actionmailbox 0.1.0 → 6.0.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/{LICENSE → MIT-LICENSE} +1 -1
- data/README.md +2 -267
- data/app/controllers/action_mailbox/base_controller.rb +26 -31
- data/app/controllers/action_mailbox/ingresses/amazon/inbound_emails_controller.rb +48 -44
- data/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb +88 -84
- data/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb +64 -60
- data/app/controllers/action_mailbox/ingresses/postmark/inbound_emails_controller.rb +62 -0
- data/app/controllers/action_mailbox/ingresses/relay/inbound_emails_controller.rb +65 -0
- data/app/controllers/action_mailbox/ingresses/sendgrid/inbound_emails_controller.rb +51 -47
- data/app/controllers/rails/conductor/action_mailbox/inbound_emails_controller.rb +27 -20
- data/app/controllers/rails/conductor/action_mailbox/reroutes_controller.rb +15 -11
- data/app/controllers/rails/conductor/base_controller.rb +12 -8
- data/app/jobs/action_mailbox/incineration_job.rb +17 -13
- data/app/jobs/action_mailbox/routing_job.rb +10 -6
- data/app/models/action_mailbox/inbound_email.rb +43 -37
- data/app/models/action_mailbox/inbound_email/incineratable.rb +5 -3
- data/app/models/action_mailbox/inbound_email/incineratable/incineration.rb +21 -17
- data/app/models/action_mailbox/inbound_email/message_id.rb +22 -20
- data/app/models/action_mailbox/inbound_email/routable.rb +7 -5
- data/app/views/rails/conductor/action_mailbox/inbound_emails/new.html.erb +5 -0
- data/config/routes.rb +2 -1
- data/db/migrate/20180917164000_create_action_mailbox_tables.rb +10 -4
- data/lib/action_mailbox.rb +2 -1
- data/lib/action_mailbox/base.rb +100 -93
- data/lib/action_mailbox/callbacks.rb +3 -1
- data/lib/action_mailbox/engine.rb +9 -1
- data/lib/action_mailbox/gem_version.rb +17 -0
- data/lib/action_mailbox/mail_ext.rb +2 -0
- data/lib/action_mailbox/mail_ext/address_equality.rb +7 -3
- data/lib/action_mailbox/mail_ext/address_wrapping.rb +7 -3
- data/lib/action_mailbox/mail_ext/addresses.rb +22 -18
- data/lib/action_mailbox/mail_ext/from_source.rb +2 -0
- data/lib/action_mailbox/mail_ext/recipients.rb +7 -3
- data/lib/action_mailbox/{postfix_relayer.rb → relayer.rb} +18 -10
- data/lib/action_mailbox/router.rb +30 -26
- data/lib/action_mailbox/router/route.rb +34 -30
- data/lib/action_mailbox/routing.rb +3 -1
- data/lib/action_mailbox/test_case.rb +4 -0
- data/lib/action_mailbox/test_helper.rb +8 -6
- data/lib/action_mailbox/version.rb +8 -1
- data/lib/rails/generators/installer.rb +10 -0
- data/lib/rails/generators/mailbox/USAGE +12 -0
- data/lib/rails/generators/mailbox/mailbox_generator.rb +32 -0
- data/lib/{templates/mailboxes/application_mailbox.rb → rails/generators/mailbox/templates/application_mailbox.rb.tt} +1 -1
- data/lib/rails/generators/mailbox/templates/mailbox.rb.tt +4 -0
- data/lib/rails/generators/test_unit/mailbox_generator.rb +20 -0
- data/lib/rails/generators/test_unit/templates/mailbox_test.rb.tt +13 -0
- data/lib/tasks/ingress.rake +53 -5
- data/lib/tasks/install.rake +1 -1
- metadata +66 -237
- data/.gitignore +0 -2
- data/Gemfile +0 -8
- data/Gemfile.lock +0 -159
- data/Rakefile +0 -27
- data/actionmailbox.gemspec +0 -27
- data/app/controllers/action_mailbox/ingresses/postfix/inbound_emails_controller.rb +0 -55
- data/bin/test +0 -5
- data/lib/templates/installer.rb +0 -4
- data/test/controllers/ingresses/amazon/inbound_emails_controller_test.rb +0 -20
- data/test/controllers/ingresses/mailgun/inbound_emails_controller_test.rb +0 -89
- data/test/controllers/ingresses/mandrill/inbound_emails_controller_test.rb +0 -58
- data/test/controllers/ingresses/postfix/inbound_emails_controller_test.rb +0 -54
- data/test/controllers/ingresses/sendgrid/inbound_emails_controller_test.rb +0 -44
- data/test/dummy/.babelrc +0 -18
- data/test/dummy/.gitignore +0 -3
- data/test/dummy/.postcssrc.yml +0 -3
- data/test/dummy/Rakefile +0 -6
- data/test/dummy/app/assets/config/manifest.js +0 -3
- data/test/dummy/app/assets/images/.keep +0 -0
- data/test/dummy/app/assets/stylesheets/application.css +0 -15
- data/test/dummy/app/assets/stylesheets/scaffold.css +0 -80
- data/test/dummy/app/channels/application_cable/channel.rb +0 -4
- data/test/dummy/app/channels/application_cable/connection.rb +0 -4
- data/test/dummy/app/controllers/application_controller.rb +0 -2
- data/test/dummy/app/controllers/concerns/.keep +0 -0
- data/test/dummy/app/helpers/application_helper.rb +0 -2
- data/test/dummy/app/javascript/packs/application.js +0 -0
- data/test/dummy/app/jobs/application_job.rb +0 -2
- data/test/dummy/app/mailboxes/application_mailbox.rb +0 -2
- data/test/dummy/app/mailboxes/messages_mailbox.rb +0 -4
- data/test/dummy/app/mailers/application_mailer.rb +0 -4
- data/test/dummy/app/models/application_record.rb +0 -3
- data/test/dummy/app/models/concerns/.keep +0 -0
- data/test/dummy/app/views/layouts/application.html.erb +0 -14
- data/test/dummy/app/views/layouts/mailer.html.erb +0 -13
- data/test/dummy/app/views/layouts/mailer.text.erb +0 -1
- data/test/dummy/bin/bundle +0 -3
- data/test/dummy/bin/rails +0 -4
- data/test/dummy/bin/rake +0 -4
- data/test/dummy/bin/setup +0 -36
- data/test/dummy/bin/update +0 -31
- data/test/dummy/bin/yarn +0 -11
- data/test/dummy/config.ru +0 -5
- data/test/dummy/config/application.rb +0 -19
- data/test/dummy/config/boot.rb +0 -5
- data/test/dummy/config/cable.yml +0 -10
- data/test/dummy/config/database.yml +0 -25
- data/test/dummy/config/environment.rb +0 -5
- data/test/dummy/config/environments/development.rb +0 -63
- data/test/dummy/config/environments/production.rb +0 -96
- data/test/dummy/config/environments/test.rb +0 -46
- data/test/dummy/config/initializers/application_controller_renderer.rb +0 -8
- data/test/dummy/config/initializers/assets.rb +0 -14
- data/test/dummy/config/initializers/backtrace_silencers.rb +0 -7
- data/test/dummy/config/initializers/content_security_policy.rb +0 -22
- data/test/dummy/config/initializers/cookies_serializer.rb +0 -5
- data/test/dummy/config/initializers/filter_parameter_logging.rb +0 -4
- data/test/dummy/config/initializers/inflections.rb +0 -16
- data/test/dummy/config/initializers/mime_types.rb +0 -4
- data/test/dummy/config/initializers/wrap_parameters.rb +0 -14
- data/test/dummy/config/locales/en.yml +0 -33
- data/test/dummy/config/puma.rb +0 -34
- data/test/dummy/config/routes.rb +0 -4
- data/test/dummy/config/spring.rb +0 -6
- data/test/dummy/config/storage.yml +0 -35
- data/test/dummy/config/webpack/development.js +0 -3
- data/test/dummy/config/webpack/environment.js +0 -3
- data/test/dummy/config/webpack/production.js +0 -3
- data/test/dummy/config/webpack/test.js +0 -3
- data/test/dummy/config/webpacker.yml +0 -65
- data/test/dummy/db/migrate/20180208205311_create_action_mailroom_tables.rb +0 -11
- data/test/dummy/db/migrate/20180212164506_create_active_storage_tables.active_storage.rb +0 -26
- data/test/dummy/db/schema.rb +0 -43
- data/test/dummy/lib/assets/.keep +0 -0
- data/test/dummy/log/.keep +0 -0
- data/test/dummy/package.json +0 -11
- data/test/dummy/public/404.html +0 -67
- data/test/dummy/public/422.html +0 -67
- data/test/dummy/public/500.html +0 -66
- data/test/dummy/public/apple-touch-icon-precomposed.png +0 -0
- data/test/dummy/public/apple-touch-icon.png +0 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/storage/.keep +0 -0
- data/test/dummy/yarn.lock +0 -6071
- data/test/fixtures/files/welcome.eml +0 -631
- data/test/jobs/incineration_job_test.rb +0 -17
- data/test/test_helper.rb +0 -54
- data/test/unit/inbound_email/incineration_test.rb +0 -45
- data/test/unit/inbound_email/message_id_test.rb +0 -13
- data/test/unit/inbound_email_test.rb +0 -13
- data/test/unit/mail_ext/address_equality_test.rb +0 -9
- data/test/unit/mail_ext/address_wrapping_test.rb +0 -11
- data/test/unit/mail_ext/recipients_test.rb +0 -33
- data/test/unit/mailbox/bouncing_test.rb +0 -29
- data/test/unit/mailbox/callbacks_test.rb +0 -75
- data/test/unit/mailbox/routing_test.rb +0 -30
- data/test/unit/mailbox/state_test.rb +0 -49
- data/test/unit/postfix_relayer_test.rb +0 -90
- data/test/unit/router_test.rb +0 -137
@@ -1,99 +1,103 @@
|
|
1
|
-
#
|
2
|
-
#
|
3
|
-
# - +body-mime+: The full RFC 822 message
|
4
|
-
# - +timestamp+: The current time according to Mailgun as the number of seconds passed since the UNIX epoch
|
5
|
-
# - +token+: A randomly-generated, 50-character string
|
6
|
-
# - +signature+: A hexadecimal HMAC-SHA256 of the timestamp concatenated with the token, generated using the Mailgun API key
|
7
|
-
#
|
8
|
-
# Authenticates requests by validating their signatures.
|
9
|
-
#
|
10
|
-
# Returns:
|
11
|
-
#
|
12
|
-
# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
|
13
|
-
# - <tt>401 Unauthorized</tt> if the request's signature could not be validated, or if its timestamp is more than 2 minutes old
|
14
|
-
# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mailgun
|
15
|
-
# - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
|
16
|
-
# - <tt>500 Server Error</tt> if the Mailgun API key is missing, or one of the Active Record database,
|
17
|
-
# the Active Storage service, or the Active Job backend is misconfigured or unavailable
|
18
|
-
#
|
19
|
-
# == Usage
|
20
|
-
#
|
21
|
-
# 1. Give Action Mailbox your {Mailgun API key}[https://help.mailgun.com/hc/en-us/articles/203380100-Where-can-I-find-my-API-key-and-SMTP-credentials-]
|
22
|
-
# so it can authenticate requests to the Mailgun ingress.
|
23
|
-
#
|
24
|
-
# Use <tt>rails credentials:edit</tt> to add your API key to your application's encrypted credentials under
|
25
|
-
# +action_mailbox.mailgun_api_key+, where Action Mailbox will automatically find it:
|
26
|
-
#
|
27
|
-
# action_mailbox:
|
28
|
-
# mailgun_api_key: ...
|
29
|
-
#
|
30
|
-
# Alternatively, provide your API key in the +MAILGUN_INGRESS_API_KEY+ environment variable.
|
31
|
-
#
|
32
|
-
# 2. Tell Action Mailbox to accept emails from Mailgun:
|
33
|
-
#
|
34
|
-
# # config/environments/production.rb
|
35
|
-
# config.action_mailbox.ingress = :mailgun
|
36
|
-
#
|
37
|
-
# 3. {Configure Mailgun}[https://documentation.mailgun.com/en/latest/user_manual.html#receiving-forwarding-and-storing-messages]
|
38
|
-
# to forward inbound emails to `/rails/action_mailbox/mailgun/inbound_emails/mime`.
|
39
|
-
#
|
40
|
-
# If your application lived at <tt>https://example.com</tt>, you would specify the fully-qualified URL
|
41
|
-
# <tt>https://example.com/rails/action_mailbox/mailgun/inbound_emails/mime</tt>.
|
42
|
-
class ActionMailbox::Ingresses::Mailgun::InboundEmailsController < ActionMailbox::BaseController
|
43
|
-
before_action :authenticate
|
1
|
+
# frozen_string_literal: true
|
44
2
|
|
45
|
-
|
46
|
-
|
47
|
-
|
3
|
+
module ActionMailbox
|
4
|
+
# Ingests inbound emails from Mailgun. Requires the following parameters:
|
5
|
+
#
|
6
|
+
# - +body-mime+: The full RFC 822 message
|
7
|
+
# - +timestamp+: The current time according to Mailgun as the number of seconds passed since the UNIX epoch
|
8
|
+
# - +token+: A randomly-generated, 50-character string
|
9
|
+
# - +signature+: A hexadecimal HMAC-SHA256 of the timestamp concatenated with the token, generated using the Mailgun API key
|
10
|
+
#
|
11
|
+
# Authenticates requests by validating their signatures.
|
12
|
+
#
|
13
|
+
# Returns:
|
14
|
+
#
|
15
|
+
# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
|
16
|
+
# - <tt>401 Unauthorized</tt> if the request's signature could not be validated, or if its timestamp is more than 2 minutes old
|
17
|
+
# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mailgun
|
18
|
+
# - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
|
19
|
+
# - <tt>500 Server Error</tt> if the Mailgun API key is missing, or one of the Active Record database,
|
20
|
+
# the Active Storage service, or the Active Job backend is misconfigured or unavailable
|
21
|
+
#
|
22
|
+
# == Usage
|
23
|
+
#
|
24
|
+
# 1. Give Action Mailbox your {Mailgun API key}[https://help.mailgun.com/hc/en-us/articles/203380100-Where-can-I-find-my-API-key-and-SMTP-credentials-]
|
25
|
+
# so it can authenticate requests to the Mailgun ingress.
|
26
|
+
#
|
27
|
+
# Use <tt>rails credentials:edit</tt> to add your API key to your application's encrypted credentials under
|
28
|
+
# +action_mailbox.mailgun_api_key+, where Action Mailbox will automatically find it:
|
29
|
+
#
|
30
|
+
# action_mailbox:
|
31
|
+
# mailgun_api_key: ...
|
32
|
+
#
|
33
|
+
# Alternatively, provide your API key in the +MAILGUN_INGRESS_API_KEY+ environment variable.
|
34
|
+
#
|
35
|
+
# 2. Tell Action Mailbox to accept emails from Mailgun:
|
36
|
+
#
|
37
|
+
# # config/environments/production.rb
|
38
|
+
# config.action_mailbox.ingress = :mailgun
|
39
|
+
#
|
40
|
+
# 3. {Configure Mailgun}[https://documentation.mailgun.com/en/latest/user_manual.html#receiving-forwarding-and-storing-messages]
|
41
|
+
# to forward inbound emails to +/rails/action_mailbox/mailgun/inbound_emails/mime+.
|
42
|
+
#
|
43
|
+
# If your application lived at <tt>https://example.com</tt>, you would specify the fully-qualified URL
|
44
|
+
# <tt>https://example.com/rails/action_mailbox/mailgun/inbound_emails/mime</tt>.
|
45
|
+
class Ingresses::Mailgun::InboundEmailsController < ActionMailbox::BaseController
|
46
|
+
before_action :authenticate
|
48
47
|
|
49
|
-
|
50
|
-
|
51
|
-
head :unauthorized unless authenticated?
|
48
|
+
def create
|
49
|
+
ActionMailbox::InboundEmail.create_and_extract_message_id! params.require("body-mime")
|
52
50
|
end
|
53
51
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
key: key,
|
58
|
-
timestamp: params.require(:timestamp),
|
59
|
-
token: params.require(:token),
|
60
|
-
signature: params.require(:signature)
|
61
|
-
).authenticated?
|
62
|
-
else
|
63
|
-
raise ArgumentError, <<~MESSAGE.squish
|
64
|
-
Missing required Mailgun API key. Set action_mailbox.mailgun_api_key in your application's
|
65
|
-
encrypted credentials or provide the MAILGUN_INGRESS_API_KEY environment variable.
|
66
|
-
MESSAGE
|
52
|
+
private
|
53
|
+
def authenticate
|
54
|
+
head :unauthorized unless authenticated?
|
67
55
|
end
|
68
|
-
end
|
69
|
-
|
70
|
-
def key
|
71
|
-
Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key) || ENV["MAILGUN_INGRESS_API_KEY"]
|
72
|
-
end
|
73
56
|
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
57
|
+
def authenticated?
|
58
|
+
if key.present?
|
59
|
+
Authenticator.new(
|
60
|
+
key: key,
|
61
|
+
timestamp: params.require(:timestamp),
|
62
|
+
token: params.require(:token),
|
63
|
+
signature: params.require(:signature)
|
64
|
+
).authenticated?
|
65
|
+
else
|
66
|
+
raise ArgumentError, <<~MESSAGE.squish
|
67
|
+
Missing required Mailgun API key. Set action_mailbox.mailgun_api_key in your application's
|
68
|
+
encrypted credentials or provide the MAILGUN_INGRESS_API_KEY environment variable.
|
69
|
+
MESSAGE
|
70
|
+
end
|
79
71
|
end
|
80
72
|
|
81
|
-
def
|
82
|
-
|
73
|
+
def key
|
74
|
+
Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key) || ENV["MAILGUN_INGRESS_API_KEY"]
|
83
75
|
end
|
84
76
|
|
85
|
-
|
86
|
-
|
87
|
-
ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
|
88
|
-
end
|
77
|
+
class Authenticator
|
78
|
+
attr_reader :key, :timestamp, :token, :signature
|
89
79
|
|
90
|
-
|
91
|
-
|
92
|
-
Time.at(timestamp) >= 2.minutes.ago
|
80
|
+
def initialize(key:, timestamp:, token:, signature:)
|
81
|
+
@key, @timestamp, @token, @signature = key, Integer(timestamp), token, signature
|
93
82
|
end
|
94
83
|
|
95
|
-
def
|
96
|
-
|
84
|
+
def authenticated?
|
85
|
+
signed? && recent?
|
97
86
|
end
|
98
|
-
|
87
|
+
|
88
|
+
private
|
89
|
+
def signed?
|
90
|
+
ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
|
91
|
+
end
|
92
|
+
|
93
|
+
# Allow for 2 minutes of drift between Mailgun time and local server time.
|
94
|
+
def recent?
|
95
|
+
Time.at(timestamp) >= 2.minutes.ago
|
96
|
+
end
|
97
|
+
|
98
|
+
def expected_signature
|
99
|
+
OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA256.new, key, "#{timestamp}#{token}"
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
99
103
|
end
|
@@ -1,78 +1,82 @@
|
|
1
|
-
#
|
2
|
-
#
|
3
|
-
# Requires a +mandrill_events+ parameter containing a JSON array of Mandrill inbound email event objects.
|
4
|
-
# Each event is expected to have a +msg+ object containing a full RFC 822 message in its +raw_msg+ property.
|
5
|
-
#
|
6
|
-
# Returns:
|
7
|
-
#
|
8
|
-
# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
|
9
|
-
# - <tt>401 Unauthorized</tt> if the request's signature could not be validated
|
10
|
-
# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mandrill
|
11
|
-
# - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
|
12
|
-
# - <tt>500 Server Error</tt> if the Mandrill API key is missing, or one of the Active Record database,
|
13
|
-
# the Active Storage service, or the Active Job backend is misconfigured or unavailable
|
14
|
-
class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbox::BaseController
|
15
|
-
before_action :authenticate
|
1
|
+
# frozen_string_literal: true
|
16
2
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
3
|
+
module ActionMailbox
|
4
|
+
# Ingests inbound emails from Mandrill.
|
5
|
+
#
|
6
|
+
# Requires a +mandrill_events+ parameter containing a JSON array of Mandrill inbound email event objects.
|
7
|
+
# Each event is expected to have a +msg+ object containing a full RFC 822 message in its +raw_msg+ property.
|
8
|
+
#
|
9
|
+
# Returns:
|
10
|
+
#
|
11
|
+
# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
|
12
|
+
# - <tt>401 Unauthorized</tt> if the request's signature could not be validated
|
13
|
+
# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mandrill
|
14
|
+
# - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
|
15
|
+
# - <tt>500 Server Error</tt> if the Mandrill API key is missing, or one of the Active Record database,
|
16
|
+
# the Active Storage service, or the Active Job backend is misconfigured or unavailable
|
17
|
+
class Ingresses::Mandrill::InboundEmailsController < ActionMailbox::BaseController
|
18
|
+
before_action :authenticate
|
33
19
|
|
34
|
-
|
35
|
-
|
36
|
-
head :
|
20
|
+
def create
|
21
|
+
raw_emails.each { |raw_email| ActionMailbox::InboundEmail.create_and_extract_message_id! raw_email }
|
22
|
+
head :ok
|
23
|
+
rescue JSON::ParserError => error
|
24
|
+
logger.error error.message
|
25
|
+
head :unprocessable_entity
|
37
26
|
end
|
38
27
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
else
|
43
|
-
raise ArgumentError, <<~MESSAGE.squish
|
44
|
-
Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
|
45
|
-
encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
|
46
|
-
MESSAGE
|
28
|
+
private
|
29
|
+
def raw_emails
|
30
|
+
events.select { |event| event["event"] == "inbound" }.collect { |event| event.dig("msg", "raw_msg") }
|
47
31
|
end
|
48
|
-
end
|
49
32
|
|
50
|
-
|
51
|
-
|
52
|
-
|
33
|
+
def events
|
34
|
+
JSON.parse params.require(:mandrill_events)
|
35
|
+
end
|
53
36
|
|
54
|
-
class Authenticator
|
55
|
-
attr_reader :request, :key
|
56
37
|
|
57
|
-
def
|
58
|
-
|
38
|
+
def authenticate
|
39
|
+
head :unauthorized unless authenticated?
|
59
40
|
end
|
60
41
|
|
61
42
|
def authenticated?
|
62
|
-
|
43
|
+
if key.present?
|
44
|
+
Authenticator.new(request, key).authenticated?
|
45
|
+
else
|
46
|
+
raise ArgumentError, <<~MESSAGE.squish
|
47
|
+
Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
|
48
|
+
encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
|
49
|
+
MESSAGE
|
50
|
+
end
|
63
51
|
end
|
64
52
|
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
53
|
+
def key
|
54
|
+
Rails.application.credentials.dig(:action_mailbox, :mandrill_api_key) || ENV["MANDRILL_INGRESS_API_KEY"]
|
55
|
+
end
|
56
|
+
|
57
|
+
class Authenticator
|
58
|
+
attr_reader :request, :key
|
69
59
|
|
70
|
-
def
|
71
|
-
|
60
|
+
def initialize(request, key)
|
61
|
+
@request, @key = request, key
|
72
62
|
end
|
73
63
|
|
74
|
-
def
|
75
|
-
|
64
|
+
def authenticated?
|
65
|
+
ActiveSupport::SecurityUtils.secure_compare given_signature, expected_signature
|
76
66
|
end
|
77
|
-
|
67
|
+
|
68
|
+
private
|
69
|
+
def given_signature
|
70
|
+
request.headers["X-Mandrill-Signature"]
|
71
|
+
end
|
72
|
+
|
73
|
+
def expected_signature
|
74
|
+
Base64.strict_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, key, message)
|
75
|
+
end
|
76
|
+
|
77
|
+
def message
|
78
|
+
request.url + request.POST.sort.flatten.join
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
78
82
|
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionMailbox
|
4
|
+
# Ingests inbound emails from Postmark. Requires a +RawEmail+ parameter containing a full RFC 822 message.
|
5
|
+
#
|
6
|
+
# Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the
|
7
|
+
# password is read from the application's encrypted credentials or an environment variable. See the Usage section below.
|
8
|
+
#
|
9
|
+
# Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to
|
10
|
+
# the Postmark ingress can learn its password. You should only use the Postmark ingress over HTTPS.
|
11
|
+
#
|
12
|
+
# Returns:
|
13
|
+
#
|
14
|
+
# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
|
15
|
+
# - <tt>401 Unauthorized</tt> if the request's signature could not be validated
|
16
|
+
# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Postmark
|
17
|
+
# - <tt>422 Unprocessable Entity</tt> if the request is missing the required +RawEmail+ parameter
|
18
|
+
# - <tt>500 Server Error</tt> if the ingress password is not configured, or if one of the Active Record database,
|
19
|
+
# the Active Storage service, or the Active Job backend is misconfigured or unavailable
|
20
|
+
#
|
21
|
+
# == Usage
|
22
|
+
#
|
23
|
+
# 1. Tell Action Mailbox to accept emails from Postmark:
|
24
|
+
#
|
25
|
+
# # config/environments/production.rb
|
26
|
+
# config.action_mailbox.ingress = :postmark
|
27
|
+
#
|
28
|
+
# 2. Generate a strong password that Action Mailbox can use to authenticate requests to the Postmark ingress.
|
29
|
+
#
|
30
|
+
# Use <tt>rails credentials:edit</tt> to add the password to your application's encrypted credentials under
|
31
|
+
# +action_mailbox.ingress_password+, where Action Mailbox will automatically find it:
|
32
|
+
#
|
33
|
+
# action_mailbox:
|
34
|
+
# ingress_password: ...
|
35
|
+
#
|
36
|
+
# Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable.
|
37
|
+
#
|
38
|
+
# 3. {Configure Postmark}[https://postmarkapp.com/manual#configure-your-inbound-webhook-url] to forward inbound emails
|
39
|
+
# to +/rails/action_mailbox/postmark/inbound_emails+ with the username +actionmailbox+ and the password you
|
40
|
+
# previously generated. If your application lived at <tt>https://example.com</tt>, you would configure your
|
41
|
+
# Postmark inbound webhook with the following fully-qualified URL:
|
42
|
+
#
|
43
|
+
# https://actionmailbox:PASSWORD@example.com/rails/action_mailbox/postmark/inbound_emails
|
44
|
+
#
|
45
|
+
# *NOTE:* When configuring your Postmark inbound webhook, be sure to check the box labeled *"Include raw email
|
46
|
+
# content in JSON payload"*. Action Mailbox needs the raw email content to work.
|
47
|
+
class Ingresses::Postmark::InboundEmailsController < ActionMailbox::BaseController
|
48
|
+
before_action :authenticate_by_password
|
49
|
+
|
50
|
+
def create
|
51
|
+
ActionMailbox::InboundEmail.create_and_extract_message_id! params.require("RawEmail")
|
52
|
+
rescue ActionController::ParameterMissing => error
|
53
|
+
logger.error <<~MESSAGE
|
54
|
+
#{error.message}
|
55
|
+
|
56
|
+
When configuring your Postmark inbound webhook, be sure to check the box
|
57
|
+
labeled "Include raw email content in JSON payload".
|
58
|
+
MESSAGE
|
59
|
+
head :unprocessable_entity
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ActionMailbox
|
4
|
+
# Ingests inbound emails relayed from an SMTP server.
|
5
|
+
#
|
6
|
+
# Authenticates requests using HTTP basic access authentication. The username is always +actionmailbox+, and the
|
7
|
+
# password is read from the application's encrypted credentials or an environment variable. See the Usage section below.
|
8
|
+
#
|
9
|
+
# Note that basic authentication is insecure over unencrypted HTTP. An attacker that intercepts cleartext requests to
|
10
|
+
# the ingress can learn its password. You should only use this ingress over HTTPS.
|
11
|
+
#
|
12
|
+
# Returns:
|
13
|
+
#
|
14
|
+
# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
|
15
|
+
# - <tt>401 Unauthorized</tt> if the request could not be authenticated
|
16
|
+
# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails relayed from an SMTP server
|
17
|
+
# - <tt>415 Unsupported Media Type</tt> if the request does not contain an RFC 822 message
|
18
|
+
# - <tt>500 Server Error</tt> if the ingress password is not configured, or if one of the Active Record database,
|
19
|
+
# the Active Storage service, or the Active Job backend is misconfigured or unavailable
|
20
|
+
#
|
21
|
+
# == Usage
|
22
|
+
#
|
23
|
+
# 1. Tell Action Mailbox to accept emails from an SMTP relay:
|
24
|
+
#
|
25
|
+
# # config/environments/production.rb
|
26
|
+
# config.action_mailbox.ingress = :relay
|
27
|
+
#
|
28
|
+
# 2. Generate a strong password that Action Mailbox can use to authenticate requests to the ingress.
|
29
|
+
#
|
30
|
+
# Use <tt>rails credentials:edit</tt> to add the password to your application's encrypted credentials under
|
31
|
+
# +action_mailbox.ingress_password+, where Action Mailbox will automatically find it:
|
32
|
+
#
|
33
|
+
# action_mailbox:
|
34
|
+
# ingress_password: ...
|
35
|
+
#
|
36
|
+
# Alternatively, provide the password in the +RAILS_INBOUND_EMAIL_PASSWORD+ environment variable.
|
37
|
+
#
|
38
|
+
# 3. Configure your SMTP server to pipe inbound emails to the appropriate ingress command, providing the +URL+ of the
|
39
|
+
# relay ingress and the +INGRESS_PASSWORD+ you previously generated.
|
40
|
+
#
|
41
|
+
# If your application lives at <tt>https://example.com</tt>, you would configure the Postfix SMTP server to pipe
|
42
|
+
# inbound emails to the following command:
|
43
|
+
#
|
44
|
+
# bin/rails action_mailbox:ingress:postfix URL=https://example.com/rails/action_mailbox/postfix/inbound_emails INGRESS_PASSWORD=...
|
45
|
+
#
|
46
|
+
# Built-in ingress commands are available for these popular SMTP servers:
|
47
|
+
#
|
48
|
+
# - Exim (<tt>bin/rails action_mailbox:ingress:exim)
|
49
|
+
# - Postfix (<tt>bin/rails action_mailbox:ingress:postfix)
|
50
|
+
# - Qmail (<tt>bin/rails action_mailbox:ingress:qmail)
|
51
|
+
class Ingresses::Relay::InboundEmailsController < ActionMailbox::BaseController
|
52
|
+
before_action :authenticate_by_password, :require_valid_rfc822_message
|
53
|
+
|
54
|
+
def create
|
55
|
+
ActionMailbox::InboundEmail.create_and_extract_message_id! request.body.read
|
56
|
+
end
|
57
|
+
|
58
|
+
private
|
59
|
+
def require_valid_rfc822_message
|
60
|
+
unless request.content_type == "message/rfc822"
|
61
|
+
head :unsupported_media_type
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|