# Phase 6 Rollback — Error Handling + PDOA Priority

## What Phase 6 Added

**Modified files:**
- `bootstrap/app.php` — global XML exception handler for `api/wani/v1/*` paths
- `app/Http/Controllers/Wani/RegistryController.php` — added `Priority` field + preferred provider ordering

**Database changes:** NONE

**New config:** Optional `WANI_PREFERRED_PROVIDER_ID` env var (not required)

## How to Roll Back (Local)

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# 1. Restore modified files
cp rollback/phase-6/app.php.before bootstrap/app.php
cp rollback/phase-6/RegistryController.php.before app/Http/Controllers/Wani/RegistryController.php

# 2. Clear caches
php artisan config:clear
php artisan route:clear
php artisan cache:clear
```

After rollback, back to Phase 5 state.

## Impact If NOT Rolled Back

- **Zero functional impact** on existing JSON API
- Global error handler **only activates for `/api/wani/v1/*` paths** — rest of the app uses Laravel defaults
- `RegistryController` change is backward-compatible — only adds `<Priority>` field to response

## Phase 6 Verification

### Test 1: Invalid route returns XML 404

```bash
curl https://flutter.pmwani.net/api/wani/v1/does-not-exist
```

Expected:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>NOT_FOUND</Code>
  <Message>The requested endpoint does not exist</Message>
  <Timestamp>2026-04-21T...</Timestamp>
</Error>
```

### Test 2: Wrong HTTP method returns XML 405

```bash
curl https://flutter.pmwani.net/api/wani/v1/auth/initiate
# (GET on a POST-only route)
```

Expected:
```xml
<Error>
  <Code>METHOD_NOT_ALLOWED</Code>
  <Message>HTTP method not allowed for this endpoint</Message>
</Error>
```

### Test 3: Rate limit returns XML 429

Trigger rate limit (e.g., hit `/hotspots` 70 times in 1 min):
```xml
<Error>
  <Code>RATE_LIMIT_EXCEEDED</Code>
  <Message>Too many requests. Please slow down.</Message>
</Error>
```

### Test 4: PDOA list includes priority

```bash
curl https://flutter.pmwani.net/api/wani/v1/registry/pdoa-list
```

Expected (with Priority field):
```xml
<PDOAs>
  <PDOA>
    <ProviderId>...</ProviderId>
    <Name>Immunity Networks</Name>
    <APIEndpoint>...</APIEndpoint>
    <Domain>app.pmwani.net</Domain>
    <Priority>1</Priority>
  </PDOA>
  <PDOA>
    ...
    <Priority>2</Priority>
  </PDOA>
  ...
  <Count>207</Count>
</PDOAs>
```

### Test 5: Non-wani routes still use Laravel default errors (not affected)

```bash
curl https://flutter.pmwani.net/api/nonexistent
```

Should still return Laravel's default JSON error — proves the handler is scoped to `wani/v1` only.

## Optional: Mark Your PDOA as Priority 1

Set env var on server to push Immunity Networks to the top:

```bash
# Add to server's .env file
echo "WANI_PREFERRED_PROVIDER_ID=65575039-a42b-4790-a942-4a1f87ac0a0e" >> .env

# Clear config cache
php artisan config:clear
php artisan cache:clear
```

Without this, PDOAs are sorted alphabetically by name.

## Server Deployment Commands

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# Upload modified files
scp -P 21212 bootstrap/app.php immunity@147.93.30.127:/var/www/mobile_app_backend/bootstrap/app.php
scp -P 21212 app/Http/Controllers/Wani/RegistryController.php immunity@147.93.30.127:/var/www/mobile_app_backend/app/Http/Controllers/Wani/RegistryController.php

# Clear server caches
ssh immunity@147.93.30.127 -p 21212 "cd /var/www/mobile_app_backend && php artisan config:clear && php artisan route:clear && php artisan cache:clear"
```

## Server Rollback Commands

```bash
cd c:/xampp/htdocs/Android_App/pmwani_mobile_app_backend

# Restore files from backup
scp -P 21212 rollback/phase-6/app.php.before immunity@147.93.30.127:/var/www/mobile_app_backend/bootstrap/app.php
scp -P 21212 rollback/phase-6/RegistryController.php.before immunity@147.93.30.127:/var/www/mobile_app_backend/app/Http/Controllers/Wani/RegistryController.php

# Clear server caches
ssh immunity@147.93.30.127 -p 21212 "cd /var/www/mobile_app_backend && php artisan config:clear && php artisan route:clear && php artisan cache:clear"
```

## Already Present (From Earlier Phases)

Phase 6 also covered "rate limiting" and "logging" per the plan — these were already done in earlier phases:

- **Rate limiting** (added per-endpoint in Phases 2-5):
  - Registry: 60 req/min
  - Hotspots: 60 req/min
  - Auth: 10 req/min
  - Session: 30 req/min
- **Logging** (built into every controller):
  - `wani.v1.auth.initiate.success` + failure variants
  - `wani.v1.auth.validate.success` + failure variants
  - `wani.v1.session.end`
  - `wani.v1.unhandled_exception` (NEW in Phase 6)
  - Mobile numbers masked as `******1234`