55 * @author Paul Kilmurray <[email protected] > 66 *
77 * @see http://wcpos.com
8- * @package WCPOS\WooCommercePOS
98 */
109
1110namespace WCPOS \WooCommercePOS ;
1716use WP_REST_Response ;
1817use WP_REST_Server ;
1918
20-
21- /**
22- *
23- */
2419class API {
2520 /**
2621 * WCPOS REST API namespaces and endpoints.
@@ -62,7 +57,7 @@ public function __construct() {
6257 /**
6358 * Register routes for all controllers.
6459 */
65- public function register_routes () {
60+ public function register_routes (): void {
6661 /**
6762 * Filter the list of controller classes used in the WooCommerce POS REST API.
6863 *
@@ -73,19 +68,19 @@ public function register_routes() {
7368 * @since 1.5.0
7469 *
7570 * @param array $controllers Associative array of controller identifiers to their corresponding class names.
76- * - 'auth' => Fully qualified name of the class handling authentication.
77- * - 'settings' => Fully qualified name of the class handling settings.
78- * - 'stores' => Fully qualified name of the class handling stores management.
79- * - 'products' => Fully qualified name of the class handling products.
80- * - 'product_variations' => Fully qualified name of the class handling product variations.
81- * - 'orders' => Fully qualified name of the class handling orders.
82- * - 'customers' => Fully qualified name of the class handling customers.
83- * - 'product_tags' => Fully qualified name of the class handling product tags.
84- * - 'product_categories' => Fully qualified name of the class handling product categories.
85- * - 'taxes' => Fully qualified name of the class handling taxes.
86- * - 'shipping_methods' => Fully qualified name of the class handling shipping methods.
87- * - 'tax_classes' => Fully qualified name of the class handling tax classes.
88- * - 'order_statuses' => Fully qualified name of the class handling order statuses.
71+ * - 'auth' => Fully qualified name of the class handling authentication.
72+ * - 'settings' => Fully qualified name of the class handling settings.
73+ * - 'stores' => Fully qualified name of the class handling stores management.
74+ * - 'products' => Fully qualified name of the class handling products.
75+ * - 'product_variations' => Fully qualified name of the class handling product variations.
76+ * - 'orders' => Fully qualified name of the class handling orders.
77+ * - 'customers' => Fully qualified name of the class handling customers.
78+ * - 'product_tags' => Fully qualified name of the class handling product tags.
79+ * - 'product_categories' => Fully qualified name of the class handling product categories.
80+ * - 'taxes' => Fully qualified name of the class handling taxes.
81+ * - 'shipping_methods' => Fully qualified name of the class handling shipping methods.
82+ * - 'tax_classes' => Fully qualified name of the class handling tax classes.
83+ * - 'order_statuses' => Fully qualified name of the class handling order statuses.
8984 */
9085 $ classesapply_filters (
9186 'woocommerce_pos_rest_api_controllers ' ,
@@ -197,7 +192,7 @@ public function rest_authentication_errors( $errors ) {
197192 /**
198193 * Extract the Authorization Bearer token from the request.
199194 *
200- * @return string| false
195+ * @return false|string
201196 */
202197 public function get_auth_header () {
203198 // Check if HTTP_AUTHORIZATION is set in $_SERVER
@@ -222,7 +217,7 @@ public function get_auth_header() {
222217 /**
223218 * Adds info to the WP REST API index response.
224219 * - UUID
225- * - Version Info
220+ * - Version Info.
226221 *
227222 * @param WP_REST_Response $response Response data.
228223 *
@@ -234,11 +229,20 @@ public function rest_index( WP_REST_Response $response ): WP_REST_Response {
234229 $ uuiduuid4 ()->toString ();
235230 update_option ( 'woocommerce_pos_uuid ' , $ uuid
236231 }
237- $ responsedata ['uuid ' ] = $ uuid
238- $ responsedata ['wp_version ' ] = get_bloginfo ( 'version ' );
239- $ responsedata ['wc_version ' ] = WC ()->version ;
232+ $ responsedata ['uuid ' ] = $ uuid
233+ $ responsedata ['wp_version ' ] = get_bloginfo ( 'version ' );
234+ $ responsedata ['wc_version ' ] = WC ()->version ;
240235 $ responsedata ['wcpos_version ' ] = VERSION ;
241- $ responsedata ['use_jwt_as_param ' ] = woocommerce_pos_get_settings ( 'tools ' , 'use_jwt_as_param ' );
236+
237+ // Add wcpos authentication endpoint
238+ if ( ! isset ( $ responsedata ['authentication ' ] ) ) {
239+ $ responsedata ['authentication ' ] = array ();
240+ }
241+ $ responsedata ['authentication ' ]['wcpos ' ] = array (
242+ 'endpoints ' => array (
243+ 'authorization ' => home_url ( 'wcpos-auth ' ),
244+ ),
245+ );
242246
243247 /**
244248 * Remove the routes from the response.
@@ -289,44 +293,6 @@ public function rest_pre_dispatch( $result, $server, $request ) {
289293 return $ result
290294 }
291295
292- /**
293- * Some servers have a limit on the number of include/exclude we can use in a request.
294- * Worst thing is there is often no error message, the request returns an empty response.
295- *
296- * For example, WP Engine has a limit of 1024 characters?
297- * https://wpengine.com/support/using-dev-tools/#Long_Queries_in_wp_db
298- *
299- * @TODO - For long queries, I should find a better solution than this.
300- *
301- * @param string|array $param_value
302- * @param int $max_length
303- * @return array
304- */
305- private function shorten_param_array ( $ param_value$ max_length
306- $ param_arrayis_array ( $ param_value$ param_valueexplode ( ', ' , $ param_value
307- $ param_stringimplode ( ', ' , $ param_array
308-
309- if ( strlen ( $ param_string$ max_length
310- shuffle ( $ param_array// Shuffle to randomize
311-
312- $ new_param_string'' ;
313- $ random_param_arrayarray ();
314-
315- foreach ( $ param_arrayas $ id
316- if ( strlen ( $ new_param_string$ id$ max_length
317- $ new_param_string$ id', ' ;
318- $ random_param_array$ id
319- } else {
320- break ; // Stop when maximum length is reached
321- }
322- }
323-
324- return $ random_param_array
325- }
326-
327- return $ param_array
328- }
329-
330296 /**
331297 * Filters the REST API dispatch request result.
332298 *
@@ -338,13 +304,13 @@ private function shorten_param_array( $param_value, $max_length ) {
338304 * @return mixed
339305 */
340306 public function rest_dispatch_request ( $ dispatch_result$ request$ route$ handler
341- if ( isset ( $ handler'callback ' ] ) && is_array ( $ handler'callback ' ] ) && isset ( $ handler'callback ' ][0 ] ) ) {
307+ if ( isset ( $ handler'callback ' ] ) && \ is_array$ handler'callback ' ] ) && isset ( $ handler'callback ' ][0 ] ) ) {
342308 $ controller$ handler'callback ' ][0 ];
343309
344310 // Check if the controller object is one of our registered controllers.
345311 foreach ( $ this controllers as $ key$ wcpos_controller
346312 if ( $ controller$ wcpos_controller
347- /**
313+ /*
348314 * I'm adding some additional PHP settings before the response. Placing them here so they only apply to the POS API.
349315 *
350316 * - error_reporting(0) - Turn off error reporting
@@ -365,6 +331,7 @@ public function rest_dispatch_request( $dispatch_result, $request, $route, $hand
365331 if ( method_exists ( $ controller'wcpos_dispatch_request ' ) ) {
366332 return $ controllerwcpos_dispatch_request ( $ dispatch_result$ request$ route$ handler
367333 }
334+
368335 break ;
369336 }
370337 }
@@ -373,6 +340,45 @@ public function rest_dispatch_request( $dispatch_result, $request, $route, $hand
373340 return $ dispatch_result
374341 }
375342
343+ /**
344+ * Some servers have a limit on the number of include/exclude we can use in a request.
345+ * Worst thing is there is often no error message, the request returns an empty response.
346+ *
347+ * For example, WP Engine has a limit of 1024 characters?
348+ * https://wpengine.com/support/using-dev-tools/#Long_Queries_in_wp_db
349+ *
350+ * @TODO - For long queries, I should find a better solution than this.
351+ *
352+ * @param array|string $param_value
353+ * @param int $max_length
354+ *
355+ * @return array
356+ */
357+ private function shorten_param_array ( $ param_value$ max_length
358+ $ param_array\is_array ( $ param_value$ param_valueexplode ( ', ' , $ param_value
359+ $ param_stringimplode ( ', ' , $ param_array
360+
361+ if ( \strlen ( $ param_string$ max_length
362+ shuffle ( $ param_array// Shuffle to randomize
363+
364+ $ new_param_string'' ;
365+ $ random_param_arrayarray ();
366+
367+ foreach ( $ param_arrayas $ id
368+ if ( \strlen ( $ new_param_string$ id$ max_length
369+ $ new_param_string$ id', ' ;
370+ $ random_param_array$ id
371+ } else {
372+ break ; // Stop when maximum length is reached
373+ }
374+ }
375+
376+ return $ random_param_array
377+ }
378+
379+ return $ param_array
380+ }
381+
376382 /**
377383 * Check the Authorization header for a Bearer token.
378384 *
@@ -383,25 +389,26 @@ public function rest_dispatch_request( $dispatch_result, $request, $route, $hand
383389 private function authenticate ( $ user_id
384390 // check if there is an auth header
385391 $ auth_header$ this get_auth_header ();
386- if ( ! is_string ( $ auth_header
392+ if ( ! \ is_string$ auth_header
387393 return $ user_id
388394 }
389395
390396 // Extract Bearer token from Authorization Header
391397 list ($ tokensscanf ( $ auth_header'Bearer %s ' );
392398
393399 if ( $ token
394- $ auth_serviceinstance ();
400+ $ auth_service = Auth::instance ();
395401 $ decoded_token$ auth_servicevalidate_token ( $ token
396402
397403 // Check if validate_token returned WP_Error and user_id is null
398- if ( is_wp_error ( $ decoded_token$ user_id null ) {
399- return $ decoded_token
404+ if ( is_wp_error ( $ decoded_tokennull === $ user_id
405+ return $ decoded_token
400406 }
401407
402408 // If the token is valid, set the user_id
403409 if ( ! is_wp_error ( $ decoded_token
404410 $ user_id$ decoded_tokendata ->user ->id ;
411+
405412 return absint ( $ user_id
406413 }
407414 }
0 commit comments