working version

Author: tmacedo

README.md

@@ -14,50 +14,31 @@ Create a rule to forward email to this plugin
 
 ```
 match_recipient(“reply-.*@mydiscourse.domain”)
-forward(“https://mydiscourse.domain/admin/plugin/mailgun”)
+forward(“https://mydiscourse.domain/mailgun/incoming”)
 ```
 
 ### Installing
 
-A step by step series of examples that tell you have to get a development env running
-
-Say what the step will be
-
-```
-Give the example
-```
-
-And repeat
-
-```
-until finished
-```
-
-End with an example of getting some data out of the system or using it for a little demo
+Installing this plugin should be as simple as following the [Discourse Plugin installation tutorial](https://meta.discourse.org/t/install-a-plugin/19157)
 
 ## Running the tests
 
-Explain how to run the automated tests for this system
-
-### Break down into end to end tests
+In order to run tests you'll need a Discourse development environment such as the [vagrant](https://github.com/discourse/discourse/blob/master/docs/VAGRANT.md) one.
 
-Explain what these tests test and why
+You can then run the tests with `rake plugin:spec[discourse-mailgun]`
 
-```
-Give an example
-```
+## Deployment
 
-### And coding style tests
+Once the plugin is installed, you'll need to configure a few things:
 
-Explain what these tests test and why
+* Mailgun API key - which you can retrieve in your mailgun settings
+* Discourse Base URL - the URL where your discourse is available
+* Discourse API key - you can create one in the discourse admin panel
+* Discourse API username
 
-```
-Give an example
-```
+You can do this in the plugin settings page.
 
-## Deployment
-
-Once the plugin is installed, you'll need to configure your Mailgun API key. You can do this in the plugin settings page.
+You'll also need to enable "manual polling enabled" in your discourse email settings admin panel.
 
 ## Built With
 
@@ -71,20 +52,14 @@ Please read [CONTRIBUTING.md](https://gist.github.com/PurpleBooth/b24679402957c6
 
 ## Versioning
 
-We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags). 
+We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/reallyreally/discourse-mailgun/tags). 
 
 ## Authors
 
-* **Author Name** - *Initial work* - [Company](https://really.ai/)
+* **Tiago Macedo** - *Initial work* - [Really Really Inc](https://really.ai/)
 
 See also the list of [contributors](https://github.com/reallyreally/discourse-mailgun/contributors) who participated in this project.
 
 ## License
 
 This project is licensed under the Apache 2.0 - see the [LICENSE.md](LICENSE.md) file for details
-
-## Acknowledgments
-
-* Hat tip to anyone who's code was used
-* Inspiration
-* etc

config/settings.yml

@@ -2,3 +2,12 @@ plugins:
   mailgun_api_key:
     default: your_mailgun_api_key
     client: false
+  discourse_base_url:
+    default: https://some-url.com
+    client: false
+  discourse_api_key:
+    default: some-api-key
+    client: false
+  discourse_api_username:
+    default: api_username
+    client: false

plugin.rb

@@ -7,11 +7,28 @@
 require 'openssl'
 
 after_initialize do
-
   module ::DiscourseMailgun
     class Engine < ::Rails::Engine
       engine_name "discourse-mailgun"
       isolate_namespace DiscourseMailgun
+
+      class << self
+        # signature verification filter
+        def verify_signature(timestamp, token, signature, api_key)
+          digest = OpenSSL::Digest::SHA256.new
+          data = [timestamp, token].join
+          hex = OpenSSL::HMAC.hexdigest(digest, api_key, data)
+
+          signature == hex
+        end
+
+        # posting the email through the discourse api
+        def post(url, params)
+          Excon.post(url,
+            :body => URI.encode_www_form(params),
+            :headers => { "Content-Type" => "application/x-www-form-urlencoded" })
+        end
+      end
     end
   end
 
@@ -20,7 +37,7 @@ class Engine < ::Rails::Engine
   class DiscourseMailgun::MailgunController < ::ApplicationController
     before_filter :verify_signature
 
-    def webhook
+    def incoming
       mg_body    = params['body-plain']
       mg_subj    = params['subject']
       mg_to      = params['To']
@@ -35,9 +52,14 @@ def webhook
         body    mg_body
       end
 
-      raw_email = m.to_s
+      handler_url = SiteSetting.discourse_base_url + "/admin/email/handle_mail"
 
-      render json: "done"
+      params = {'email'        => m.to_s,
+                'api_key'      => SiteSetting.discourse_api_key,
+                'api_username' => SiteSetting.discourse_api_username}
+      ::DiscourseMailgun::Engine.post(handler_url, params)
+
+      render plain: "done"
     end
 
     # we mark this controller as an API
@@ -46,21 +68,18 @@ def is_api?
       true
     end
 
-    private 
+    private
 
-    # signature verification filter
     def verify_signature
-      digest = OpenSSL::Digest::SHA256.new
-      data = [params['timestamp'], params['token']].join
-      hex = OpenSSL::HMAC.hexdigest(digest, SiteSetting.mailgun_api_key, data)
-
-      render json: {}, :status => :unauthorized unless params['signature'] == hex
+      unless ::DiscourseMailgun::Engine.verify_signature(params['timestamp'], params['token'], params['signature'], SiteSetting.mailgun_api_key)
+        render json: {}, :status => :unauthorized
+      end
     end
   end
 
 
   DiscourseMailgun::Engine.routes.draw do
-    post "/webhook" => "mailgun#webhook"
+    post "/incoming" => "mailgun#incoming"
   end
 
   Discourse::Application.routes.append do

spec/engine_spec.rb

@@ -0,0 +1,16 @@
+require 'rails_helper'
+
+describe DiscourseMailgun do
+  it "fails signature verification on an invalid input" do
+    expect(DiscourseMailgun::Engine.verify_signature('timestamp', 'token', 'sig', 'key')).to eq(false)
+  end
+
+  it "succeeds with correct input" do
+    token = "d36d8af15b9694f9077abc4bb1be5475d4e9953329c9c0085e"
+    sig = "925a06d45995704642609e93ae5e526ded7a0e2413f4094e794851c06b2561d6"
+    ts = "1500815643"
+    key = "key-ba22e794c07d6aacc4b0c51a2a7f615d"
+
+    expect(DiscourseMailgun::Engine.verify_signature(ts, token, sig, key)).to eq(true)
+  end
+end