<?php
/**
* Abstract class to define/implement base methods for all controller classes
*
* @package Opal_Job
* @subpackage Opal_Job/controllers
*/
abstract class Opalestate_Base_API {
/**
* The unique identifier of this plugin.
*
* @access protected
* @var string $plugin_base_name The string used to uniquely identify this plugin.
*/
public $base;
/**
* Post type.
*
* @var string
*/
protected $post_type = '';
/**
* The unique identifier of this plugin.
*
* @access protected
* @var string $plugin_base_name The string used to uniquely identify this plugin.
*/
public $namespace = 'estate-api/v1';
/**
* Definition
*
* Register all Taxonomy related to Job post type as location, category, Specialism, Types
*/
public function __construct() {
add_action( 'rest_api_init', [ $this, 'register_routes' ] );
}
/**
* Definition
*
* Register all Taxonomy related to Job post type as location, category, Specialism, Types
*/
public function register_routes() {
}
public function get_response( $code, $output ) {
$response = [];
$response['status'] = $code;
$response = array_merge( $response, $output );
return new WP_REST_Response( $response );
}
public function output( $code ) {
$this->data['status'] = $code;
return new WP_REST_Response( $this->data );
}
/**
* Validate the API request.
*
* @param \WP_REST_Request $request
* @return bool|\WP_Error
*/
public function validate_request( WP_REST_Request $request ) {
return true;
$response = [];
// Make sure we have both user and api key
$api_admin = Opalestate_API_Admin::get_instance();
if ( empty( $request['token'] ) || empty( $request['key'] ) ) {
return $this->missing_auth();
}
// Retrieve the user by public API key and ensure they exist
if ( ! ( $user = $api_admin->get_user( $request['key'] ) ) ) {
$this->invalid_key();
} else {
$token = urldecode( $request['token'] );
$secret = $api_admin->get_user_secret_key( $user );
$public = urldecode( $request['key'] );
if ( hash_equals( md5( $secret . $public ), $token ) ) {
return true;
} else {
$this->invalid_auth();
}
}
return false;
}
/**
* Get page number
*
* @access public
* @return int $wp_query->query_vars['page'] if page number returned (default: 1)
* @global $wp_query
*/
public function get_paged() {
global $wp_query;
return isset( $wp_query->query_vars['page'] ) ? $wp_query->query_vars['page'] : 1;
}
/**
* Number of results to display per page
*
* @access public
* @return int $per_page Results to display per page (default: 10)
* @global $wp_query
*/
public function per_page() {
global $wp_query;
$per_page = isset( $wp_query->query_vars['number'] ) ? $wp_query->query_vars['number'] : 10;
return apply_filters( 'opalestate_api_results_per_page', $per_page );
}
/**
* Get object.
*
* @param int $id Object ID.
* @return object WC_Data object or WP_Error object.
*/
protected function get_object( $id ) {
// translators: %s: Class method name.
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'opalestate-pro' ), __METHOD__ ), [ 'status' => 405 ] );
}
/**
* Displays a missing authentication error if all the parameters aren't
* provided
*
* @access private
* @return WP_Error with message key rest_forbidden
*/
private function missing_auth() {
return new WP_Error( 'rest_forbidden', esc_html__( 'You must specify both a token and API key!' ), [ 'status' => rest_authorization_required_code() ] );
}
/**
* Displays an authentication failed error if the user failed to provide valid
* credentials
*
* @access private
* @return WP_Error with message key rest_forbidden
*/
private function invalid_auth() {
return new WP_Error( 'rest_forbidden', esc_html__( 'Your request could not be authenticated!', 'opaljob' ), [ 'status' => 403 ] );
}
/**
* Displays an invalid API key error if the API key provided couldn't be
* validated
*
* @access private
* @return WP_Error with message key rest_forbidden
*/
private function invalid_key() {
return new WP_Error( 'rest_forbidden', esc_html__( 'Invalid API key!' ), [ 'status' => rest_authorization_required_code() ] );
}
/**
* Check if a given request has access to read items.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function get_items_permissions_check( $request ) {
$is_valid = $this->is_valid_api_key( $request );
if ( is_wp_error( $is_valid ) ) {
return $is_valid;
} else {
$route = $request->get_route();
$endpoint = explode( '/', $route );
$endpoint = end( $endpoint );
if ( in_array( $endpoint, [ 'properties', 'agencies', 'agents', 'search-form' ] ) ) {
return true;
}
if ( ! opalestate_rest_check_post_permissions( $this->post_type, 'read' ) ) {
return new WP_Error( 'opalestate_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
}
}
return true;
}
/**
* Check if a given request has access.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function is_valid_api_key( $request ) {
if ( isset( $request['consumer_key'] ) && $request['consumer_secret'] ) {
$user = opalestate_get_user_data_by_consumer_key( $request['consumer_key'] );
if ( $user ) {
if ( $request['consumer_secret'] === $user->consumer_secret ) {
return true;
}
}
}
return new WP_Error( 'opalestate_rest_cannot_access', __( 'Sorry, you cannot list resources. Invalid keys!', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
}
/**
* Check if is request to our REST API.
*
* @return bool
*/
protected function is_request_to_rest_api() {
if ( empty( $_SERVER['REQUEST_URI'] ) ) {
return false;
}
$rest_prefix = trailingslashit( rest_get_url_prefix() );
$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
// Check if the request is to the Opalestate API endpoints.
$opalestate = ( false !== strpos( $request_uri, $rest_prefix . 'estate-api/' ) );
// Allow third party plugins use our authentication methods.
$third_party = ( false !== strpos( $request_uri, $rest_prefix . 'estate-api-' ) );
return apply_filters( 'opalestate_rest_is_request_to_rest_api', $opalestate || $third_party );
}
/**
* Check if a given request has access to read an item.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function get_item_permissions_check( $request ) {
$object = $this->get_object( (int) $request['id'] );
if ( $object && 0 !== $object->get_id() && ! opalestate_rest_check_post_permissions( $this->post_type, 'read', $object->get_id() ) ) {
return new WP_Error( 'opalestate_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
}
return true;
}
/**
* Check if a given request has access to create an item.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function create_item_permissions_check( $request ) {
if ( ! opalestate_rest_check_post_permissions( $this->post_type, 'create' ) ) {
return new WP_Error( 'opalestate_rest_cannot_create', __( 'Sorry, you are not allowed to create resources.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
}
return true;
}
/**
* Check if a given request has access to update an item.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function update_item_permissions_check( $request ) {
$object = $this->get_object( (int) $request['id'] );
if ( $object && 0 !== $object->get_id() && ! opalestate_rest_check_post_permissions( $this->post_type, 'edit', $object->get_id() ) ) {
return new WP_Error( 'opalestate_rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
}
return true;
}
/**
* Get the query params for collections of attachments.
*
* @return array
*/
public function get_collection_params() {
$params['page'] = [
'description' => __( 'Current page of the collection.', 'opalestate-pro' ),
'type' => 'integer',
'default' => 1,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
'minimum' => 1,
];
$params['per_page'] = [
'description' => __( 'Maximum number of items to be returned in result set.', 'opalestate-pro' ),
'type' => 'integer',
'default' => 10,
'minimum' => 1,
'maximum' => 100,
'sanitize_callback' => 'absint',
'validate_callback' => 'rest_validate_request_arg',
];
return $params;
}
}