LegacyRestApiStub.php — WooCommerce 10.6.0-beta.2

woocommerce / src / Internal / Utilities / LegacyRestApiStub.php

woocommerce / src / Internal / Utilities Last commit date

ArrayUtil.php 6 months ago BlocksUtil.php 4 months ago COTMigrationUtil.php 1 year ago DatabaseUtil.php 1 year ago FilesystemUtil.php 6 months ago HtmlSanitizer.php 2 years ago LegacyRestApiStub.php 1 year ago PluginInstaller.php 1 year ago ProductUtil.php 7 months ago Types.php 1 year ago URL.php 1 year ago URLException.php 4 years ago Users.php 3 months ago WebhookUtil.php 1 year ago

LegacyRestApiStub.php

196 lines

1	<?php
2
3	namespace Automattic\WooCommerce\Internal\Utilities;
4
5	use Automattic\WooCommerce\Internal\RegisterHooksInterface;
6	use Automattic\WooCommerce\Utilities\RestApiUtil;
7
8	/**
9	* The Legacy REST API was removed in WooCommerce 9.0 and is now available as a dedicated extension.
10	* A stub is kept in WooCommerce core that acts when the extension is not installed and has two purposes:
11	*
12	* 1. Return a "The WooCommerce API is disabled on this site" error for any request to the Legacy REST API endpoints.
13	*
14	* 2. Provide the not-endpoint related utility methods that were previously supplied by the WC_API class,
15	* this is achieved by setting the value of WooCommerce::api (typically accessed via 'WC()->api') to an instance of this class.
16	*
17	* DO NOT add any additional public method to this class unless the method existed with the same signature in the old WC_API class.
18	*
19	* See: https://developer.woocommerce.com/2023/10/03/the-legacy-rest-api-will-move-to-a-dedicated-extension-in-woocommerce-9-0/
20	*/
21	class LegacyRestApiStub implements RegisterHooksInterface {
22
23	/**
24	* The instance of RestApiUtil to use.
25	*
26	* @var RestApiUtil
27	*/
28	private RestApiUtil $rest_api_util;
29
30	/**
31	* Set up the Legacy REST API endpoints stub.
32	*/
33	public function register() {
34	add_action( 'init', array( __CLASS__, 'add_rewrite_rules_for_legacy_rest_api_stub' ), 0 );
35	add_action( 'query_vars', array( __CLASS__, 'add_query_vars_for_legacy_rest_api_stub' ), 0 );
36	add_action( 'parse_request', array( __CLASS__, 'parse_legacy_rest_api_request' ), 0 );
37	}
38
39	/**
40	* Initialize the class dependencies.
41	*
42	* @internal
43	* @param RestApiUtil $rest_api_util The instance of RestApiUtil to use.
44	*/
45	final public function init( RestApiUtil $rest_api_util ) {
46	$this->rest_api_util = $rest_api_util;
47	}
48
49	/**
50	* Add the necessary rewrite rules for the Legacy REST API
51	* (either the dedicated extension if it's installed, or the stub otherwise).
52	*
53	* @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed.
54	*/
55	public static function add_rewrite_rules_for_legacy_rest_api_stub() {
56	add_rewrite_rule( '^wc-api/v([1-3]{1})/?$', 'index.php?wc-api-version=$matches[1]&wc-api-route=/', 'top' );
57	add_rewrite_rule( '^wc-api/v([1-3]{1})(.*)?', 'index.php?wc-api-version=$matches[1]&wc-api-route=$matches[2]', 'top' );
58	add_rewrite_endpoint( 'wc-api', EP_ALL );
59	}
60
61	/**
62	* Add the necessary request query variables for the Legacy REST API
63	* (either the dedicated extension if it's installed, or the stub otherwise).
64	*
65	* @param array $vars The query variables array to extend.
66	* @return array The extended query variables array.
67	*
68	* @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed.
69	*/
70	public static function add_query_vars_for_legacy_rest_api_stub( $vars ) {
71	$vars[] = 'wc-api-version';
72	$vars[] = 'wc-api-route';
73	$vars[] = 'wc-api';
74	return $vars;
75	}
76
77	/**
78	* Process an incoming request for the Legacy REST API.
79	*
80	* If the dedicated Legacy REST API extension is installed and active, this method does nothing.
81	* Otherwise it returns a "The WooCommerce API is disabled on this site" error,
82	* unless the request contains a "wc-api" variable and the appropriate
83	* "woocommerce_api_*" hook is set.
84	*
85	* @internal For exclusive usage of WooCommerce core, backwards compatibility not guaranteed.
86	*/
87	public static function parse_legacy_rest_api_request() {
88	global $wp;
89
90	// The WC_Legacy_REST_API_Plugin class existence means that the Legacy REST API extension is installed and active.
91	if ( class_exists( 'WC_Legacy_REST_API_Plugin' ) ) {
92	return;
93	}
94
95	self::maybe_process_wc_api_query_var();
96
97	// phpcs:disable WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
98
99	if ( ! empty( $_GET['wc-api-version'] ) ) {
100	$wp->query_vars['wc-api-version'] = $_GET['wc-api-version'];
101	}
102
103	if ( ! empty( $_GET['wc-api-route'] ) ) {
104	$wp->query_vars['wc-api-route'] = $_GET['wc-api-route'];
105	}
106
107	if ( ! empty( $wp->query_vars['wc-api-version'] ) && ! empty( $wp->query_vars['wc-api-route'] ) ) {
108	header(
109	sprintf(
110	'Content-Type: %s; charset=%s',
111	isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json',
112	get_option( 'blog_charset' )
113	)
114	);
115	status_header( 404 );
116	echo wp_json_encode(
117	array(
118	'errors' => array(
119	'code' => 'woocommerce_api_disabled',
120	'message' => 'The WooCommerce API is disabled on this site',
121	),
122	)
123	);
124	exit;
125	}
126
127	// phpcs:enable WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
128	}
129
130	/**
131	* Process a "wc-api" variable if present in the query, by triggering the appropriate hooks.
132	*/
133	private static function maybe_process_wc_api_query_var() {
134	global $wp;
135
136	// phpcs:disable WordPress.Security.NonceVerification.Recommended
137	if ( ! empty( $_GET['wc-api'] ) ) {
138	$wp->query_vars['wc-api'] = sanitize_key( wp_unslash( $_GET['wc-api'] ) );
139	}
140	// phpcs:enable WordPress.Security.NonceVerification.Recommended
141
142	// wc-api endpoint requests.
143	if ( ! empty( $wp->query_vars['wc-api'] ) ) {
144
145	// Buffer, we won't want any output here.
146	ob_start();
147
148	// No cache headers.
149	wc_nocache_headers();
150
151	// Clean the API request.
152	$api_request = strtolower( wc_clean( $wp->query_vars['wc-api'] ) );
153
154	// Make sure gateways are available for request.
155	WC()->payment_gateways();
156
157	// phpcs:disable WooCommerce.Commenting.CommentHooks.HookCommentWrongStyle
158
159	// Trigger generic action before request hook.
160	do_action( 'woocommerce_api_request', $api_request );
161
162	// Is there actually something hooked into this API request? If not trigger 400 - Bad request.
163	status_header( has_action( 'woocommerce_api_' . $api_request ) ? 200 : 400 );
164
165	// Trigger an action which plugins can hook into to fulfill the request.
166	do_action( 'woocommerce_api_' . $api_request );
167
168	// phpcs:enable WooCommerce.Commenting.CommentHooks.HookCommentWrongStyle
169
170	// Done, clear buffer and exit.
171	ob_end_clean();
172	die( '-1' );
173	}
174	}
175
176	/**
177	* Get data from a WooCommerce API endpoint.
178	* This method used to be part of the WooCommerce Legacy REST API.
179	*
180	* @since 9.1.0
181	*
182	* @param string $endpoint Endpoint.
183	* @param array $params Params to pass with request.
184	* @return array\|\WP_Error
185	*/
186	public function get_endpoint_data( $endpoint, $params = array() ) {
187	wc_doing_it_wrong(
188	'get_endpoint_data',
189	"'WC()->api->get_endpoint_data' is deprecated, please use the following instead: wc_get_container()->get(Automattic\WooCommerce\Utilities\RestApiUtil::class)->get_endpoint_data",
190	'9.1.0'
191	);
192
193	return $this->rest_api_util->get_endpoint_data( $endpoint, $params );
194	}
195	}
196