From 116efffdaad04ca4357fffa827ef236f93454378 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Mon, 30 May 2016 17:11:17 +0200
Subject: [PATCH] FEATURE: webhooks support for mailgun

---
 app/controllers/webhooks_controller.rb       | 77 ++++++++++++++++++++
 app/models/admin_dashboard_data.rb           |  7 ++
 config/locales/server.en.yml                 |  2 +
 config/routes.rb                             |  2 +
 config/site_settings.yml                     |  3 +
 lib/email/receiver.rb                        |  8 +-
 spec/controllers/webhooks_controller_spec.rb | 34 +++++++++
 7 files changed, 129 insertions(+), 4 deletions(-)
 create mode 100644 app/controllers/webhooks_controller.rb
 create mode 100644 spec/controllers/webhooks_controller_spec.rb

diff --git a/app/controllers/webhooks_controller.rb b/app/controllers/webhooks_controller.rb
new file mode 100644
index 00000000000..f1278612773
--- /dev/null
+++ b/app/controllers/webhooks_controller.rb
@@ -0,0 +1,77 @@
+require "openssl"
+
+class WebhooksController < ActionController::Base
+
+  def mailgun
+    # can't verify data without an API key
+    return mailgun_failure if SiteSetting.mailgun_api_key.blank?
+
+    # token is a random string of 50 characters
+    token = params.delete("token")
+    return mailgun_failure if token.blank? || token.size != 50
+
+    # prevent replay attack
+    key = "mailgun_token_#{token}"
+    return mailgun_failure unless $redis.setnx(key, 1)
+    $redis.expire(key, 8.hours)
+
+    # ensure timestamp isn't too far from current time
+    timestamp = params.delete("timestamp")
+    return mailgun_failure if (Time.at(timestamp.to_i) - Time.now).abs > 1.hour.to_i
+
+    # check the signature
+    return mailgun_failure unless mailgun_verify(timestamp, token, params["signature"])
+
+    handled = false
+    event = params.delete("event")
+
+    # only handle soft bounces, because hard bounces are also handled
+    # by the "dropped" event and we don't want to increase bounce score twice
+    # for the same message
+    if event == "bounced".freeze && params["error"]["4."]
+      handled = mailgun_process(params, Email::Receiver::SOFT_BOUNCE_SCORE)
+    elsif event == "dropped".freeze
+      handled = mailgun_process(params, Email::Receiver::HARD_BOUNCE_SCORE)
+    end
+
+    handled ? mailgun_success : mailgun_failure
+  end
+
+  private
+
+    def mailgun_failure
+      render nothing: true, status: 406
+    end
+
+    def mailgun_success
+      render nothing: true, status: 200
+    end
+
+    def mailgun_verify(timestamp, token, signature)
+      digest = OpenSSL::Digest::SHA256.new
+      data = "#{timestamp}#{token}"
+      signature == OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data)
+    end
+
+    def mailgun_process(params, bounce_score)
+      return false if params["message-headers"].blank?
+
+      return_path_header = params["message-headers"].first { |h| h[0] == "Return-Path".freeze }
+      return false if return_path_header.blank?
+
+      return_path = return_path_header[1]
+      return false if return_path.blank?
+
+      bounce_key = return_path[/\+verp-(\h{32})@/, 1]
+      return false if bounce_key.blank?
+
+      email_log = EmailLog.find_by(bounce_key: bounce_key)
+      return false if email_log.nil?
+
+      email_log.update_columns(bounced: true)
+      Email::Receiver.update_bounce_score(email_log.user.email, bounce_score)
+
+      true
+    end
+
+end
diff --git a/app/models/admin_dashboard_data.rb b/app/models/admin_dashboard_data.rb
index b5ca6de7550..66a31f88752 100644
--- a/app/models/admin_dashboard_data.rb
+++ b/app/models/admin_dashboard_data.rb
@@ -266,4 +266,11 @@ class AdminDashboardData
     I18n.t('dashboard.email_polling_errored_recently', count: errors) if errors > 0
   end
 
+  def missing_mailgun_api_key
+    return unless SiteSetting.reply_by_email_enabled
+    return unless ActionMailer::Base.smtp_settings[:address]["smtp.mailgun.org"]
+    return unless SiteSetting.mailgun_api_key.blank?
+    I18n.t('dashboard.missing_mailgun_api_key')
+  end
+
 end
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index ff4ca0f808a..11da9082f27 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -798,6 +798,7 @@ en:
     email_polling_errored_recently:
       one: "Email polling has generated an error in the past 24 hours. Look at <a href='/logs' target='_blank'>the logs</a> for more details."
       other: "Email polling has generated %{count} errors in the past 24 hours. Look at <a href='/logs' target='_blank'>the logs</a> for more details."
+    missing_mailgun_api_key: "The server is configured to send emails via mailgun but you haven't provided an API key used the verify the webhook messages."
     bad_favicon_url: "The favicon is failing to load. Check your favicon_url setting in <a href='/admin/site_settings'>Site Settings</a>."
     poll_pop3_timeout: "Connection to the POP3 server is timing out. Incoming email could not be retrieved. Please check your <a href='/admin/site_settings/category/email'>POP3 settings</a> and service provider."
     poll_pop3_auth_error: "Connection to the POP3 server is failing with an authentication error. Please check your <a href='/admin/site_settings/category/email'>POP3 settings</a>."
@@ -1185,6 +1186,7 @@ en:
     block_auto_generated_emails: "Block incoming emails identified as being auto generated."
     bounce_score_threshold: "Max score before we will stop emailing a user. Soft bounce adds 1, hard bounce adds 2, score reset 30 days after last bounce."
     ignore_by_title: "Ignore incoming emails based on their title."
+    mailgun_api_key: "Mailgun API key used to verify webhook messages."
 
     manual_polling_enabled: "Push emails using the API for email replies."
     pop3_polling_enabled: "Poll via POP3 for email replies."
diff --git a/config/routes.rb b/config/routes.rb
index 21459fc9c3f..9a1675e2401 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,6 +16,8 @@ Discourse::Application.routes.draw do
   match "/404", to: "exceptions#not_found", via: [:get, :post]
   get "/404-body" => "exceptions#not_found_body"
 
+  post "webhooks/mailgun" => "webhooks#mailgun"
+
   if Rails.env.development?
     mount Sidekiq::Web => "/sidekiq"
     mount Logster::Web => "/logs"
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 828ddf1dde2..e3176161f8c 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -582,6 +582,9 @@ email:
   ignore_by_title:
     type: list
     default: ''
+  mailgun_api_key:
+    default: ''
+    regex: '^pubkey-\h{32}$'
 
 
 files:
diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index d71cf8ca7da..af3245fde95 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -151,12 +151,12 @@ module Email
 
           if @mail.error_status.present?
             if @mail.error_status.start_with?("4.")
-              update_bounce_score(email_log.user.email, SOFT_BOUNCE_SCORE)
+              Email::Receiver.update_bounce_score(email_log.user.email, SOFT_BOUNCE_SCORE)
             elsif @mail.error_status.start_with?("5.")
-              update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
+              Email::Receiver.update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
             end
           elsif is_auto_generated?
-            update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
+            Email::Receiver.update_bounce_score(email_log.user.email, HARD_BOUNCE_SCORE)
           end
         end
       end
@@ -168,7 +168,7 @@ module Email
       @verp ||= all_destinations.select { |to| to[/\+verp-\h{32}@/] }.first
     end
 
-    def update_bounce_score(email, score)
+    def self.update_bounce_score(email, score)
       # only update bounce score once per day
       key = "bounce_score:#{email}:#{Date.today}"
 
diff --git a/spec/controllers/webhooks_controller_spec.rb b/spec/controllers/webhooks_controller_spec.rb
new file mode 100644
index 00000000000..662833b494b
--- /dev/null
+++ b/spec/controllers/webhooks_controller_spec.rb
@@ -0,0 +1,34 @@
+require "rails_helper"
+
+describe WebhooksController do
+
+  context "mailgun" do
+
+
+    it "works" do
+      SiteSetting.mailgun_api_key = "pubkey-8221462f0c915af3f6f2e2df7aa5a493"
+      token = "705a8ccd2ce932be8e98c221fe701c1b4a0afcb8bbd57726de"
+
+      user = Fabricate(:user, email: "em@il.com")
+      email_log = Fabricate(:email_log, user: user, bounce_key: SecureRandom.hex)
+      return_path = "foo+verp-#{email_log.bounce_key}@bar.com"
+
+      $redis.del("mailgun_token_#{token}")
+      $redis.del("bounce_score:#{user.email}:#{Date.today}")
+      WebhooksController.any_instance.expects(:mailgun_verify).returns(true)
+
+      post :mailgun, "token" => token,
+                     "timestamp" => Time.now.to_i,
+                     "event" => "dropped",
+                     "message-headers" => [["Return-Path", return_path]]
+
+      expect(response).to be_success
+
+      email_log.reload
+      expect(email_log.bounced).to eq(true)
+      expect(email_log.user.user_stat.bounce_score).to eq(2)
+    end
+
+  end
+
+end