wip

Author: mpociot

config/mailbox.php

@@ -2,6 +2,16 @@
 
 return [
 
-    'driver' => env('MAILBOX_DRIVER', 'log'),
+    'driver' => env('MAIL_DRIVER', 'log'),
+
+    'path' => 'laravel-mailbox',
+
+    'services' => [
+
+        'mailgun' => [
+            'key' => env('MAILBOX_MAILGUN_KEY'),
+        ]
+
+    ]
 
 ];

database/migrations/create_mailbox_inbound_emails_table.php.stub

@@ -13,6 +13,8 @@ class CreateMailboxInboundEmails extends Migration
     {
         Schema::create('mailbox_inbound_emails', function (Blueprint $table) {
             $table->increments('id');
+            $table->string('message_id');
+            $table->longText('message');
             $table->nullableTimestamps();
         });
     }

src/Contracts/Driver.php

@@ -13,8 +13,6 @@ public function processLog(MessageLogged $log)
     {
         $email = InboundEmail::fromMessage($log->message);
 
-        if ($email->isValid()) {
-            Mailbox::callMailboxes($email);
-        }
+        Mailbox::callMailboxes($email);
     }
 }

src/Drivers/Log.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace BeyondCode\Mailbox\Http\Controllers;
+
+use BeyondCode\Mailbox\Facades\Mailbox;
+use BeyondCode\Mailbox\InboundEmail;
+use Carbon\Carbon;
+use Illuminate\Http\Request;
+
+class MailgunController
+{
+    public function __invoke(Request $request)
+    {
+        $this->authenticate($request);
+
+        $email = InboundEmail::fromMessage($request->get('body-mime	'));
+
+        Mailbox::callMailboxes($email);
+    }
+
+    protected function authenticate(Request $request)
+    {
+        $data = $request->timestamp.$request->token;
+
+        $signature = hash_hmac('sha256', $data, config('mailbox.services.mailgun.key'));
+
+        $signed = hash_equals($request->signature, $signature);
+
+        abort_unless($signed && $this->isFresh($request->timestamp), 401, 'Invalid Mailgun signature or timestamp.');
+    }
+
+    protected function isFresh($timestamp): bool
+    {
+        return now()->subMinutes(2)->lte(Carbon::createFromTimestamp($timestamp));
+    }
+}

src/Http/Controllers/MailgunController.php

@@ -20,7 +20,7 @@ class InboundEmail extends Model
         'message'
     ];
 
-    public static function fromMessage(string $message)
+    public static function fromMessage($message)
     {
         return new static([
             'message' => $message

src/InboundEmail.php

@@ -52,9 +52,11 @@ protected function createRoute(string $subject, string $pattern, $action)
 
     public function callMailboxes(InboundEmail $email)
     {
-        $this->routes->match($email)->map(function (MailboxRoute $route) use ($email) {
-            $route->run($email);
-        });
+        if ($email->isValid()) {
+            $this->routes->match($email)->map(function (MailboxRoute $route) use ($email) {
+                $route->run($email);
+            });
+        }
     }
 
 }

src/MailboxRouter.php

@@ -3,6 +3,8 @@
 namespace BeyondCode\Mailbox;
 
 use BeyondCode\Mailbox\Drivers\Log;
+use BeyondCode\Mailbox\Http\Controllers\MailgunController;
+use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Log\Events\MessageLogged;
 
@@ -18,6 +20,8 @@ public function boot()
                 __DIR__.'/../database/migrations/create_mailbox_inbound_emails_table.php.stub' => database_path('migrations/'.date('Y_m_d_His', time()).'_create_mailbox_inbound_emails_table.php'),
             ], 'migrations');
         }
+
+        $this->registerRoutes();
     }
 
     /**
@@ -40,4 +44,11 @@ protected function registerLogDriver()
     {
         $this->app['events']->listen(MessageLogged::class, [new Log, 'processLog']);
     }
+
+    protected function registerRoutes()
+    {
+        Route::prefix(config('mailbox.path'))->group(function () {
+            Route::post('/mailgun/mime', MailgunController::class);
+        });
+    }
 }

src/MailboxServiceProvider.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace BeyondCode\Mailbox\Tests\Controllers;
+
+use BeyondCode\Mailbox\Tests\TestCase;
+
+class MailgunTest extends TestCase
+{
+
+    /** @test */
+    public function it_verifies_mailgun_signatures()
+    {
+        $this->post('/laravel-mailbox/mailgun/mime', [
+            'timestamp' => 1548104992,
+            'signature' => 'something'
+        ])->assertStatus(401);
+
+        $timestamp = time();
+        $token = uniqid();
+
+        $this->app['config']['mailbox.services.mailgun.key'] = '12345';
+
+        $validSignature = hash_hmac('sha256', $timestamp . $token, '12345');
+
+        $this->post('/laravel-mailbox/mailgun/mime', [
+            'timestamp' => $timestamp,
+            'token' => $token,
+            'signature' => $validSignature
+        ])->assertStatus(200);
+    }
+
+    /** @test */
+    public function it_verifies_fresh_timestamps()
+    {
+        $timestamp = now()->subMinutes(5)->timestamp;
+        $token = uniqid();
+
+        $this->app['config']['mailbox.services.mailgun.key'] = '12345';
+
+        $validSignature = hash_hmac('sha256', $timestamp . $token, '12345');
+
+        $this->post('/laravel-mailbox/mailgun/mime', [
+            'timestamp' => $timestamp,
+            'token' => $token,
+            'signature' => $validSignature
+        ])->assertStatus(401);
+    }
+
+}