ahoy_email 1.0.3 → 2.0.2

data/app/controllers/ahoy/messages_controller.rb

@@ -1,62 +1,44 @@
 module Ahoy
   class MessagesController < ApplicationController
     filters = _process_action_callbacks.map(&:filter) - AhoyEmail.preserve_callbacks
-    if Rails::VERSION::MAJOR >= 5
-      skip_before_action(*filters, raise: false)
-      skip_after_action(*filters, raise: false)
-      skip_around_action(*filters, raise: false)
-    else
-      skip_action_callback *filters
-    end
-
-    before_action :set_message
+    skip_before_action(*filters, raise: false)
+    skip_after_action(*filters, raise: false)
+    skip_around_action(*filters, raise: false)
 
+    # legacy
     def open
-      if @message && !@message.opened_at
-        @message.opened_at = Time.now
-        @message.save!
-      end
-
-      publish :open
-
       send_data Base64.decode64("R0lGODlhAQABAPAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=="), type: "image/gif", disposition: "inline"
     end
 
     def click
-      if @message && !@message.clicked_at
-        @message.clicked_at = Time.now
-        @message.opened_at ||= @message.clicked_at
-        @message.save!
+      if params[:id]
+        # legacy
+        token = params[:id].to_s
+        url = params[:url].to_s
+        signature = params[:signature].to_s
+        expected_signature = OpenSSL::HMAC.hexdigest("SHA1", AhoyEmail::Utils.secret_token, url)
+      else
+        token = params[:t].to_s
+        campaign = params[:c].to_s
+        url = params[:u].to_s
+        signature = params[:s].to_s
+        expected_signature = AhoyEmail::Utils.signature(token: token, campaign: campaign, url: url)
       end
 
-      user_signature = params[:signature].to_s
-      url = params[:url].to_s
-
-      # TODO sign more than just url and transition to HMAC-SHA256
-      digest = "SHA1"
-      signature = OpenSSL::HMAC.hexdigest(digest, AhoyEmail.secret_token, url)
-
-      if ActiveSupport::SecurityUtils.secure_compare(user_signature, signature)
-        publish :click, url: params[:url]
+      if ActiveSupport::SecurityUtils.secure_compare(signature, expected_signature)
+        data = {}
+        data[:campaign] = campaign if campaign
+        data[:token] = token
+        data[:url] = url
+        data[:controller] = self
+        AhoyEmail::Utils.publish(:click, data)
 
         redirect_to url
       else
-        redirect_to AhoyEmail.invalid_redirect_url || main_app.root_url
-      end
-    end
-
-    protected
-
-    def set_message
-      @message = AhoyEmail.message_model.where(token: params[:id]).first
-    end
-
-    def publish(name, event = {})
-      AhoyEmail.subscribers.each do |subscriber|
-        if subscriber.respond_to?(name)
-          event[:message] = @message
-          event[:controller] = self
-          subscriber.send name, event
+        if AhoyEmail.invalid_redirect_url
+          redirect_to AhoyEmail.invalid_redirect_url
+        else
+          render plain: "Link expired", status: :not_found
         end
       end
     end

data/app/models/ahoy/click.rb

@@ -0,0 +1,5 @@
+module Ahoy
+  class Click < ActiveRecord::Base
+    self.table_name = "ahoy_clicks"
+  end
+end

data/app/models/ahoy/message.rb

@@ -2,6 +2,6 @@ module Ahoy
   class Message < ActiveRecord::Base
     self.table_name = "ahoy_messages"
 
-    belongs_to :user, (ActiveRecord::VERSION::MAJOR >= 5 ? {optional: true} : {}).merge(polymorphic: true)
+    belongs_to :user, polymorphic: true, optional: true
   end
 end

data/config/routes.rb

@@ -4,6 +4,9 @@ end
 
 AhoyEmail::Engine.routes.draw do
   scope module: "ahoy" do
+    get "click" => "messages#click"
+
+    # legacy
     resources :messages, only: [] do
       get :open, on: :member
       get :click, on: :member

data/lib/ahoy_email.rb

@@ -2,37 +2,52 @@
 require "active_support"
 require "addressable/uri"
 require "nokogiri"
-require "openssl"
 require "safely/core"
 
+# stdlib
+require "openssl"
+
 # modules
 require "ahoy_email/processor"
 require "ahoy_email/tracker"
 require "ahoy_email/observer"
 require "ahoy_email/mailer"
+require "ahoy_email/utils"
 require "ahoy_email/version"
+
+# subscribers
+require "ahoy_email/database_subscriber"
+require "ahoy_email/message_subscriber"
+require "ahoy_email/redis_subscriber"
+
+# integrations
 require "ahoy_email/engine" if defined?(Rails)
 
 module AhoyEmail
-  mattr_accessor :secret_token, :default_options, :subscribers, :invalid_redirect_url, :track_method, :api, :preserve_callbacks
+  mattr_accessor :secret_token, :default_options, :subscribers, :invalid_redirect_url, :track_method, :api, :preserve_callbacks, :save_token
   mattr_writer :message_model
 
   self.api = false
 
   self.default_options = {
-    message: true,
-    open: false,
-    click: false,
+    # message history
+    message: false,
+    user: -> { (defined?(@user) && @user) || (respond_to?(:params) && params && params[:user]) || (message.to.try(:size) == 1 ? (User.find_by(email: message.to.first) rescue nil) : nil) },
+    mailer: -> { "#{self.class.name}##{action_name}" },
+    extra: {},
+
+    # utm params
     utm_params: false,
     utm_source: -> { mailer_name },
     utm_medium: "email",
     utm_term: nil,
     utm_content: nil,
     utm_campaign: -> { action_name },
-    user: -> { @user || (respond_to?(:params) && params && params[:user]) || (message.to.try(:size) == 1 ? (User.find_by(email: message.to.first) rescue nil) : nil) },
-    mailer: -> { "#{self.class.name}##{action_name}" },
+
+    # click analytics
+    click: false,
+    campaign: nil,
     url_options: {},
-    extra: {},
     unsubscribe_links: false
   }
 
@@ -52,6 +67,7 @@ module AhoyEmail
     end
 
     ahoy_message.token = data[:token] if ahoy_message.respond_to?(:token=)
+    ahoy_message.campaign = data[:campaign] if ahoy_message.respond_to?(:campaign=)
 
     ahoy_message.assign_attributes(data[:extra] || {})
 
@@ -61,6 +77,8 @@ module AhoyEmail
     ahoy_message
   end
 
+  self.save_token = false
+
   self.subscribers = []
 
   self.preserve_callbacks = []
@@ -72,10 +90,17 @@ module AhoyEmail
     model = model.call if model.respond_to?(:call)
     model
   end
+
+  # shortcut for first subscriber with stats method
+  def self.stats(*args)
+    subscriber = subscribers.find { |s| s.is_a?(Class) ? s.method_defined?(:stats) : s.respond_to?(:stats) }
+    subscriber = subscriber.new if subscriber.is_a?(Class)
+    subscriber.stats(*args) if subscriber
+  end
 end
 
 ActiveSupport.on_load(:action_mailer) do
   include AhoyEmail::Mailer
   register_observer AhoyEmail::Observer
-  Mail::Message.send(:attr_accessor, :ahoy_data, :ahoy_message)
+  Mail::Message.send(:attr_accessor, :ahoy_data, :ahoy_message, :ahoy_options)
 end

data/lib/ahoy_email/database_subscriber.rb

@@ -0,0 +1,42 @@
+module AhoyEmail
+  class DatabaseSubscriber
+    def track_send(event)
+      # use has_history to store on Ahoy::Messages
+    end
+
+    def track_click(event)
+      Ahoy::Click.create!(campaign: event[:campaign], token: event[:token])
+    end
+
+    def stats(campaign)
+      sends = Ahoy::Message.where(campaign: campaign).count
+
+      if defined?(ActiveRecord) && Ahoy::Click < ActiveRecord::Base
+        result = Ahoy::Click.where(campaign: campaign).select("COUNT(*) AS clicks, COUNT(DISTINCT token) AS unique_clicks").to_a[0]
+        clicks = result.clicks
+        unique_clicks = result.unique_clicks
+      else
+        clicks = Ahoy::Click.where(campaign: campaign).count
+        # TODO use aggregation framework
+        unique_clicks = Ahoy::Click.where(campaign: campaign).distinct(:token).count
+      end
+
+      if sends > 0 || clicks > 0
+        {
+          sends: sends,
+          clicks: clicks,
+          unique_clicks: unique_clicks,
+          ctr: 100 * unique_clicks / sends.to_f
+        }
+      end
+    end
+
+    def campaigns
+      if defined?(ActiveRecord) && Ahoy::Message < ActiveRecord::Base
+        Ahoy::Message.where.not(campaign: nil).distinct.pluck(:campaign)
+      else
+        Ahoy::Message.where(campaign: {"$ne" => nil}).distinct(:campaign)
+      end
+    end
+  end
+end

data/lib/ahoy_email/engine.rb

@@ -13,7 +13,9 @@ module AhoyEmail
             app.config
           end
 
-        creds.respond_to?(:secret_key_base) ? creds.secret_key_base : creds.secret_token
+        token = creds.respond_to?(:secret_key_base) ? creds.secret_key_base : creds.secret_token
+        token ||= app.secret_key_base # should come first, but need to maintain backward compatibility
+        token
       end
     end
   end

data/lib/ahoy_email/mailer.rb

@@ -8,15 +8,35 @@ module AhoyEmail
     end
 
     class_methods do
-      def track(**options)
-        before_action(options.slice(:only, :except)) do
-          self.ahoy_options = ahoy_options.merge(message: true).merge(options.except(:only, :except))
-        end
+      def has_history(**options)
+        set_ahoy_options(options, :message)
       end
-    end
 
-    def track(**options)
-      self.ahoy_options = ahoy_options.merge(message: true).merge(options)
+      def utm_params(**options)
+        set_ahoy_options(options, :utm_params)
+      end
+
+      def track_clicks(**options)
+        raise ArgumentError, "missing keyword: :campaign" unless options.key?(:campaign)
+        set_ahoy_options(options, :click)
+      end
+
+      private
+
+      def set_ahoy_options(options, key)
+        allowed_keywords = AhoyEmail::Utils::OPTION_KEYS[key]
+        action_keywords = [:only, :except, :if, :unless]
+
+        unknown_keywords = options.keys - allowed_keywords - action_keywords
+        raise ArgumentError, "unknown keywords: #{unknown_keywords.map(&:inspect).join(", ")}" if unknown_keywords.any?
+
+        # use before_action, since after_action reverses order
+        # https://github.com/rails/rails/issues/27261
+        # callable options aren't run until save_ahoy_options after_action
+        before_action(options.slice(*action_keywords)) do
+          self.ahoy_options = ahoy_options.merge(key => true).merge(options.slice(*allowed_keywords))
+        end
+      end
     end
 
     def ahoy_options
@@ -25,20 +45,28 @@ module AhoyEmail
 
     def save_ahoy_options
       Safely.safely do
-        # do message first for performance
-        message = ahoy_options[:message]
-        message = message.respond_to?(:call) ? instance_exec(&message) : message
-
-        if message
-          options = {}
-          ahoy_options.except(:message).each do |k, v|
-            # execute options in mailer content
-            options[k] = v.respond_to?(:call) ? instance_exec(&v) : v
-          end
+        options = {}
+        call_ahoy_options(options, :message)
+        call_ahoy_options(options, :utm_params)
+        call_ahoy_options(options, :click)
 
+        if options[:message] || options[:utm_params] || options[:click]
           AhoyEmail::Processor.new(self, options).perform
         end
       end
     end
+
+    def call_ahoy_options(options, key)
+      v = ahoy_options[key]
+      options[key] = v.respond_to?(:call) ? instance_exec(&v) : v
+
+      # only call other options if needed
+      if options[key]
+        AhoyEmail::Utils::OPTION_KEYS[key].each do |k|
+          v = ahoy_options[k]
+          options[k] = v.respond_to?(:call) ? instance_exec(&v) : v
+        end
+      end
+    end
   end
 end

data/lib/ahoy_email/message_subscriber.rb

@@ -0,0 +1,12 @@
+module AhoyEmail
+  class MessageSubscriber
+    def track_click(event)
+      message = AhoyEmail.message_model.find_by(token: event[:token])
+      if message
+        message.clicked ||= true if message.respond_to?(:clicked=)
+        message.clicked_at ||= Time.now if message.respond_to?(:clicked_at=)
+        message.save! if message.changed?
+      end
+    end
+  end
+end

data/lib/ahoy_email/processor.rb

@@ -13,9 +13,9 @@ module AhoyEmail
     end
 
     def perform
-      track_open if options[:open]
       track_links if options[:utm_params] || options[:click]
-      track_message
+      track_message if options[:message]
+      message.ahoy_options = options
     end
 
     protected
@@ -35,16 +35,9 @@ module AhoyEmail
         user: options[:user]
       }
 
-      # legacy, remove in next major version
-      user = options[:user]
-      if user
-        data[:user_type] = user.model_name.name
-        id = user.id
-        data[:user_id] = id.is_a?(Integer) ? id : id.to_s
-      end
-
-      if options[:open] || options[:click]
-        data[:token] = token
+      if options[:click]
+        data[:token] = token if AhoyEmail.save_token
+        data[:campaign] = campaign
       end
 
       if options[:utm_params]
@@ -56,33 +49,11 @@ module AhoyEmail
       mailer.message.ahoy_data = data
     end
 
-    def track_open
-      if html_part?
-        raw_source = (message.html_part || message).body.raw_source
-        regex = /<\/body>/i
-        url =
-          url_for(
-            controller: "ahoy/messages",
-            action: "open",
-            id: token,
-            format: "gif"
-          )
-        pixel = ActionController::Base.helpers.image_tag(url, size: "1x1", alt: "")
-
-        # try to add before body tag
-        if raw_source.match(regex)
-          raw_source.gsub!(regex, "#{pixel}\\0")
-        else
-          raw_source << pixel
-        end
-      end
-    end
-
     def track_links
       if html_part?
-        body = (message.html_part || message).body
+        part = message.html_part || message
 
-        doc = Nokogiri::HTML(body.raw_source)
+        doc = Nokogiri::HTML::DocumentFragment.parse(part.body.raw_source)
         doc.css("a[href]").each do |link|
           uri = parse_uri(link["href"])
           next unless trackable?(uri)
@@ -98,21 +69,26 @@ module AhoyEmail
           end
 
           if options[:click] && !skip_attribute?(link, "click")
-            # TODO sign more than just url and transition to HMAC-SHA256
-            signature = OpenSSL::HMAC.hexdigest("SHA1", AhoyEmail.secret_token, link["href"])
+            signature = Utils.signature(token: token, campaign: campaign, url: link["href"])
             link["href"] =
               url_for(
                 controller: "ahoy/messages",
                 action: "click",
-                id: token,
-                url: link["href"],
-                signature: signature
+                t: token,
+                c: campaign,
+                u: link["href"],
+                s: signature
               )
           end
         end
 
-        # hacky
-        body.raw_source.sub!(body.raw_source, doc.to_s)
+        # ampersands converted to &amp;
+        # https://github.com/sparklemotion/nokogiri/issues/1127
+        # not ideal, but should be equivalent in html5
+        # https://stackoverflow.com/questions/15776556/whats-the-difference-between-and-amp-in-html5
+        # escaping technically required before html5
+        # https://stackoverflow.com/questions/3705591/do-i-encode-ampersands-in-a-href
+        part.body = doc.to_s
       end
     end
 
@@ -152,5 +128,10 @@ module AhoyEmail
             .merge(opt)
       AhoyEmail::Engine.routes.url_helpers.url_for(opt)
     end
+
+    # return nil if false
+    def campaign
+      options[:campaign] || nil
+    end
   end
 end