fix(security): resolve F-09 — wrap FcmService::sendToTopic in try-catch, never throw uncaught exceptions
Replaces raw Exception throw with logged error + 500 return. Logs FCM API failures with response body for debugging.
This commit is contained in:
root
@@ -48,6 +48,7 @@ class FcmService
|
||||
return 500;
|
||||
}
|
||||
|
||||
try {
|
||||
$scopes = ['https://www.googleapis.com/auth/firebase.messaging'];
|
||||
|
||||
$creds = new ServiceAccountCredentials($scopes, $this->credentials);
|
||||
@@ -55,7 +56,8 @@ class FcmService
|
||||
$accessToken = $tokenArray['access_token'] ?? null;
|
||||
|
||||
if (!$accessToken) {
|
||||
throw new \Exception("Failed to get access token from Firebase credentials.");
|
||||
Log::error('Failed to get Firebase access token');
|
||||
return 500;
|
||||
}
|
||||
|
||||
$response = Http::withToken($accessToken)
|
||||
@@ -72,6 +74,20 @@ class FcmService
|
||||
]
|
||||
]);
|
||||
|
||||
if (!$response->successful()) {
|
||||
Log::error('FCM send failed', [
|
||||
'status' => $response->status(),
|
||||
'body' => $response->body(),
|
||||
]);
|
||||
}
|
||||
|
||||
return $response->status();
|
||||
} catch (\Exception $e) {
|
||||
Log::error('FCM notification error', [
|
||||
'error' => $e->getMessage(),
|
||||
'topic' => $topic,
|
||||
]);
|
||||
return 500;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user