bitstream/fuel-price
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: prevent sensitive field leaks in /me, add retry logic to Brent price sources
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (8.3) (push) Has been cancelled
Details
tests / ci (8.4) (push) Has been cancelled
Details
tests / ci (8.5) (push) Has been cancelled
Details

Browse Source 
- Made `/api/auth/me` public and return explicit allowlist (name, email,
  two_factor_confirmed_at, tier, subscription fields) instead of spreading
  `$user->toArray()` which leaked is_admin, stripe_id, pm_type, pm_last_four,
  postcode. Returns `null` when unauthenticated rather than 401.
- Moved `/auth/logout` to remain behind auth:sanctum gate.
- Added 3×200ms retry with exponential backoff to EiaBrentPriceSource and
  FredBrentPriceSource on ConnectionException or 5xx responses. Timeout
  raised from 10s to 30s.
- Both sources now throw typed BrentPriceFetchException on exhausted retries
  instead of silently returning null + logging. Updated tests to assert
  exception message includes HTTP status or "connection failed".
This commit is contained in:
Ovidiu U
2026-05-01 13:22:36 +01:00
parent df70e514e9
commit 73de53994f
6 changed files with 145 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
tests/Unit/Services/BrentPriceFetcherTest.php
View File

@@ -38,11 +38,24 @@ it('fetches and stores brent prices from EIA', function (): void {
->and(BrentPrice::find('2026-04-02')->price_usd)->toBe('73.80');
});
it('throws when EIA returns a 500', function (): void {
it('throws with HTTP status when EIA returns a 500', function (): void {
Http::fake(['*eia.gov/*' => Http::response([], 500)]);
expect(fn () => $this->fetcher->fetchFromEia())
->toThrow(BrentPriceFetchException::class, 'EIA returned HTTP 500');
});
it('retries EIA on transient 500 and succeeds', function (): void {
Http::fake([
'*eia.gov/*' => Http::sequence()
->push([], 500)
->push(['response' => ['data' => [['period' => '2026-04-01', 'value' => '75.10']]]]),
]);
$this->fetcher->fetchFromEia();
})->throws(BrentPriceFetchException::class);
expect(BrentPrice::count())->toBe(1);
});
it('throws when EIA returns empty data', function (): void {
Http::fake(['*eia.gov/*' => Http::response(['response' => ['data' => []]])]);
@@ -84,11 +97,24 @@ it('fetches and stores brent prices from FRED', function (): void {
expect(BrentPrice::count())->toBe(2);
});
it('throws when FRED fails', function (): void {
it('throws with HTTP status when FRED returns a 500', function (): void {
Http::fake(['*/fred/series/observations*' => Http::response([], 500)]);
expect(fn () => $this->fetcher->fetchFromFred())
->toThrow(BrentPriceFetchException::class, 'FRED returned HTTP 500');
});
it('retries FRED on transient 500 and succeeds', function (): void {
Http::fake([
'*/fred/series/observations*' => Http::sequence()
->push([], 500)
->push(['observations' => [['date' => '2026-04-01', 'value' => '75.10']]]),
]);
$this->fetcher->fetchFromFred();
})->throws(BrentPriceFetchException::class);
expect(BrentPrice::count())->toBe(1);
});
it('filters out FRED missing value markers', function (): void {
Http::fake([