dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix(email notifications): enhance EmailChannel to validate team membership for recipients and handle errors gracefully

Browse Source
This commit is contained in:
Andras Bacsai
2025-08-17 17:59:22 +02:00
parent 91cc52f81e
commit 7925e2e42a
1 changed files with 96 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
app/Notifications/Channels/EmailChannel.php
View File

@@ -2,6 +2,8 @@
namespace App\Notifications\Channels; namespace App\Notifications\Channels;
use App\Models\Team;
use Exception;
use Illuminate\Notifications\Notification; use Illuminate\Notifications\Notification;
use Resend; use Resend;
@@ -11,60 +13,102 @@ class EmailChannel
public function send(SendsEmail $notifiable, Notification $notification): void public function send(SendsEmail $notifiable, Notification $notification): void
{ {
$useInstanceEmailSettings = $notifiable->emailNotificationSettings->use_instance_email_settings; try {
$isTransactionalEmail = data_get($notification, 'isTransactionalEmail', false); // Get team and validate membership before proceeding
$customEmails = data_get($notification, 'emails', null); $team = data_get($notifiable, 'id');
if ($useInstanceEmailSettings || $isTransactionalEmail) { $members = Team::find($team)->members;
$settings = instanceSettings();
} else {
$settings = $notifiable->emailNotificationSettings;
}
$isResendEnabled = $settings->resend_enabled;
$isSmtpEnabled = $settings->smtp_enabled;
if ($customEmails) {
$recipients = [$customEmails];
} else {
$recipients = $notifiable->getRecipients();
}
$mailMessage = $notification->toMail($notifiable);
if ($isResendEnabled) { $useInstanceEmailSettings = $notifiable->emailNotificationSettings->use_instance_email_settings;
$resend = Resend::client($settings->resend_api_key); $isTransactionalEmail = data_get($notification, 'isTransactionalEmail', false);
$from = "{$settings->smtp_from_name} <{$settings->smtp_from_address}>"; $customEmails = data_get($notification, 'emails', null);
$resend->emails->send([
'from' => $from, if ($useInstanceEmailSettings || $isTransactionalEmail) {
'to' => $recipients, $settings = instanceSettings();
'subject' => $mailMessage->subject, } else {
'html' => (string) $mailMessage->render(), $settings = $notifiable->emailNotificationSettings;
}
$isResendEnabled = $settings->resend_enabled;
$isSmtpEnabled = $settings->smtp_enabled;
if ($customEmails) {
$recipients = [$customEmails];
} else {
$recipients = $notifiable->getRecipients();
}
// Validate team membership for all recipients
if (count($recipients) === 0) {
throw new Exception('No email recipients found');
}
foreach ($recipients as $recipient) {
// Check if the recipient is part of the team
if (! $members->contains('email', $recipient)) {
$emailSettings = $notifiable->emailNotificationSettings;
data_set($emailSettings, 'smtp_password', '********');
data_set($emailSettings, 'resend_api_key', '********');
send_internal_notification(sprintf(
"Recipient is not part of the team: %s\nTeam: %s\nNotification: %s\nNotifiable: %s\nEmail Settings:\n%s",
$recipient,
$team,
get_class($notification),
get_class($notifiable),
json_encode($emailSettings, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES)
));
throw new Exception('Recipient is not part of the team');
}
}
$mailMessage = $notification->toMail($notifiable);
if ($isResendEnabled) {
$resend = Resend::client($settings->resend_api_key);
$from = "{$settings->smtp_from_name} <{$settings->smtp_from_address}>";
$resend->emails->send([
'from' => $from,
'to' => $recipients,
'subject' => $mailMessage->subject,
'html' => (string) $mailMessage->render(),
]);
} elseif ($isSmtpEnabled) {
$encryption = match (strtolower($settings->smtp_encryption)) {
'starttls' => null,
'tls' => 'tls',
'none' => null,
default => null,
};
$transport = new \Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport(
$settings->smtp_host,
$settings->smtp_port,
$encryption
);
$transport->setUsername($settings->smtp_username ?? '');
$transport->setPassword($settings->smtp_password ?? '');
$mailer = new \Symfony\Component\Mailer\Mailer($transport);
$fromEmail = $settings->smtp_from_address ?? 'noreply@localhost';
$fromName = $settings->smtp_from_name ?? 'System';
$from = new \Symfony\Component\Mime\Address($fromEmail, $fromName);
$email = (new \Symfony\Component\Mime\Email)
->from($from)
->to(...$recipients)
->subject($mailMessage->subject)
->html((string) $mailMessage->render());
$mailer->send($email);
}
} catch (\Throwable $e) {
\Illuminate\Support\Facades\Log::error('EmailChannel failed: '.$e->getMessage(), [
'notification' => get_class($notification),
'notifiable' => get_class($notifiable),
'team_id' => data_get($notifiable, 'id'),
'error' => $e->getMessage(),
'trace' => $e->getTraceAsString(),
]); ]);
} elseif ($isSmtpEnabled) { throw $e;
$encryption = match (strtolower($settings->smtp_encryption)) {
'starttls' => null,
'tls' => 'tls',
'none' => null,
default => null,
};
$transport = new \Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport(
$settings->smtp_host,
$settings->smtp_port,
$encryption
);
$transport->setUsername($settings->smtp_username ?? '');
$transport->setPassword($settings->smtp_password ?? '');
$mailer = new \Symfony\Component\Mailer\Mailer($transport);
$fromEmail = $settings->smtp_from_address ?? 'noreply@localhost';
$fromName = $settings->smtp_from_name ?? 'System';
$from = new \Symfony\Component\Mime\Address($fromEmail, $fromName);
$email = (new \Symfony\Component\Mime\Email)
->from($from)
->to(...$recipients)
->subject($mailMessage->subject)
->html((string) $mailMessage->render());
$mailer->send($email);
} }
} }
} }