1 files changed, 65 insertions, 0 deletions

diff --git a/app/controllers/members/mailgun/permanent_failures_controller.rb b/app/controllers/members/mailgun/permanent_failures_controller.rb
new file mode 100644
index 00000000000..685faa34694
--- /dev/null
+++ b/app/controllers/members/mailgun/permanent_failures_controller.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Members
+  module Mailgun
+    class PermanentFailuresController < ApplicationController
+      respond_to :json
+
+      skip_before_action :authenticate_user!
+      skip_before_action :verify_authenticity_token
+
+      before_action :ensure_feature_enabled!
+      before_action :authenticate_signature!
+      before_action :validate_invite_email!
+
+      feature_category :authentication_and_authorization
+
+      def create
+        webhook_processor.execute
+
+        head :ok
+      end
+
+      private
+
+      def ensure_feature_enabled!
+        render_406 unless Gitlab::CurrentSettings.mailgun_events_enabled?
+      end
+
+      def authenticate_signature!
+        access_denied! unless valid_signature?
+      end
+
+      def valid_signature?
+        return false if Gitlab::CurrentSettings.mailgun_signing_key.blank?
+
+        # per this guide: https://documentation.mailgun.com/en/latest/user_manual.html#webhooks
+        digest = OpenSSL::Digest.new('SHA256')
+        data = [params.dig(:signature, :timestamp), params.dig(:signature, :token)].join
+
+        hmac_digest = OpenSSL::HMAC.hexdigest(digest, Gitlab::CurrentSettings.mailgun_signing_key, data)
+
+        ActiveSupport::SecurityUtils.secure_compare(params.dig(:signature, :signature), hmac_digest)
+      end
+
+      def validate_invite_email!
+        # permanent_failures webhook does not provide a way to filter failures, so we'll get them all on this endpoint
+        # and we only care about our invite_emails
+        render_406 unless payload[:tags]&.include?(::Members::Mailgun::INVITE_EMAIL_TAG)
+      end
+
+      def webhook_processor
+        ::Members::Mailgun::ProcessWebhookService.new(payload)
+      end
+
+      def payload
+        @payload ||= params.permit!['event-data']
+      end
+
+      def render_406
+        # failure to stop retries per https://documentation.mailgun.com/en/latest/user_manual.html#webhooks
+        head :not_acceptable
+      end
+    end
+  end
+end