ApplyFiltersTrait.php
2 months ago
ArrayableTrait.php
7 months ago
BatchSizeCalculateTrait.php
7 months ago
BearerTokenTrait.php
4 months ago
BenchmarkTrait.php
2 years ago
BooleanTransientTrait.php
5 years ago
DatabaseSearchReplaceTrait.php
2 weeks ago
DbRowsGeneratorTrait.php
3 years ago
DebugLogTrait.php
1 year ago
DeveloperTimerTrait.php
8 months ago
EndOfLinePlaceholderTrait.php
1 year ago
EventLoggerTrait.php
1 month ago
FileScanToCacheTrait.php
10 months ago
FormatTrait.php
11 months ago
HttpRequestTrait.php
8 months ago
HydrateTrait.php
1 year ago
I18nTrait.php
1 year ago
IpResolverTrait.php
10 months ago
MaintenanceTrait.php
5 months ago
MemoryExhaustTrait.php
2 years ago
MySQLRowsGeneratorTrait.php
7 months ago
NoticesTrait.php
1 day ago
PropertyConstructor.php
5 years ago
RenameTmpDirectoryTrait.php
5 months ago
ResourceTrait.php
4 months ago
RestRequestTrait.php
3 months ago
RestoreFileExclusionTrait.php
1 year ago
SerializeTrait.php
1 year ago
SetTimeLimitTrait.php
1 month ago
SlashTrait.php
1 year ago
SqlCommentTrait.php
3 months ago
TablePrefixValidator.php
3 months ago
UrlTrait.php
1 year ago
ValueGetterTrait.php
1 year ago
WindowsOsTrait.php
1 year ago
BearerTokenTrait.php
70 lines
| 1 | <?php |
| 2 | |
| 3 | namespace WPStaging\Framework\Traits; |
| 4 | |
| 5 | use RuntimeException; |
| 6 | |
| 7 | /** |
| 8 | * Provide method to get bearer tokens. |
| 9 | */ |
| 10 | trait BearerTokenTrait |
| 11 | { |
| 12 | protected function getBearerToken(): string |
| 13 | { |
| 14 | $authHeader = $this->getAuthorizationHeaderFromRequest(); |
| 15 | if (empty($authHeader) || !preg_match('/Bearer\s+(\S+)/', $authHeader, $matches)) { |
| 16 | return $this->getAuthTokenFromPluginHeader(); |
| 17 | } |
| 18 | |
| 19 | return sanitize_text_field($matches[1]); |
| 20 | } |
| 21 | |
| 22 | protected function getAuthTokenFromPluginHeader(): string |
| 23 | { |
| 24 | /** |
| 25 | * Some hosts strip the Authorization header before PHP gets it. |
| 26 | * We accept a plugin-specific fallback header that is set by WP STAGING clients. |
| 27 | */ |
| 28 | $token = sanitize_text_field($_SERVER['HTTP_X_WPSTG_REQUEST'] ?? ''); // phpcs:ignore |
| 29 | if (empty($token) || !preg_match('/^[a-f0-9]{12,}$/i', $token)) { |
| 30 | throw new RuntimeException('Authorization header not found or invalid.', 401); |
| 31 | } |
| 32 | |
| 33 | return $token; |
| 34 | } |
| 35 | |
| 36 | private function getAuthorizationHeaderFromRequest(): string |
| 37 | { |
| 38 | $authHeader = ''; |
| 39 | if (function_exists('getallheaders')) { |
| 40 | $authHeader = $this->extractAuthorizationHeader(getallheaders()); |
| 41 | } |
| 42 | |
| 43 | if (empty($authHeader) && function_exists('apache_request_headers')) { |
| 44 | $authHeader = $this->extractAuthorizationHeader(apache_request_headers()); |
| 45 | } |
| 46 | |
| 47 | if (empty($authHeader) && !empty($_SERVER['HTTP_AUTHORIZATION'])) { |
| 48 | $authHeader = sanitize_text_field($_SERVER['HTTP_AUTHORIZATION']); // phpcs:ignore |
| 49 | } |
| 50 | |
| 51 | return $authHeader; |
| 52 | } |
| 53 | |
| 54 | /** |
| 55 | * @param array<string, mixed> $headers |
| 56 | */ |
| 57 | private function extractAuthorizationHeader(array $headers): string |
| 58 | { |
| 59 | foreach ($headers as $headerName => $headerValue) { |
| 60 | if (strtolower((string)$headerName) !== 'authorization') { |
| 61 | continue; |
| 62 | } |
| 63 | |
| 64 | return sanitize_text_field((string)$headerValue); |
| 65 | } |
| 66 | |
| 67 | return ''; |
| 68 | } |
| 69 | } |
| 70 |