2019-12-18 09:49:57 -06:00
|
|
|
# typed: true
|
2013-09-15 21:17:05 +01:00
|
|
|
require 'openssl'
|
|
|
|
|
|
|
|
|
|
class MailgunController < ApplicationController
|
|
|
|
|
|
2018-09-22 12:55:27 -05:00
|
|
|
skip_before_action :login_required, :only => [:mailgun]
|
|
|
|
|
before_action :verify, :only => [:mailgun]
|
2013-09-15 21:17:05 +01:00
|
|
|
protect_from_forgery with: :null_session
|
|
|
|
|
|
|
|
|
|
def mailgun
|
|
|
|
|
unless params.include? 'body-mime'
|
|
|
|
|
Rails.logger.info "Cannot process Mailgun request, no body-mime sent"
|
|
|
|
|
render_failure "Unacceptable body-mime", 406
|
|
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
todo = MessageGateway.receive(params['body-mime'])
|
|
|
|
|
if todo
|
|
|
|
|
render :xml => todo.to_xml( *todo_xml_params )
|
|
|
|
|
else
|
|
|
|
|
render_failure "Todo not saved", 406
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def verify
|
|
|
|
|
unless params['signature'] == OpenSSL::HMAC.hexdigest(
|
2014-04-11 22:46:10 +02:00
|
|
|
OpenSSL::Digest.new('sha256'),
|
2013-09-15 21:17:05 +01:00
|
|
|
SITE_CONFIG['mailgun_api_key'],
|
|
|
|
|
'%s%s' % [params['timestamp'], params['token']]
|
|
|
|
|
)
|
|
|
|
|
Rails.logger.info "Cannot verify Mailgun signature"
|
|
|
|
|
render_failure "Access denied", 406
|
|
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
