class-qdr-tss-rest-controller.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. <?php
  2. /**
  3. * Base REST API Controller for the plugin.
  4. *
  5. * This class handles base REST API functionality, including authentication
  6. * and permissions.
  7. *
  8. * @package QDR_Temporary_Shared_Storage
  9. * @since 1.0.0
  10. */
  11. class QDR_TSS_REST_Controller {
  12. /**
  13. * The plugin name.
  14. *
  15. * @since 1.0.0
  16. * @access private
  17. * @var string $plugin_name The name of this plugin.
  18. */
  19. private $plugin_name;
  20. /**
  21. * The plugin version.
  22. *
  23. * @since 1.0.0
  24. * @access private
  25. * @var string $version The version of this plugin.
  26. */
  27. private $version;
  28. /**
  29. * The settings instance.
  30. *
  31. * @since 1.0.0
  32. * @access private
  33. * @var QDR_TSS_Settings $settings The settings instance.
  34. */
  35. private $settings;
  36. /**
  37. * Initialize the class and set its properties.
  38. *
  39. * @since 1.0.0
  40. * @param string $plugin_name The name of this plugin.
  41. * @param string $version The version of this plugin.
  42. */
  43. public function __construct($plugin_name, $version) {
  44. $this->plugin_name = $plugin_name;
  45. $this->version = $version;
  46. $this->settings = QDR_TSS_Settings::instance();
  47. }
  48. /**
  49. * Register the REST API routes.
  50. *
  51. * @since 1.0.0
  52. */
  53. public function register_routes() {
  54. // Media Controller
  55. $media_controller = new QDR_TSS_Media_Controller($this->plugin_name, $this->version);
  56. $media_controller->register_routes();
  57. // Upload Controller
  58. $upload_controller = new QDR_TSS_Upload_Controller($this->plugin_name, $this->version);
  59. $upload_controller->register_routes();
  60. }
  61. /**
  62. * Check API key for REST API requests.
  63. *
  64. * @since 1.0.0
  65. * @param WP_Error|null $result The authentication result so far.
  66. * @return WP_Error|null The authentication result.
  67. */
  68. public function check_api_key($result) {
  69. // Only check for our namespace
  70. if (empty($result) && strpos($_SERVER['REQUEST_URI'], '/wp-json/qdr-tss/') !== false) {
  71. $headers = $this->get_all_headers();
  72. $api_key = isset($headers['X-Api-Key']) ? $headers['X-Api-Key'] : '';
  73. if (!$this->settings->validate_api_key($api_key)) {
  74. return new WP_Error(
  75. 'rest_forbidden',
  76. __('Invalid API key.', 'qdr-temporary-shared-storage'),
  77. array('status' => 403)
  78. );
  79. }
  80. }
  81. return $result;
  82. }
  83. /**
  84. * Check REST API permissions.
  85. *
  86. * @since 1.0.0
  87. * @return bool True if authorized, false otherwise.
  88. */
  89. public function check_rest_permission() {
  90. $headers = $this->get_all_headers();
  91. $api_key = isset($headers['X-Api-Key']) ? $headers['X-Api-Key'] : '';
  92. return $this->settings->validate_api_key($api_key);
  93. }
  94. /**
  95. * Get all headers.
  96. *
  97. * @since 1.0.0
  98. * @return array All headers.
  99. */
  100. private function get_all_headers() {
  101. if (function_exists('getallheaders')) {
  102. return getallheaders();
  103. }
  104. // Manually get headers if getallheaders() is not available
  105. $headers = array();
  106. foreach ($_SERVER as $name => $value) {
  107. if (substr($name, 0, 5) === 'HTTP_') {
  108. $name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
  109. $headers[$name] = $value;
  110. } elseif ($name === 'CONTENT_TYPE') {
  111. $headers['Content-Type'] = $value;
  112. } elseif ($name === 'CONTENT_LENGTH') {
  113. $headers['Content-Length'] = $value;
  114. }
  115. }
  116. return $headers;
  117. }
  118. }