aboutsummaryrefslogtreecommitdiffstats
path: root/actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb')
-rw-r--r--actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb124
1 files changed, 63 insertions, 61 deletions
diff --git a/actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb b/actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
index 5a85e6b7f0..2a3b1619b9 100644
--- a/actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
+++ b/actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb
@@ -1,80 +1,82 @@
# frozen_string_literal: true
-# Ingests inbound emails from Mandrill.
-#
-# Requires a +mandrill_events+ parameter containing a JSON array of Mandrill inbound email event objects.
-# Each event is expected to have a +msg+ object containing a full RFC 822 message in its +raw_msg+ property.
-#
-# Returns:
-#
-# - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
-# - <tt>401 Unauthorized</tt> if the request's signature could not be validated
-# - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mandrill
-# - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
-# - <tt>500 Server Error</tt> if the Mandrill API key is missing, or one of the Active Record database,
-# the Active Storage service, or the Active Job backend is misconfigured or unavailable
-class ActionMailbox::Ingresses::Mandrill::InboundEmailsController < ActionMailbox::BaseController
- before_action :authenticate
+module ActionMailbox
+ # Ingests inbound emails from Mandrill.
+ #
+ # Requires a +mandrill_events+ parameter containing a JSON array of Mandrill inbound email event objects.
+ # Each event is expected to have a +msg+ object containing a full RFC 822 message in its +raw_msg+ property.
+ #
+ # Returns:
+ #
+ # - <tt>204 No Content</tt> if an inbound email is successfully recorded and enqueued for routing to the appropriate mailbox
+ # - <tt>401 Unauthorized</tt> if the request's signature could not be validated
+ # - <tt>404 Not Found</tt> if Action Mailbox is not configured to accept inbound emails from Mandrill
+ # - <tt>422 Unprocessable Entity</tt> if the request is missing required parameters
+ # - <tt>500 Server Error</tt> if the Mandrill API key is missing, or one of the Active Record database,
+ # the Active Storage service, or the Active Job backend is misconfigured or unavailable
+ class Ingresses::Mandrill::InboundEmailsController < ActionMailbox::BaseController
+ before_action :authenticate
- def create
- raw_emails.each { |raw_email| ActionMailbox::InboundEmail.create_and_extract_message_id! raw_email }
- head :ok
- rescue JSON::ParserError => error
- logger.error error.message
- head :unprocessable_entity
- end
-
- private
- def raw_emails
- events.select { |event| event["event"] == "inbound" }.collect { |event| event.dig("msg", "raw_msg") }
- end
-
- def events
- JSON.parse params.require(:mandrill_events)
- end
-
-
- def authenticate
- head :unauthorized unless authenticated?
+ def create
+ raw_emails.each { |raw_email| ActionMailbox::InboundEmail.create_and_extract_message_id! raw_email }
+ head :ok
+ rescue JSON::ParserError => error
+ logger.error error.message
+ head :unprocessable_entity
end
- def authenticated?
- if key.present?
- Authenticator.new(request, key).authenticated?
- else
- raise ArgumentError, <<~MESSAGE.squish
- Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
- encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
- MESSAGE
+ private
+ def raw_emails
+ events.select { |event| event["event"] == "inbound" }.collect { |event| event.dig("msg", "raw_msg") }
end
- end
- def key
- Rails.application.credentials.dig(:action_mailbox, :mandrill_api_key) || ENV["MANDRILL_INGRESS_API_KEY"]
- end
+ def events
+ JSON.parse params.require(:mandrill_events)
+ end
- class Authenticator
- attr_reader :request, :key
- def initialize(request, key)
- @request, @key = request, key
+ def authenticate
+ head :unauthorized unless authenticated?
end
def authenticated?
- ActiveSupport::SecurityUtils.secure_compare given_signature, expected_signature
+ if key.present?
+ Authenticator.new(request, key).authenticated?
+ else
+ raise ArgumentError, <<~MESSAGE.squish
+ Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
+ encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
+ MESSAGE
+ end
end
- private
- def given_signature
- request.headers["X-Mandrill-Signature"]
- end
+ def key
+ Rails.application.credentials.dig(:action_mailbox, :mandrill_api_key) || ENV["MANDRILL_INGRESS_API_KEY"]
+ end
- def expected_signature
- Base64.strict_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, key, message)
+ class Authenticator
+ attr_reader :request, :key
+
+ def initialize(request, key)
+ @request, @key = request, key
end
- def message
- request.url + request.POST.sort.flatten.join
+ def authenticated?
+ ActiveSupport::SecurityUtils.secure_compare given_signature, expected_signature
end
- end
+
+ private
+ def given_signature
+ request.headers["X-Mandrill-Signature"]
+ end
+
+ def expected_signature
+ Base64.strict_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, key, message)
+ end
+
+ def message
+ request.url + request.POST.sort.flatten.join
+ end
+ end
+ end
end