Consider Implementing Validation

[marine44]

Brad - nice work taking on this project!

Just thought I would bring this feature request to your attention so that you might consider implementing it in the mailgun adapter:

https://github.com/thoughtbot/griddler/issues/139

(I did not make any further progress past the end of this thread, it's a but beyond my skillset)

[bradpauly]

@ryanharnwell I'd like to do this and will take a look once I finish extracting the adapter and they take my PR.

[dmarkow]

I'd be interested in this too. The incoming gem does something similar (here's their implementation)

[marine44]

@bradpauly Have you thought any further about adding this in? Nice work so far by the way!

[bradpauly]

@ryanharnwell I'm afraid I haven't had time yet, although I'm still interested in it.

[bradpauly]

@ryanharnwell @dmarkow have either of you implemented this check? I've just added it to an app, but I don't use the built-in routes from griddler so I didn't take the approach of overriding the Griddler::EmailsController. I'm not sure putting this in the adapter is I want to do, but I'm open to discussing.

[dmarkow]

@bradpauly I haven't touched our griddler/mailgun code since last year but I may be revisiting it soon for an upcoming project and can give it some thought.

[stefanosc]

@bradpauly thank you for your work with this adapter. Have you made any decision to implement validation?

[bradpauly]

@stefanosc I'm checking the signature in my app, but I haven't looked into putting it into the adapter yet. I'm not using the built-in routes from griddler so I haven't tried subclassing its controller. There are other examples around, but here's how I'm doing it if you're interested:

require 'openssl'

class Mailgun::BaseController < ApplicationController
  before_filter :verify_webhook

private
  def verify_webhook
    api_key = YOUR_API_KEY
    digest = OpenSSL::Digest::SHA256.new
    data = [params[:timestamp], params[:token]].join
    computed_signature = OpenSSL::HMAC.hexdigest(digest, api_key, data)

    if params[:signature] != computed_signature
      render text:'ERROR', status: :forbidden
    end
  end
end

[stefanosc]

Thank you @bradpauly To be honest I don't think I am going to use Griddler either. I don't really have a use for the project I am working on. The business logic for now is rather simple. Thank you for sharing how you do it, have a great day :smile: