wip

Author: mpociot

src/Http/Controllers/MailgunController.php

@@ -3,34 +3,12 @@
 namespace BeyondCode\Mailbox\Http\Controllers;
 
 use BeyondCode\Mailbox\Facades\Mailbox;
-use BeyondCode\Mailbox\InboundEmail;
-use Carbon\Carbon;
-use Illuminate\Http\Request;
+use BeyondCode\Mailbox\Http\Requests\MailgunRequest;
 
 class MailgunController
 {
-    public function __invoke(Request $request)
+    public function __invoke(MailgunRequest $request)
     {
-        $this->authenticate($request);
-
-        $email = InboundEmail::fromMessage($request->get('body-mime	'));
-
-        Mailbox::callMailboxes($email);
-    }
-
-    protected function authenticate(Request $request)
-    {
-        $data = $request->timestamp.$request->token;
-
-        $signature = hash_hmac('sha256', $data, config('mailbox.services.mailgun.key'));
-
-        $signed = hash_equals($request->signature, $signature);
-
-        abort_unless($signed && $this->isFresh($request->timestamp), 401, 'Invalid Mailgun signature or timestamp.');
-    }
-
-    protected function isFresh($timestamp): bool
-    {
-        return now()->subMinutes(2)->lte(Carbon::createFromTimestamp($timestamp));
+        Mailbox::callMailboxes($request->email());
     }
 }

src/Http/Requests/MailgunRequest.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace BeyondCode\Mailbox\Http\Requests;
+
+use BeyondCode\Mailbox\InboundEmail;
+use Carbon\Carbon;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Validator;
+
+class MailgunRequest extends FormRequest
+{
+    public function validator()
+    {
+        $validator = Validator::make($this->all(), [
+            'body-mime' => 'required',
+            'timestamp' => 'required',
+            'token' => 'required',
+            'signature' => 'required'
+        ]);
+
+        $validator->after(function ($validator) {
+            $this->verifySignature();
+        });
+
+        return $validator;
+    }
+
+    public function email()
+    {
+        return InboundEmail::fromMessage($this->get('body-mime	'));
+    }
+
+    protected function verifySignature()
+    {
+        $data = $this->timestamp.$this->token;
+
+        $signature = hash_hmac('sha256', $data, config('mailbox.services.mailgun.key'));
+
+        $signed = hash_equals($this->signature, $signature);
+
+        abort_unless($signed && $this->isFresh($this->timestamp), 401, 'Invalid Mailgun signature or timestamp.');
+    }
+
+    protected function isFresh($timestamp): bool
+    {
+        return now()->subMinutes(2)->lte(Carbon::createFromTimestamp($timestamp));
+    }
+}

tests/Controllers/MailgunTest.php

@@ -11,7 +11,9 @@ class MailgunTest extends TestCase
     public function it_verifies_mailgun_signatures()
     {
         $this->post('/laravel-mailbox/mailgun/mime', [
+            'body-mime' => 'mime',
             'timestamp' => 1548104992,
+            'token' => 'something',
             'signature' => 'something'
         ])->assertStatus(401);
 
@@ -23,6 +25,7 @@ public function it_verifies_mailgun_signatures()
         $validSignature = hash_hmac('sha256', $timestamp . $token, '12345');
 
         $this->post('/laravel-mailbox/mailgun/mime', [
+            'body-mime' => 'mime',
             'timestamp' => $timestamp,
             'token' => $token,
             'signature' => $validSignature
@@ -40,6 +43,7 @@ public function it_verifies_fresh_timestamps()
         $validSignature = hash_hmac('sha256', $timestamp . $token, '12345');
 
         $this->post('/laravel-mailbox/mailgun/mime', [
+            'body-mime' => 'mime',
             'timestamp' => $timestamp,
             'token' => $token,
             'signature' => $validSignature