n"))
+        head :internal_server_error
+      end
+      # rubocop:enable Metrics/AbcSize
+
+      private
+
+      def validate_request_size
+        return if request.content_length.nil?
+
+        return unless request.content_length > MAX_REQUEST_SIZE
+
+        Rails.logger.warn("Resend webhook rejected: request too large (#{request.content_length} bytes)")
+        head :payload_too_large
+        false # Halt the filter chain
+      end
+
+      def check_idempotency
+        svix_id = request.headers['svix-id']
+        return if svix_id.blank?
+
+        return unless already_processed?(svix_id)
+
+        Rails.logger.info("Resend webhook skipped: duplicate svix-id #{svix_id}")
+        head :conflict
+        false # Halt the filter chain
+      end
+
+      def already_processed?(svix_id)
+        cache_key = "resend:webhook:#{svix_id}"
+        Rails.cache.read(cache_key).present?
+      end
+
+      def mark_processed(svix_id)
+        return if svix_id.blank?
+
+        cache_key = "resend:webhook:#{svix_id}"
+        Rails.cache.write(cache_key, true, expires_in: 24.hours)
+      end
+
+      def verify_authenticity
+        # Get raw body for signature verification
+        raw_body = request.body.read
+        request.body.rewind # Rewind so it can be read again
+
+        # Extract Svix headers
+        headers = {
+          'svix-id' => request.headers['svix-id'],
+          'svix-timestamp' => request.headers['svix-timestamp'],
+          'svix-signature' => request.headers['svix-signature']
+        }
+
+        return if valid_signature?(raw_body, headers)
+
+        Rails.logger.warn('Resend webhook: Invalid signature')
+        head :unauthorized
+        false # Halt the filter chain
+      end
+
+      def valid_signature?(body, headers)
+        return false if headers['svix-signature'].blank?
+
+        secret = ENV.fetch('RESEND_WEBHOOK_SECRET', nil)
+        return false if secret.blank?
+
+        # Use Svix to verify webhook signature
+        require 'svix'
+        wh = Svix::Webhook.new(secret)
+        wh.verify(body, headers)
+        true
+      rescue Svix::WebhookVerificationError => e
+        Rails.logger.error("Resend webhook verification failed: #{e.message}")
+        false
+      rescue StandardError => e
+        Rails.logger.error("Resend webhook verification error: #{e.message}")
+        false
+      end
+
+      def fetch_email_from_resend(email_id)
+        api_key = ENV.fetch('RESEND_API_KEY', nil)
+        if api_key.blank?
+          Rails.logger.error('Resend webhook: RESEND_API_KEY not configured')
+          return nil
+        end
+
+        uri = URI("https://api.resend.com/emails/receiving/#{email_id}")
+        request = Net::HTTP::Get.new(uri)
+        request['Authorization'] = "Bearer #{api_key}"
+        request['Content-Type'] = 'application/json'
+
+        response = http_request(uri) { |http| http.request(request) }
+
+        return JSON.parse(response.body) if response.is_a?(Net::HTTPSuccess)
+
+        Rails.logger.error("Resend API error: #{response.code} - #{response.body}")
+        nil
+      rescue StandardError => e
+        Rails.logger.error("Failed to fetch email from Resend: #{e.message}")
+        nil
+      end
+
+      def build_rfc822_message(email_data)
+        # Use Mail gem to build proper RFC822 MIME message
+        require 'mail'
+        require 'base64'
+
+        mail = Mail.new
+        set_mail_headers(mail, email_data)
+
+        # Determine if we have attachments
+        has_attachments = email_data['attachments'].present?
+
+        # Convert data URI images to cid: references if we have inline attachments
+        # Resend embeds images as data URIs in HTML, but we need cid: references for proper email structure
+        if has_attachments && email_data['html'].present?
+          email_data['html'] = convert_data_uris_to_cid(email_data['html'], email_data['attachments'], email_data['email_id'])
+        end
+
+        # Build email body structure
+        set_mail_body(mail, email_data, has_attachments)
+
+        # Add attachments if present - this will automatically convert to multipart/mixed
+        add_all_attachments(mail, email_data) if has_attachments
+
+        # Normalize MIME structure for desktop email client compatibility
+        normalize_mail_for_display(mail).to_s
+      rescue StandardError => e
+        Rails.logger.warn("Resend: Failed to normalize email structure - #{e.message}")
+        mail.to_s # Fall back to original if normalization fails
+      end
+
+      # rubocop:disable Metrics/AbcSize
+      def set_mail_headers(mail, email_data)
+        mail.from = email_data['from']
+        mail.to = email_data['to']
+        mail.cc = email_data['cc'] if email_data['cc'].present?
+        mail.bcc = email_data['bcc'] if email_data['bcc'].present?
+        mail.subject = email_data['subject'] || '(no subject)'
+
+        # Add threading headers if available
+        mail.message_id = email_data['message_id'] if email_data['message_id'].present?
+        mail.in_reply_to = email_data.dig('headers', 'in-reply-to') if email_data.dig('headers', 'in-reply-to').present?
+        mail.references = email_data.dig('headers', 'references') if email_data.dig('headers', 'references').present?
+      end
+      # rubocop:enable Metrics/AbcSize
+
+      def set_mail_body(mail, email_data, _has_attachments)
+        if email_data['html'].present? && email_data['text'].present?
+          # Both text and HTML - create multipart/alternative
+          mail.text_part = create_text_part(email_data['text'])
+          mail.html_part = create_html_part(email_data['html'])
+        elsif email_data['html'].present?
+          # HTML only
+          mail.content_type = 'text/html; charset=UTF-8'
+          mail.body = email_data['html']
+        else
+          # Text only
+          mail.content_type = 'text/plain; charset=UTF-8'
+          mail.body = email_data['text'] || '(no body)'
+        end
+      end
+
+      def create_text_part(text_content)
+        Mail::Part.new do
+          content_type 'text/plain; charset=UTF-8'
+          body text_content
+        end
+      end
+
+      def create_html_part(html_content)
+        Mail::Part.new do
+          content_type 'text/html; charset=UTF-8'
+          body html_content
+        end
+      end
+
+      def add_all_attachments(mail, email_data)
+        total = email_data['attachments'].size
+        failed = 0
+
+        email_data['attachments'].each do |attachment_meta|
+          result = add_attachment_to_mail(mail, email_data['email_id'], attachment_meta)
+          failed += 1 if result.nil?
+        end
+
+        Rails.logger.info("Resend attachments: #{total - failed}/#{total} successful")
+        Rails.logger.warn("Resend: #{failed} attachments failed to download") if failed.positive?
+      end
+
+      def add_attachment_to_mail(mail, email_id, attachment_meta)
+        # Fetch attachment content from Resend API
+        attachment_content = fetch_attachment_from_resend(email_id, attachment_meta['id'])
+        return nil if attachment_content.nil?
+
+        # Handle inline vs regular attachments differently
+        # Inline attachments must use mail.attachments.inline[] to set Content-Disposition header
+        # This allows MailboxHelper to detect them via .inline? and convert cid: to ActiveStorage URLs
+        if attachment_meta['content_disposition'] == 'inline'
+          add_inline_attachment(mail, attachment_meta, attachment_content)
+        else
+          add_regular_attachment(mail, attachment_meta, attachment_content)
+        end
+
+        true # Return success
+      rescue StandardError => e
+        Rails.logger.error("Failed to add attachment #{attachment_meta['id']}: #{e.message}")
+        nil # Return failure
+      end
+
+      def add_inline_attachment(mail, attachment_meta, attachment_content)
+        mail.attachments.inline[attachment_meta['filename']] = {
+          content_type: attachment_meta['content_type'],
+          content: attachment_content
+        }
+
+        # Set Content-ID for cid: reference matching
+        return if attachment_meta['content_id'].blank?
+
+        # Strip angle brackets as Mail gem adds them automatically
+        # Resend provides: "<content-id>", Mail gem expects: "content-id"
+        content_id_without_brackets = attachment_meta['content_id'].gsub(/[<>]/, '')
+        mail.attachments.last.content_id = content_id_without_brackets
+      end
+
+      def add_regular_attachment(mail, attachment_meta, attachment_content)
+        mail.attachments[attachment_meta['filename']] = {
+          content_type: attachment_meta['content_type'],
+          content: attachment_content
+        }
+      end
+
+      # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def fetch_attachment_from_resend(email_id, attachment_id)
+        api_key = ENV.fetch('RESEND_API_KEY', nil)
+        return nil if api_key.blank?
+
+        # Step 1: Get attachment metadata including download_url
+        metadata_uri = URI("https://api.resend.com/emails/receiving/#{email_id}/attachments/#{attachment_id}")
+        metadata_request = Net::HTTP::Get.new(metadata_uri)
+        metadata_request['Authorization'] = "Bearer #{api_key}"
+
+        metadata_response = http_request(metadata_uri) { |http| http.request(metadata_request) }
+
+        unless metadata_response.is_a?(Net::HTTPSuccess)
+          Rails.logger.error("Resend API error fetching attachment metadata: #{metadata_response.code} - #{metadata_response.body}")
+          return nil
+        end
+
+        metadata = JSON.parse(metadata_response.body)
+        download_url = metadata['download_url']
+
+        if download_url.blank?
+          Rails.logger.error('No download_url in attachment metadata')
+          return nil
+        end
+
+        # Validate download URL to prevent SSRF attacks
+        unless valid_resend_url?(download_url)
+          Rails.logger.error("Invalid or unauthorized download URL: #{download_url}")
+          return nil
+        end
+
+        # Step 2: Download actual file content from the download_url
+        download_uri = URI(download_url)
+
+        # Check attachment size before downloading
+        head_response = http_request(download_uri) { |http| http.head(download_uri.request_uri) }
+
+        if head_response['content-length'].present?
+          content_length = head_response['content-length'].to_i
+          if content_length > MAX_ATTACHMENT_SIZE
+            Rails.logger.warn("Resend attachment too large: #{content_length} bytes (max: #{MAX_ATTACHMENT_SIZE})")
+            return nil
+          end
+        end
+
+        download_response = http_request(download_uri) { |http| http.get(download_uri.request_uri) }
+
+        # Block redirects to prevent SSRF attacks
+        if download_response.is_a?(Net::HTTPRedirection)
+          Rails.logger.warn("Resend attachment download redirect blocked: #{download_url}")
+          return nil
+        end
+
+        return download_response.body if download_response.is_a?(Net::HTTPSuccess)
+
+        Rails.logger.error("Failed to download attachment from URL: #{download_response.code}")
+        nil
+      rescue StandardError => e
+        Rails.logger.error("Failed to fetch attachment from Resend: #{e.message}")
+        nil
+      end
+      # rubocop:enable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def convert_data_uris_to_cid(html, attachments, email_id)
+        # Resend embeds inline images as data URIs in HTML
+        # We need to convert them to cid: references that match the attachment Content-IDs
+        # This allows MailboxHelper to convert them to ActiveStorage URLs
+
+        return html if html.blank? || attachments.blank?
+
+        # Find inline image attachments with content_ids
+        inline_attachments = attachments.select { |a| a['content_disposition'] == 'inline' && a['content_id'].present? }
+        return html unless inline_attachments.any?
+
+        # Build a map of base64-encoded image data to content_ids by fetching each attachment
+        data_uri_to_cid = build_data_uri_map(inline_attachments, email_id)
+
+        # Replace data URI images with cid: references
+        # Match: <img src="data:image/TYPE;base64,BASE64DATA" ...>
+        html.gsub(%r{(<img[^>]+src=")data:image/[^;]+;base64,([^"]+)("[^>]*>)}i) do |match|
+          prefix = ::Regexp.last_match(1)
+          base64_data = ::Regexp.last_match(2)
+          suffix = ::Regexp.last_match(3)
+
+          # Find matching content_id for this base64 data
+          content_id = data_uri_to_cid[base64_data]
+
+          if content_id
+            # Replace with cid: reference
+            "#{prefix}cid:#{content_id}#{suffix}"
+          else
+            # No matching attachment found, leave as data URI
+            match
+          end
+        end
+      rescue StandardError => e
+        Rails.logger.error("Failed to convert data URIs to cid references: #{e.message}")
+        html # Return original HTML on error
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      def build_data_uri_map(inline_attachments, email_id)
+        data_uri_to_cid = {}
+        inline_attachments.each do |attachment|
+          attachment_content = fetch_attachment_from_resend(email_id, attachment['id'])
+          next if attachment_content.nil?
+
+          # Encode as base64 to match data URI format
+          base64_content = Base64.strict_encode64(attachment_content)
+          # Strip angle brackets from content_id (Resend provides "<cid>", we need "cid")
+          content_id = attachment['content_id'].gsub(/[<>]/, '')
+          data_uri_to_cid[base64_content] = content_id
+        end
+        data_uri_to_cid
+      end
+
+      def valid_resend_url?(url)
+        return false if url.blank?
+
+        uri = URI.parse(url)
+
+        # Check scheme - only HTTPS allowed
+        return false unless uri.scheme == 'https'
+
+        # Check host against Resend domain pattern (*.resend.com)
+        return false unless uri.host&.match?(ALLOWED_HOST_PATTERN)
+
+        true
+      rescue URI::InvalidURIError => e
+        Rails.logger.error("Invalid URL in Resend webhook: #{url} - #{e.message}")
+        false
+      end
+
+      # Returns a cert store configured for broad compatibility.
+      # OpenSSL 3.x enables CRL checking by default, which fails for many CDNs
+      # (including Cloudflare, which fronts Resend's API). This disables CRL
+      # checking while maintaining certificate verification.
+      def default_cert_store
+        store = OpenSSL::X509::Store.new
+        store.set_default_paths
+        store.flags = 0 # Disable CRL checking for OpenSSL 3.x compatibility
+        store
+      end
+
+      def http_request(uri, open_timeout: 5, read_timeout: 10)
+        Net::HTTP.start(
+          uri.hostname,
+          uri.port,
+          use_ssl: true,
+          cert_store: default_cert_store,
+          open_timeout: open_timeout,
+          read_timeout: read_timeout
+        ) do |http|
+          yield http
+        end
+      end
+
+      # Normalize email MIME structure for desktop email client compatibility
+      # Restructures to: multipart/mixed -> multipart/related -> multipart/alternative
+      # This ensures .eml files open correctly in Apple Mail, Thunderbird, etc.
+      def normalize_mail_for_display(mail)
+        mixed = Mail.new
+        # Copy all headers from original mail to preserve custom headers
+        mail.header.fields.each do |field|
+          mixed.header[field.name] = field.value unless field.name == 'Content-Type'
+        end
+        mixed.content_type = 'multipart/mixed'
+
+        related = Mail::Part.new
+        related.content_type = 'multipart/related'
+
+        alt = Mail::Part.new
+        alt.content_type = 'multipart/alternative'
+        if mail.multipart?
+          alt.add_part(mail.text_part) if mail.text_part
+          alt.add_part(mail.html_part) if mail.html_part
+        else
+          # For non-multipart emails, create a single part with the body
+          content_type = mail.content_type.presence || 'text/plain; charset=UTF-8'
+          alt.add_part(Mail::Part.new do
+            content_type content_type
+            body mail.body.decoded
+          end)
+        end
+        related.add_part(alt)
+
+        mail.attachments.each do |att|
+          if att.inline?
+            # Use attachments.inline[] to preserve Content-Disposition: inline
+            related.attachments.inline[att.filename] = {
+              content_type: att.content_type,
+              content: att.body.decoded
+            }
+            # Preserve Content-ID
+            related.attachments.last.content_id = att.cid if att.cid.present?
+          else
+            mixed.attachments[att.filename] = {
+              content_type: att.content_type,
+              content: att.body.decoded
+            }
+          end
+        end
+
+        mixed.add_part(related)
+        mixed
+      end
+    end
+  end
+end
+# rubocop:enable Metrics/ClassLength

data/config/routes.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+ActionMailbox::Resend::Engine.routes.draw do
+  post "/inbound_emails" => "inbound_emails#create", as: :inbound_emails
+end

data/lib/action_mailbox/resend/engine.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  module Resend
+    class Engine < ::Rails::Engine
+      isolate_namespace ActionMailbox::Resend
+
+      # Load the engine's routes automatically
+      initializer "actionmailbox-resend.load_routes" do |app|
+        app.routes.append do
+          # Allow mounting at a custom path if not already mounted
+        end
+      end
+    end
+  end
+end

data/lib/action_mailbox/resend/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ActionMailbox
+  module Resend
+    VERSION = "1.0.5"
+  end
+end

data/lib/action_mailbox/resend.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative "resend/version"
+require_relative "resend/engine"
+
+module ActionMailbox
+  module Resend
+    class Error < StandardError; end
+  end
+end

data/lib/actionmailbox-resend.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "action_mailbox/resend"

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: actionmailbox-resend
+version: !ruby/object:Gem::Version
+  version: 1.0.5
+platform: ruby
+authors:
+- rcoenen
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+- !ruby/object:Gem::Dependency
+  name: svix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+description: A Rails Engine providing Resend email ingress support for ActionMailbox.
+  Receives webhooks from Resend, verifies signatures via Svix, reconstructs RFC822
+  MIME messages, and delivers to ActionMailbox.
+email:
+- rcoenen@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- app/controllers/action_mailbox/resend/inbound_emails_controller.rb
+- config/routes.rb
+- lib/action_mailbox/resend.rb
+- lib/action_mailbox/resend/engine.rb
+- lib/action_mailbox/resend/version.rb
+- lib/actionmailbox-resend.rb
+homepage: https://github.com/rcoenen/actionmailbox-resend
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/rcoenen/actionmailbox-resend
+  source_code_uri: https://github.com/rcoenen/actionmailbox-resend
+  changelog_uri: https://github.com/rcoenen/actionmailbox-resend/blob/main/CHANGELOG.md
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Resend email ingress for ActionMailbox
+test_files: []