base.php
76 lines
| 1 | <?php |
| 2 | |
| 3 | abstract class Meow_MWAI_Rest_Base { |
| 4 | protected $core; |
| 5 | protected $namespace = 'mwai/v1'; |
| 6 | |
| 7 | public function __construct( $core ) { |
| 8 | $this->core = $core; |
| 9 | } |
| 10 | |
| 11 | abstract public function register_routes(); |
| 12 | |
| 13 | protected function retrieve_message( $content, $source = 'input' ) { |
| 14 | if ( is_string( $content ) && preg_match( '/^data:(.*?);base64,/', $content ) ) { |
| 15 | return null; |
| 16 | } |
| 17 | if ( !is_string( $content ) ) { |
| 18 | throw new Exception( 'Message is not a string (' . $source . ').' ); |
| 19 | } |
| 20 | $content = sanitize_textarea_field( $content ); |
| 21 | return $content; |
| 22 | } |
| 23 | |
| 24 | protected function get_rest_nonce( $request, $key = 'restNonce' ) { |
| 25 | $nonce = $request->get_param( $key ); |
| 26 | $nonce = $nonce ? $nonce : $request->get_header( 'X-Wp-Nonce' ); |
| 27 | $nonce = $nonce ? $nonce : ( isset( $_REQUEST['_wpnonce'] ) ? $_REQUEST['_wpnonce'] : null ); |
| 28 | return $nonce; |
| 29 | } |
| 30 | |
| 31 | /** |
| 32 | * Helper method to create REST responses with automatic token refresh |
| 33 | * |
| 34 | * @param array $data The response data |
| 35 | * @param int $status HTTP status code |
| 36 | * @return WP_REST_Response |
| 37 | */ |
| 38 | protected function create_rest_response( $data, $status = 200 ) { |
| 39 | // Always check if we need to provide a new nonce |
| 40 | $current_nonce = $this->core->get_nonce( true ); |
| 41 | $request_nonce = isset( $_SERVER['HTTP_X_WP_NONCE'] ) ? $_SERVER['HTTP_X_WP_NONCE'] : null; |
| 42 | |
| 43 | // Check if nonce is approaching expiration (WordPress nonces last 12-24 hours) |
| 44 | // We'll refresh if the nonce is older than 10 hours to be safe |
| 45 | $should_refresh = false; |
| 46 | |
| 47 | if ( $request_nonce ) { |
| 48 | // Try to determine the age of the nonce |
| 49 | // WordPress uses a tick system where each tick is 12 hours |
| 50 | // If we're in the second half of the nonce's life, refresh it |
| 51 | $time = time(); |
| 52 | $nonce_tick = wp_nonce_tick(); |
| 53 | |
| 54 | // Verify if the nonce is still valid but getting old |
| 55 | $verify = wp_verify_nonce( $request_nonce, 'wp_rest' ); |
| 56 | if ( $verify === 2 ) { |
| 57 | // Nonce is valid but was generated 12-24 hours ago |
| 58 | $should_refresh = true; |
| 59 | // Log will be written when token is included in response |
| 60 | } |
| 61 | } |
| 62 | |
| 63 | // If the nonce has changed or should be refreshed, include the new one |
| 64 | if ( $should_refresh || ( $request_nonce && $current_nonce !== $request_nonce ) ) { |
| 65 | $data['new_token'] = $current_nonce; |
| 66 | |
| 67 | // Log if server debug mode is enabled |
| 68 | if ( $this->core->get_option( 'server_debug_mode' ) ) { |
| 69 | error_log( '[AI Engine] Token refresh: Nonce refreshed (12-24 hours old)' ); |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | return new WP_REST_Response( $data, $status ); |
| 74 | } |
| 75 | } |
| 76 |