Sha256: e1ec066f0029b88392349627c44bd0ddea34011617e922ec00ffb62948b8259b
Contents?: true
Size: 1.62 KB
Versions: 3
Compression:
Stored size: 1.62 KB
Contents
module Ahoy class MessagesController < ActionController::Base before_filter :set_message def open if @message && !@message.opened_at @message.opened_at = Time.now @message.save! end publish :open send_data Base64.decode64("R0lGODlhAQABAPAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=="), type: "image/gif", disposition: "inline" end def click if @message && !@message.clicked_at @message.clicked_at = Time.now @message.opened_at ||= @message.clicked_at @message.save! end url = params[:url].to_s signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha1"), AhoyEmail.secret_token, url) publish :click, url: params[:url] if secure_compare(params[:signature], signature) redirect_to url else redirect_to main_app.root_url end end protected def set_message @message = AhoyEmail.message_model.where(token: params[:id]).first end def publish(name, event = {}) AhoyEmail.subscribers.each do |subscriber| if subscriber.respond_to?(name) event[:message] = @message event[:controller] = self subscriber.send name, event end end end # from https://github.com/rails/rails/blob/master/activesupport/lib/active_support/message_verifier.rb # constant-time comparison algorithm to prevent timing attacks def secure_compare(a, b) return false unless a.bytesize == b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end end end
Version data entries
3 entries across 3 versions & 1 rubygems
Version | Path |
---|---|
ahoy_email-0.3.0 | app/controllers/ahoy/messages_controller.rb |
ahoy_email-0.2.4 | app/controllers/ahoy/messages_controller.rb |
ahoy_email-0.2.3 | app/controllers/ahoy/messages_controller.rb |