1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-15 15:42:51 +01:00
invoiceninja/app/Services/InboundMail/InboundMailEngine.php

319 lines
12 KiB
PHP
Raw Normal View History

<?php
/**
* Invoice Ninja (https://invoiceninja.com).
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://www.elastic.co/licensing/elastic-license
*/
namespace App\Services\InboundMail;
use App\Factory\ExpenseFactory;
use App\Jobs\Util\SystemLogger;
use App\Libraries\MultiDB;
use App\Models\ClientContact;
2024-05-19 06:55:15 +02:00
use App\Models\Company;
use App\Models\SystemLog;
use App\Models\VendorContact;
use App\Services\EDocument\Imports\ParseEDocument;
use App\Services\InboundMail\InboundMail;
use App\Utils\TempFile;
use App\Utils\Traits\GeneratesCounter;
use App\Utils\Traits\SavesDocuments;
use App\Utils\Traits\MakesHash;
2023-12-18 17:21:15 +01:00
use Cache;
use Illuminate\Queue\SerializesModels;
class InboundMailEngine
{
2024-03-18 08:04:54 +01:00
use SerializesModels, MakesHash;
use GeneratesCounter, SavesDocuments;
2024-06-26 19:00:09 +02:00
private array $globalBlacklist;
private array $globalWhitelist; // only for global validation, not for allowing to send something into the company, should be used to disabled blocking for mass-senders
public function __construct()
{
2024-06-26 19:00:09 +02:00
$this->globalBlacklist = explode(",", config('global_inbound_blocklist'));
$this->globalWhitelist = explode(",", config('global_inbound_whitelist')); // only for global validation, not for allowing to send something into the company, should be used to disabled blocking for mass-senders
}
/**
* if there is not a company with an matching mailbox, we only do monitoring
2023-12-18 17:21:15 +01:00
* reuse this method to add more mail-parsing behaviors
*/
public function handleExpenseMailbox(InboundMail $email)
{
if ($this->isInvalidOrBlocked($email->from, $email->to))
2023-12-18 17:21:15 +01:00
return;
2024-03-18 08:04:54 +01:00
// Expense Mailbox => will create an expense
$company = MultiDB::findAndSetDbByExpenseMailbox($email->to);
if (!$company) {
$this->saveMeta($email->from, $email->to, true);
return;
}
2024-05-22 07:07:27 +02:00
$this->createExpenses($company, $email);
$this->saveMeta($email->from, $email->to);
}
2023-12-18 17:21:15 +01:00
// SPAM Protection
public function isInvalidOrBlocked(string $from, string $to)
2023-12-18 17:21:15 +01:00
{
// invalid email
if (!filter_var($from, FILTER_VALIDATE_EMAIL)) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because from e-mail has the wrong format: ' . $from);
2023-12-18 17:21:15 +01:00
return true;
}
2024-04-07 16:08:34 +02:00
if (!filter_var($to, FILTER_VALIDATE_EMAIL)) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because to e-mail has the wrong format: ' . $from);
2024-04-07 16:08:34 +02:00
return true;
}
2023-12-18 17:21:15 +01:00
$parts = explode('@', $from);
2023-12-18 17:21:15 +01:00
$domain = array_pop($parts);
// global blacklist
2024-05-19 06:55:15 +02:00
if (in_array($from, $this->globalWhitelist)) {
2024-04-07 16:08:34 +02:00
return false;
}
2024-05-19 06:55:15 +02:00
if (in_array($domain, $this->globalWhitelist)) {
return false;
}
if (in_array($domain, $this->globalBlacklist)) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because the domain was found on globalBlocklistDomains: ' . $from);
return true;
}
2024-05-19 06:55:15 +02:00
if (in_array($from, $this->globalBlacklist)) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because the email was found on globalBlocklistEmails: ' . $from);
2023-12-18 17:21:15 +01:00
return true;
}
if (Cache::has('inboundMailBlockedSender:' . $from)) { // was marked as blocked before, so we block without any console output
2023-12-18 17:21:15 +01:00
return true;
}
// sender occured in more than 500 emails in the last 12 hours
2024-04-07 16:08:34 +02:00
$senderMailCountTotal = Cache::get('inboundMailCountSender:' . $from, 0);
2024-05-19 06:31:26 +02:00
if ($senderMailCountTotal >= config('global_inbound_sender_permablock_mailcount')) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked permanent, because the sender sended more than ' . $senderMailCountTotal . ' emails in the last 12 hours: ' . $from);
$this->blockSender($from);
$this->saveMeta($from, $to);
2023-12-18 17:21:15 +01:00
return true;
}
2024-05-19 06:31:26 +02:00
if ($senderMailCountTotal >= config('global_inbound_sender_block_mailcount')) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because the sender sended more than ' . $senderMailCountTotal . ' emails in the last 12 hours: ' . $from);
$this->saveMeta($from, $to);
2023-12-18 17:21:15 +01:00
return true;
}
// sender sended more than 50 emails to the wrong mailbox in the last 6 hours
2024-04-07 16:08:34 +02:00
$senderMailCountUnknownRecipent = Cache::get('inboundMailCountSenderUnknownRecipent:' . $from, 0);
2024-05-19 06:31:26 +02:00
if ($senderMailCountUnknownRecipent >= config('company_inbound_sender_block_unknown_reciepent')) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because the sender sended more than ' . $senderMailCountUnknownRecipent . ' emails to the wrong mailbox in the last 6 hours: ' . $from);
$this->saveMeta($from, $to);
2023-12-18 17:21:15 +01:00
return true;
}
// wrong recipent occurs in more than 100 emails in the last 12 hours, so the processing is blocked
2024-04-07 16:08:34 +02:00
$mailCountUnknownRecipent = Cache::get('inboundMailCountUnknownRecipent:' . $to, 0); // @turbo124 maybe use many to save resources in case of spam with multiple to addresses each time
if ($mailCountUnknownRecipent >= 200) {
2024-04-24 08:40:58 +02:00
nlog('E-Mail blocked, because anyone sended more than ' . $mailCountUnknownRecipent . ' emails to the wrong mailbox in the last 12 hours. Current sender was blocked as well: ' . $from);
$this->blockSender($from);
$this->saveMeta($from, $to);
2024-03-18 08:04:54 +01:00
return true;
2023-12-18 17:21:15 +01:00
}
return false;
}
public function blockSender(string $from)
2023-12-18 17:21:15 +01:00
{
Cache::add('inboundMailBlockedSender:' . $from, true, now()->addHours(12));
2023-12-18 17:21:15 +01:00
2023-12-18 17:24:59 +01:00
// TODO: ignore, when known sender (for heavy email-usage mostly on isHosted())
2023-12-18 17:21:15 +01:00
// TODO: handle external blocking
}
public function saveMeta(string $from, string $to, bool $isUnknownRecipent = false)
2023-12-18 17:21:15 +01:00
{
// save cache
2024-04-07 16:08:34 +02:00
Cache::add('inboundMailCountSender:' . $from, 0, now()->addHours(12));
Cache::increment('inboundMailCountSender:' . $from);
2023-12-18 17:21:15 +01:00
if ($isUnknownRecipent) {
2024-04-07 16:08:34 +02:00
Cache::add('inboundMailCountSenderUnknownRecipent:' . $from, 0, now()->addHours(6));
Cache::increment('inboundMailCountSenderUnknownRecipent:' . $from); // we save the sender, to may block him
2023-12-18 17:21:15 +01:00
2024-04-07 16:08:34 +02:00
Cache::add('inboundMailCountUnknownRecipent:' . $to, 0, now()->addHours(12));
Cache::increment('inboundMailCountUnknownRecipent:' . $to); // we save the sender, to may block him
2023-12-18 17:21:15 +01:00
}
}
2023-12-18 17:24:59 +01:00
// MAIN-PROCESSORS
2024-05-22 07:07:27 +02:00
protected function createExpenses(Company $company, InboundMail $email)
2023-12-18 17:24:59 +01:00
{
// Skipping executions: will not result in not saving Metadata to prevent usage of these conditions, to spam
if (!($company?->expense_mailbox_active ?: false)) {
$this->logBlocked($company, 'mailbox not active for this company. from: ' . $email->from);
return;
}
if (!$this->validateExpenseSender($company, $email)) {
$this->logBlocked($company, 'invalid sender of an ingest email for this company. from: ' . $email->from);
2023-12-18 17:24:59 +01:00
return;
}
if (sizeOf($email->documents) == 0) {
$this->logBlocked($company, 'email does not contain any attachments and is likly not an expense. from: ' . $email->from);
return;
}
2023-12-18 17:24:59 +01:00
// prepare data
$expense_vendor = $this->getVendor($company, $email);
$this->processHtmlBodyToDocument($email);
$parsed_expense_ids = []; // used to check if an expense was already matched within this job
2023-12-18 17:24:59 +01:00
// check documents => optimal when parsed from any source => else create an expense for each document
2024-05-22 07:07:27 +02:00
foreach ($email->documents as $document) {
/** @var \App\Models\Expense $expense */
$expense = null;
// check if document can be parsed to an expense
try {
2024-05-22 07:07:27 +02:00
2024-06-22 18:52:25 +02:00
$expense = (new ParseEDocument($document))->run();
2024-05-22 07:07:27 +02:00
// check if expense was already matched within this job and skip if true
2024-06-22 18:52:25 +02:00
if (array_search($expense->id, $parsed_expense_ids))
continue;
2024-06-22 18:52:25 +02:00
array_push($parsed_expenses, $expense->id);
2024-05-22 07:07:27 +02:00
} catch (\Exception $err) {
// throw error, only, when its not expected
switch (true) {
case ($err->getMessage() === 'E-Invoice standard not supported'):
case ($err->getMessage() === 'File type not supported'):
break;
default:
2024-05-22 07:07:27 +02:00
throw $err;
}
}
2024-06-22 18:52:25 +02:00
$is_imported_by_parser = array_search($expense->id, $parsed_expense_ids);
// populate missing data with data from email
if (!$expense)
$expense = ExpenseFactory::create($company->id, $company->owner()->id);
2024-05-22 07:07:27 +02:00
2024-06-22 19:58:55 +02:00
if ($is_imported_by_parser)
$expense->public_notes = $expense->public_notes . $email->subject;
2024-05-22 07:07:27 +02:00
2024-06-22 19:58:55 +02:00
if ($is_imported_by_parser)
$expense->private_notes = $expense->private_notes . $email->text_body;
if (!$expense->date)
$expense->date = $email->date;
if (!$expense->vendor_id && $expense_vendor)
2024-05-22 07:07:27 +02:00
$expense->vendor_id = $expense_vendor->id;
2024-06-22 18:52:25 +02:00
// save document only, when not imported by parser
$documents = [];
2024-06-22 18:52:25 +02:00
if ($is_imported_by_parser)
array_push($documents, $document);
2024-05-22 07:07:27 +02:00
2024-06-22 18:52:25 +02:00
// email document
if ($email->body_document !== null)
array_push($documents, $email->body_document);
2024-05-22 07:07:27 +02:00
$this->saveDocuments($documents, $expense);
2024-05-22 07:07:27 +02:00
2024-06-22 18:52:25 +02:00
if ($is_imported_by_parser)
$expense->saveQuietly();
else
$expense->save();
}
2023-12-18 17:24:59 +01:00
}
2023-12-18 17:21:15 +01:00
// HELPERS
private function processHtmlBodyToDocument(InboundMail $email)
{
if ($email->body !== null)
$email->body_document = TempFile::UploadedFileFromRaw($email->body, "E-Mail.html", "text/html");
}
private function validateExpenseSender(Company $company, InboundMail $email)
{
$parts = explode('@', $email->from);
$domain = array_pop($parts);
// whitelists
2024-05-19 06:55:15 +02:00
$whitelist = explode(",", $company->inbound_mailbox_whitelist);
if (in_array($email->from, $whitelist))
return true;
2024-05-19 06:55:15 +02:00
if (in_array($domain, $whitelist))
return true;
2024-05-19 06:55:15 +02:00
$blacklist = explode(",", $company->inbound_mailbox_blacklist);
if (in_array($email->from, $blacklist))
2024-03-19 07:55:55 +01:00
return false;
2024-05-19 06:55:15 +02:00
if (in_array($domain, $blacklist))
2024-03-19 07:55:55 +01:00
return false;
// allow unknown
if ($company->inbound_mailbox_allow_unknown)
return true;
// own users
if ($company->inbound_mailbox_allow_company_users && $company->users()->where("email", $email->from)->exists())
return true;
2024-03-25 07:08:41 +01:00
// from vendors
2024-04-03 08:20:36 +02:00
if ($company->inbound_mailbox_allow_vendors && VendorContact::where("company_id", $company->id)->where("email", $email->from)->exists())
return true;
2024-03-25 07:08:41 +01:00
// from clients
2024-04-03 08:20:36 +02:00
if ($company->inbound_mailbox_allow_clients && ClientContact::where("company_id", $company->id)->where("email", $email->from)->exists())
return true;
// denie
return false;
}
private function getClient(Company $company, InboundMail $email)
{
$clientContact = ClientContact::where("company_id", $company->id)->where("email", $email->from)->first();
2024-04-03 15:01:57 +02:00
if (!$clientContact)
return null;
2024-04-03 15:01:57 +02:00
return $clientContact->client();
}
private function getVendor(Company $company, InboundMail $email)
{
2024-04-03 08:33:40 +02:00
$vendorContact = VendorContact::where("company_id", $company->id)->where("email", $email->from)->first();
2024-04-03 15:01:57 +02:00
if (!$vendorContact)
return null;
2024-04-03 15:01:57 +02:00
return $vendorContact->vendor();
}
private function logBlocked(Company $company, string $data)
{
2024-04-24 08:40:58 +02:00
nlog("[InboundMailEngine][company:" . $company->id . "] " . $data);
(
new SystemLogger(
$data,
SystemLog::CATEGORY_MAIL,
SystemLog::EVENT_INBOUND_MAIL_BLOCKED,
SystemLog::TYPE_CUSTOM,
null,
$company
)
)->handle();
}
}