Merge pull request #10593 from neinteractiveliterature/cloudflare-email-forwarder

CloudFlare email forwarding

Author: nbudin

.env.development

@@ -35,3 +35,4 @@ DEVELOPMENT_DATABASE_URL=postgresql://localhost/intercode_development
 INTERCODE_HOST=intercode.test
 TEST_DATABASE_URL=postgresql://localhost/intercode_test
 UPLOADS_HOST=uploads.intercode.test:5050
+EMAIL_FORWARDERS_API_TOKEN=abc123

.github/workflows/release.yml

@@ -38,6 +38,16 @@ jobs:
       - run: flyctl deploy --remote-only -a intercode
         env:
           FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+  cloudflare-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Deploy to Cloudflare
+        uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          workingDirectory: ./cloudflare
   notify-slack:
     runs-on: ubuntu-latest
     needs:

app/controllers/email_forwarders_controller.rb

@@ -0,0 +1,15 @@
+class EmailForwardersController < ApplicationController
+  before_action :enforce_authentication
+
+  def show
+    render json: { forward_addresses: EmailForwardingRouter.new(params[:address]).forward_addresses }
+  end
+
+  private
+
+  def enforce_authentication
+    authenticate_or_request_with_http_token do |token|
+      ActiveSupport::SecurityUtils.secure_compare(token, ENV.fetch("EMAIL_FORWARDERS_API_TOKEN"))
+    end
+  end
+end

app/services/email_forwarding_router.rb

@@ -0,0 +1,67 @@
+class EmailForwardingRouter
+  attr_reader :address
+
+  def initialize(address)
+    @address = EmailRoute.normalize_address(address)
+  end
+
+  def convention_by_domain
+    return @convention_by_domain if defined?(@convention_by_domain)
+    @convention_by_domain ||= Convention.find_by(domain: Mail::Address.new(address).domain)
+  end
+
+  def convention_by_events_domain
+    return @convention_by_events_domain if defined?(@convention_by_events_domain)
+    @convention_by_events_domain ||= Convention.find_by(event_mailing_list_domain: Mail::Address.new(address).domain)
+  end
+
+  def forward_addresses
+    [
+      *staff_positions_for_recipient.flat_map { |sp| sp.user_con_profiles.map(&:email) + sp.cc_addresses },
+      *team_members_for_recipient.flat_map { |tm| tm.user_con_profile.email },
+      *email_routes_for_recipient.flat_map(&:forward_addresses)
+    ].compact.uniq
+  end
+
+  def staff_positions_for_recipient
+    @staff_positions_for_recipient ||=
+      if convention_by_domain
+        if convention_by_domain.email_mode == "staff_emails_to_catch_all"
+          [convention_by_domain.catch_all_staff_position].compact
+        else
+          matched_positions =
+            convention_by_domain
+              .staff_positions
+              .includes(user_con_profiles: :user)
+              .select do |sp|
+                full_email_aliases = sp.email_aliases.map { |ea| "#{ea}@#{convention_by_domain.domain}" }
+                destinations = [sp.email, *full_email_aliases].map { |dest| EmailRoute.normalize_address(dest) }
+                destinations.include?(address)
+              end
+
+          matched_positions.any? ? matched_positions : [convention_by_domain.catch_all_staff_position].compact
+        end
+      else
+        []
+      end
+  end
+
+  def team_members_for_recipient
+    @team_members_for_recipient ||=
+      if convention_by_events_domain
+        events =
+          convention_by_events_domain.events.select do |event|
+            next if event.team_mailing_list_name.blank?
+            full_alias = "#{event.team_mailing_list_name}@#{convention_by_events_domain.event_mailing_list_domain}"
+            EmailRoute.normalize_address(full_alias) == address
+          end
+        TeamMember.where(event_id: events.map(&:id)).includes(user_con_profile: :user).to_a
+      else
+        []
+      end
+  end
+
+  def email_routes_for_recipient
+    @email_routes_for_recipient ||= EmailRoute.where(receiver_address: address)
+  end
+end

app/services/receive_email_service.rb …ervices/forward_email_via_ses_service.rbapp/services/receive_email_service.rb renamed to app/services/forward_email_via_ses_service.rb app/services/receive_email_service.rb renamed to app/services/forward_email_via_ses_service.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-class ReceiveEmailService < CivilService::Service
+class ForwardEmailViaSesService < CivilService::Service
   def self.ses_client
     @ses_client ||= Aws::SES::Client.new
   end
@@ -27,7 +27,7 @@ def inner_call
       forward_addresses = forward_addresses_for_recipient(recipient)
 
       if forward_addresses
-        Rails.logger.debug { "Forwarding mail for #{recipient} -> #{forward_addresses.join(', ')}" }
+        Rails.logger.debug { "Forwarding mail for #{recipient} -> #{forward_addresses.join(", ")}" }
         forward_email(recipient, forward_addresses)
       elsif intercode_address?(recipient)
         Rails.logger.warn("Could not find matching route for #{recipient}, sending bounce")
@@ -68,62 +68,20 @@ def intercode_domains
   end
 
   def forward_addresses_for_recipient(recipient)
-    address = EmailRoute.normalize_address(recipient)
-
-    staff_positions = staff_positions_for_recipient(address)
-    return staff_positions.flat_map { |sp| sp.user_con_profiles.map(&:email) + sp.cc_addresses } if staff_positions
-
-    team_members = team_members_for_recipient(address)
-    return team_members.flat_map { |tm| tm.user_con_profile.email } if team_members
-
-    route = EmailRoute.find_by(receiver_address: address)
-    route&.forward_addresses
-  end
-
-  def staff_positions_for_recipient(address)
-    convention = Convention.find_by(domain: Mail::Address.new(address).domain)
-    return nil unless convention
-
-    return [convention.catch_all_staff_position].compact if convention.email_mode == 'staff_emails_to_catch_all'
-
-    matched_positions =
-      convention
-        .staff_positions
-        .includes(user_con_profiles: :user)
-        .select do |sp|
-          full_email_aliases = sp.email_aliases.map { |ea| "#{ea}@#{convention.domain}" }
-          destinations = [sp.email, *full_email_aliases].map { |dest| EmailRoute.normalize_address(dest) }
-          destinations.include?(address)
-        end
-    return matched_positions if matched_positions.any?
-
-    [convention.catch_all_staff_position].compact
-  end
-
-  def team_members_for_recipient(address)
-    convention = Convention.find_by(event_mailing_list_domain: Mail::Address.new(address).domain)
-    return nil unless convention
-
-    events =
-      convention.events.select do |event|
-        next if event.team_mailing_list_name.blank?
-        full_alias = "#{event.team_mailing_list_name}@#{convention.event_mailing_list_domain}"
-        EmailRoute.normalize_address(full_alias) == address
-      end
-    TeamMember.where(event_id: events.map(&:id)).includes(user_con_profile: :user).to_a
+    EmailForwardingRouter.new(recipient).forward_addresses
   end
 
   def headers_for_forwarding(forward_message)
     {
-      'X-Intercode-Original-Return-Path' => forward_message.header['Return-Path'],
-      'Return-Path' => "bounces@#{mailer_host}",
-      'X-Intercode-Original-Sender' => forward_message.header['Sender'],
-      'Sender' => nil,
-      'X-Intercode-Original-Source' => forward_message.header['Source'],
-      'Source' => nil,
-      'DKIM-Signature' => nil, # SES will re-sign the message for us
-      'X-SES-CONFIGURATION-SET' => 'default',
-      'X-Intercode-Message-ID' => message_id
+      "X-Intercode-Original-Return-Path" => forward_message.header["Return-Path"],
+      "Return-Path" => "bounces@#{mailer_host}",
+      "X-Intercode-Original-Sender" => forward_message.header["Sender"],
+      "Sender" => nil,
+      "X-Intercode-Original-Source" => forward_message.header["Source"],
+      "Source" => nil,
+      "DKIM-Signature" => nil, # SES will re-sign the message for us
+      "X-SES-CONFIGURATION-SET" => "default",
+      "X-Intercode-Message-ID" => message_id
     }
   end
 
@@ -166,8 +124,8 @@ def forward_email(original_recipient, new_recipients)
     begin
       self.class.ses_client.send_raw_email({ raw_message: { data: forward_message.to_s } })
     rescue Aws::SES::Errors::InvalidParameterValue => e
-      if e.message.include?('Message length is more')
-        send_bounce(original_recipient, bounce_type: 'MessageTooLarge')
+      if e.message.include?("Message length is more")
+        send_bounce(original_recipient, bounce_type: "MessageTooLarge")
       else
         send_bounce(original_recipient)
       end
@@ -178,7 +136,7 @@ def mailer_host
     Rails.application.config.action_mailer.default_url_options[:host]
   end
 
-  def send_bounce(recipient, bounce_type: 'DoesNotExist')
+  def send_bounce(recipient, bounce_type: "DoesNotExist")
     self.class.ses_client.send_bounce(
       {
         original_message_id: message_id,

app/services/receive_sns_email_delivery_service.rb

@@ -34,7 +34,7 @@ def inner_call
     end
 
     begin
-      ReceiveEmailService.new(recipients:, load_email: -> { email }, message_id:).call
+      ForwardEmailViaSesService.new(recipients:, load_email: -> { email }, message_id:).call
     rescue StandardError => e
       ErrorReporting.error(e, recipients:, message_id:)
       raise e

cloudflare/.dev.vars

@@ -0,0 +1 @@
+EMAIL_FORWARDERS_API_TOKEN="abc123"

cloudflare/intercode-email-forwarder.ts

@@ -0,0 +1,40 @@
+import { EmailMessage } from 'cloudflare:email';
+
+async function getDestinations(message: EmailMessage, env: Env): Promise<string[]> {
+  const recipient = message.to.toLowerCase();
+  const url = new URL(`/email_forwarders/${message.to}`, env.INTERCODE_URL);
+  const response = await fetch(url, {
+    method: 'GET',
+    headers: {
+      Authorization: `Token ${env.EMAIL_FORWARDERS_API_TOKEN}`,
+    },
+  });
+
+  if (!response.ok) {
+    console.error(`Failed to fetch destinations for ${recipient}:`, response.statusText);
+    return [];
+  }
+
+  const json = (await response.json()) as { forward_addresses?: string[] };
+  return json.forward_addresses || [];
+}
+
+export default {
+  async email(message, env) {
+    const forwardList = await getDestinations(message, env);
+
+    if (forwardList.length > 0) {
+      const promises = forwardList.map(async (email) => {
+        try {
+          await message.forward(email);
+          console.log(`Forwarded email from ${message.from} to ${email}`);
+        } catch (error) {
+          console.error(`Failed to forward email from ${message.from} to ${email}:`, error);
+        }
+      });
+      await Promise.all(promises);
+    } else {
+      message.setReject('Unknown destination address');
+    }
+  },
+} satisfies ExportedHandler<Env>;

cloudflare/tsconfig.json

@@ -0,0 +1,6 @@
+{
+  "compilerOptions": {
+    "lib": ["ES2020"],
+    "types": ["./worker-configuration.d.ts"]
+  }
+}