class-api-login.php
11 months ago
class-endpoints.php
11 months ago
class-methods.php
11 months ago
class-settings.php
11 months ago
index.php
11 months ago
class-endpoints.php
187 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Responsible for the API endpoints |
| 4 | * |
| 5 | * @package wp-2fa |
| 6 | * @since 3.0.0 |
| 7 | * @copyright 2025 Melapress |
| 8 | * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| 9 | * @link https://wordpress.org/plugins/wp-2fa/ |
| 10 | */ |
| 11 | |
| 12 | declare(strict_types=1); |
| 13 | |
| 14 | namespace WP2FA\Admin\Controllers; |
| 15 | |
| 16 | use WP2FA\Admin\Helpers\Classes_Helper; |
| 17 | use WP2FA\Admin\Controllers\API\API_Login; |
| 18 | |
| 19 | defined( 'ABSPATH' ) || exit; // Exit if accessed directly. |
| 20 | |
| 21 | /** |
| 22 | * Endpoints registering |
| 23 | */ |
| 24 | if ( ! class_exists( '\WP2FA\Admin\Controllers\Endpoints' ) ) { |
| 25 | |
| 26 | /** |
| 27 | * Creates and registers all the API endpoints for the plugin |
| 28 | * |
| 29 | * @since 3.0.0 |
| 30 | */ |
| 31 | class Endpoints { |
| 32 | |
| 33 | /** |
| 34 | * All of the endpoints supported by the plugin. |
| 35 | * |
| 36 | * @var array |
| 37 | * |
| 38 | * @since 3.0.0 |
| 39 | */ |
| 40 | public static $endpoints = array( |
| 41 | self::class => array( |
| 42 | 'login' => array( |
| 43 | 'class' => API_Login::class, |
| 44 | 'namespace' => 'wp-2fa-methods/v1', |
| 45 | |
| 46 | 'endpoints' => array( |
| 47 | array( |
| 48 | '(?P<user_id>\d+)(?:/(?P<token>\w+))(?:/(?P<provider>\w+))(?:/(?P<remember_device>\w+))?' => array( |
| 49 | 'methods' => array( |
| 50 | 'method' => \WP_REST_Server::READABLE, |
| 51 | 'callback' => 'validate_provider', |
| 52 | ), |
| 53 | 'args' => array( |
| 54 | 'user_id' => array( |
| 55 | 'required' => true, |
| 56 | 'type' => 'integer', |
| 57 | 'description' => 'User ID', |
| 58 | 'minimum' => 1, |
| 59 | 'sanitize_callback' => 'absint', |
| 60 | ), |
| 61 | 'token' => array( |
| 62 | 'required' => false, |
| 63 | 'type' => 'string', |
| 64 | 'description' => 'Provider token', |
| 65 | 'minimum' => 3, |
| 66 | ), |
| 67 | 'provider' => array( |
| 68 | 'required' => false, |
| 69 | 'type' => 'string', |
| 70 | 'description' => 'Provider name', |
| 71 | 'minimum' => 3, |
| 72 | ), |
| 73 | 'remember_device' => array( |
| 74 | 'required' => false, |
| 75 | 'type' => 'boolean', |
| 76 | 'description' => 'Remember device', |
| 77 | ), |
| 78 | ), |
| 79 | 'checkPermissions' => '__return_true', |
| 80 | 'showInIndex' => false, |
| 81 | ), |
| 82 | ), |
| 83 | ), |
| 84 | ), |
| 85 | ), |
| 86 | ); |
| 87 | |
| 88 | /** |
| 89 | * Inits the class |
| 90 | * |
| 91 | * @return void |
| 92 | * |
| 93 | * @since 3.0.0 |
| 94 | */ |
| 95 | public static function init() { |
| 96 | |
| 97 | \add_action( 'rest_api_init', array( __CLASS__, 'init_endpoints' ) ); |
| 98 | \add_action( 'login_enqueue_scripts', array( __CLASS__, 'dequeue_style' ), PHP_INT_MAX ); |
| 99 | |
| 100 | $api_classes = Classes_Helper::get_classes_by_namespace( 'WP2FA\Admin\Controllers\API' ); |
| 101 | |
| 102 | if ( \is_array( $api_classes ) && ! empty( $api_classes ) ) { |
| 103 | foreach ( $api_classes as $class ) { |
| 104 | if ( \method_exists( $class, 'init' ) ) { |
| 105 | $class::init(); |
| 106 | } |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | /** |
| 112 | * Inits all the endpoints from given structure |
| 113 | * |
| 114 | * @return void |
| 115 | * |
| 116 | * @since 3.0.0 |
| 117 | */ |
| 118 | public static function init_endpoints() { |
| 119 | self::$endpoints = \apply_filters( WP_2FA_PREFIX . 'api_endpoints', self::$endpoints ); |
| 120 | |
| 121 | foreach ( self::$endpoints as $endpoint_provider ) { |
| 122 | foreach ( $endpoint_provider as $root_endpoint => $settings ) { |
| 123 | $class = $settings['class']; |
| 124 | $namespace = $settings['namespace']; |
| 125 | |
| 126 | foreach ( $settings['endpoints'] as $routes ) { |
| 127 | foreach ( $routes as $route => $endpoint ) { |
| 128 | $args = array(); |
| 129 | if ( isset( $endpoint['args'] ) ) { |
| 130 | $args = $endpoint['args']; |
| 131 | } |
| 132 | $check_permissions = array(); |
| 133 | if ( isset( $endpoint['checkPermissions'] ) ) { |
| 134 | $check_permissions = $endpoint['checkPermissions']; |
| 135 | } |
| 136 | $show_in_index = $endpoint['showInIndex']; |
| 137 | \register_rest_route( |
| 138 | $namespace, |
| 139 | '/' . $root_endpoint . '/' . $route, |
| 140 | array( |
| 141 | array( |
| 142 | 'methods' => $endpoint['methods']['method'], |
| 143 | 'callback' => array( $class, $endpoint['methods']['callback'] ), |
| 144 | 'args' => $args, |
| 145 | 'permission_callback' => $check_permissions, |
| 146 | 'show_in_index' => $show_in_index, |
| 147 | ), |
| 148 | ), |
| 149 | false |
| 150 | ); |
| 151 | } |
| 152 | } |
| 153 | } |
| 154 | } |
| 155 | } |
| 156 | |
| 157 | /** |
| 158 | * Global method to check permissions for API endpoints - this one checks if the user has read capability. |
| 159 | * |
| 160 | * @return bool |
| 161 | * |
| 162 | * @since 3.0.0 |
| 163 | */ |
| 164 | public static function check_permissions() { |
| 165 | return \current_user_can( 'read' ); |
| 166 | } |
| 167 | |
| 168 | /** |
| 169 | * Removes GoDaddy style which causing the form elements to be shown |
| 170 | * |
| 171 | * @return void |
| 172 | * |
| 173 | * @since 2.9.0 |
| 174 | */ |
| 175 | public static function dequeue_style() { |
| 176 | |
| 177 | \wp_register_script( |
| 178 | 'wp_2fa_user_login_scripts', |
| 179 | WP_2FA_URL . 'includes/classes/Authenticator/assets/user-login.js', |
| 180 | array( 'wp-api-fetch', 'wp-dom-ready' ), |
| 181 | WP_2FA_VERSION, |
| 182 | array( 'in_footer' => true ) |
| 183 | ); |
| 184 | } |
| 185 | } |
| 186 | } |
| 187 |