Class: Api::V1::EmailCanaryController

Inherits:

BaseController

• Object
• ActionController::API
• BaseController
• Api::V1::EmailCanaryController

Defined in:

app/controllers/api/v1/email_canary_controller.rb

Overview

Receives hits on the invisible per-recipient canary link embedded in campaign
emails (Communication#canary_link_html). The link is invisible and marked
clicktracking="off", so it is never rewritten by SendGrid and no human can see
it — any fetch is a provable security-scanner / automated link check. We record
the hit on the CommunicationRecipient so Communication::ClickBotScorer can treat
the fetching IP as a confirmed scanner egress.

Always returns a 1x1 transparent GIF, regardless of token validity, so the
endpoint leaks nothing about which tokens are real.

Constant Summary

PIXEL =

43-byte transparent 1x1 GIF.

Base64.decode64('R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7')

Instance Method Summary

• #show ⇒ Object

  GET /v1/email/canary/:token.

Methods inherited from BaseController

#catalog_for_request, #error!, #locale_for_request, #logger, #render_bad_request_response, #render_internal_server_error, #render_not_found_response, #render_result, #render_unprocessable_entity_response, #set_locale, #store_for_request, #underscore_params

Instance Method Details

#show ⇒ Object

GET /v1/email/canary/:token

# File 'app/controllers/api/v1/email_canary_controller.rb', line 17

def show
  recipient_id = Communication::CanaryToken.decode(params[:token])
  CommunicationRecipient.find_by(id: recipient_id)&.record_canary_trip!(ip: request.remote_ip) if recipient_id

  response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate'
  send_data PIXEL, type: 'image/gif', disposition: 'inline'
end