refactor(email): validate team membership for email recipients

2025-03-28 14:55:13 +01:00
parent ac7922ca44
commit 09636b413e
1 changed files with 37 additions and 4 deletions
--- a/app/Notifications/Channels/EmailChannel.php
+++ b/app/Notifications/Channels/EmailChannel.php
@@ -2,6 +2,7 @@

 namespace App\Notifications\Channels;

+use App\Models\Team;
 use App\Services\ConfigurationRepository;
 use Exception;
 use Illuminate\Mail\Message;
@@ -20,14 +21,36 @@ class EmailChannel
    public function send(SendsEmail $notifiable, Notification $notification): void
    {
        try {
-            $this->bootConfigs($notifiable);
+            $team = data_get($notifiable, 'id');
+            $members = Team::find($team)->members;
+            $mailerType = $this->bootConfigs($notifiable);
+
            $recipients = $notifiable->getRecipients();
            if (count($recipients) === 0) {
                throw new Exception('No email recipients found');
            }
+            foreach ($recipients as $recipient) {
+                // check if the recipient is part of the team
+                if (! $members->contains('email', $recipient)) {
+                    $emailSettings = $notifiable->emailNotificationSettings;
+                    data_set($emailSettings, 'smtp_password', '********');
+                    data_set($emailSettings, 'resend_api_key', '********');
+                    send_internal_notification(sprintf(
+                        "Recipient is not part of the team: %s\nTeam: %s\nNotification: %s\nNotifiable: %s\nMailer Type: %s\nEmail Settings:\n%s",
+                        $recipient,
+                        $team,
+                        get_class($notification),
+                        get_class($notifiable),
+                        $mailerType,
+                        json_encode($emailSettings, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)
+                    ));
+                    throw new Exception('Recipient is not part of the team');
+                }
+            }

            $mailMessage = $notification->toMail($notifiable);
-            Mail::send(
+
+            Mail::mailer($mailerType)->send(
                [],
                [],
                fn (Message $message) => $message
@@ -52,7 +75,7 @@ class EmailChannel
        }
    }

-    private function bootConfigs($notifiable): void
+    private function bootConfigs($notifiable): string
    {
        $emailSettings = $notifiable->emailNotificationSettings;

@@ -62,9 +85,19 @@ class EmailChannel
                throw new Exception('No email settings found.');
            }

-            return;
+            return $type;
        }

        $this->configRepository->updateMailConfig($emailSettings);
+
+        if ($emailSettings->resend_enabled) {
+            return 'resend';
+        }
+
+        if ($emailSettings->smtp_enabled) {
+            return 'smtp';
+        }
+
+        throw new Exception('No email settings found.');
    }
 }