]> git.openstreetmap.org Git - rails.git/blob - script/deliver-message
Validate URLs against supply-chain attacks
[rails.git] / script / deliver-message
1 #!/usr/bin/env ruby
2
3 require File.join(File.dirname(__FILE__), "..", "config", "environment")
4
5 if recipient = ARGV[0].match(/^c-(\d+)-(\d+)-(.*)$/)
6   comment = DiaryComment.find(recipient[1])
7   digest = comment.digest
8   date = comment.created_at
9   from = comment.diary_entry.subscribers.find(recipient[2])
10   to = comment.user
11   token = recipient[3]
12 elsif recipient = ARGV[0].match(/^m-(\d+)-(.*)$/)
13   message = Message.find(recipient[1])
14   digest = message.digest
15   date = message.sent_on
16   from = message.recipient
17   to = message.sender
18   token = recipient[2]
19 else
20   exit 0
21 end
22
23 exit 0 unless from.active?
24 exit 0 unless token == digest[0, 6]
25 exit 0 if date < 1.month.ago
26
27 message&.update(:message_read => true)
28
29 mail = Mail.new($stdin.read
30                      .encode(:universal_newline => true)
31                      .encode(:crlf_newline => true))
32
33 message = Message.from_mail(mail, from, to)
34 message.save!
35
36 UserMailer.message_notification(message).deliver
37
38 exit 0