Class: Collavre::SesSettingsInterceptor

Inherits:
Object
  • Object
show all
Defined in:
lib/collavre/ses_settings_interceptor.rb

Overview

ActionMailer interceptor that injects AWS SES SMTP settings (address, user_name, password) into each outgoing message at send time, sourced from ‘IntegrationSettings` (DB > ENV) with a Rails credentials fallback.

Registered via ‘Collavre::Engine` so admins can rotate SES credentials through `/admin/integrations` without redeploying. Only acts on SMTP delivery — other delivery methods (`:test`, `:letter_opener`, etc.) pass through untouched.

Constant Summary collapse

SES_ADDRESS_PATTERN = 
/\Aemail-smtp\.[a-z0-9-]+\.amazonaws\.com\z/

Class Method Summary collapse

Class Method Details

.delivering_email(message) ⇒ Object 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/collavre/ses_settings_interceptor.rb', line 16

def delivering_email(message)
  return unless message.delivery_method.is_a?(::Mail::SMTP)

  settings = message.delivery_method.settings
  # Scope to SES-bound messages only. The engine registers this
  # interceptor globally, so host apps using a non-SES SMTP provider
  # (SendGrid, Mailgun, custom relay) must pass through untouched —
  # otherwise we'd clobber their address/user_name/password.
  return unless ses_target?(settings)

  region = resolve_region
  creds  = Collavre::AwsCredentials.ses_smtp

  settings[:address] = "email-smtp.#{region}.amazonaws.com" if region.present?
  # `AwsCredentials.ses_smtp` returns only source-coherent pairs (both DB,
  # both ENV, or both credentials). When admins save just one half via
  # /admin/integrations while the other still lives in ENV, the helper
  # drops the partial DB write and falls through to a coherent ENV/cred
  # pair, avoiding mismatched (db-user, env-pass) injections that would
  # break every SMTP delivery.
  if creds[:user_name].present? && creds[:password].present?
    settings[:user_name] = creds[:user_name]
    settings[:password]  = creds[:password]
  else
    # No coherent pair available (admin reset DB and no ENV/credentials
    # fallback). Clear stale settings so we don't keep using boot-time
    # or previously-injected credentials — these keys are registered
    # with requires_restart: false, so runtime reset must take effect.
    settings.delete(:user_name)
    settings.delete(:password)
  end
end