File Editor
Directories:
.. (Back)
EasyDigitalDownloads
Elementor
Integrations
MemberPress
Plugins
Promos
Rules
Shortcodes
WPForms
WooCommerce
Files:
Actions.php
Ajax.php
Api.php
ApiAuth.php
ApiKey.php
AssetLoader.php
BaseRestApi.php
Blocks.php
ClassicEditor.php
ConstantContact.php
Debug.php
EasyDigitalDownloads.php
Elementor.php
Inserter.php
InstallSkin.php
InstallSkinCompat.php
MailPoet.php
MemberPress.php
Menu.php
Notifications.php
OmuApi.php
Output.php
Pages.php
Partners.php
Plugins.php
Promos.php
Refresh.php
RestApi.php
RevenueAttribution.php
Review.php
Rules.php
Save.php
Shortcode.php
Sites.php
Support.php
Type.php
Urls.php
Utils.php
Validate.php
WPForms.php
Welcome.php
Widget.php
WooCommerce.php
WpErrorException.php
Create New File
Create
Edit File: BaseRestApi.php
<?php /** * Base Rest API Class, extend this if implementing a RestApi class. * Most of the code was migrated from OMAPI_RestApi. * * @since 2.8.0 * * @package OMAPI * @author Gabriel Oliveira and Eduardo Nakatsuka */ // Exit if accessed directly. if ( ! defined( 'ABSPATH' ) ) { exit; } /** * Base Rest Api class. * * @since 2.8.0 */ abstract class OMAPI_BaseRestApi { /** * The Base OMAPI Object * * @since 2.8.0 * * @var OMAPI */ protected $base; /** * The REST API Namespace * * @since 2.8.0 * * @var string The namespace */ protected $namespace = 'omapp/v1'; /** * Whether request was given a valid api key. * * @since 2.8.0 * * @var null|bool */ protected $has_valid_api_key = null; /** * Build our object. * * @since 2.8.0 */ public function __construct() { $this->base = OMAPI::get_instance(); $this->register_rest_routes(); } /** * Registers the Rest API routes for this class * * @since 2.8.0 * * @return void */ abstract public function register_rest_routes(); /** * Determine if we can store settings. * * @since 2.0.0 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param WP_REST_Request $request The REST Request. * * @return WP_Error|bool */ public function can_update_settings( $request ) { try { $this->verify_request_nonce( $request ); } catch ( Exception $e ) { return $this->exception_to_response( $e ); } return OMAPI::get_instance()->can_access( 'settings_update' ); } /** * Determine if OM API key is provided and valid. * * @since 1.9.10 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param WP_REST_Request $request The REST Request. * * @return WP_Error|bool */ public function has_valid_api_key( $request ) { $header = $request->get_header( 'X-OptinMonster-ApiKey' ); // Use this API Key to validate. if ( ! $this->validate_api_key( $header ) ) { return new WP_Error( 'omapp_rest_forbidden', esc_html__( 'Could not verify your API Key.', 'optin-monster-api' ), array( 'status' => rest_authorization_required_code(), ) ); } return $this->has_valid_api_key; } /** * Determine if logged in or OM API key is provided and valid. * * @since 1.9.10 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param WP_REST_Request $request The REST Request. * * @return bool */ public function logged_in_or_has_api_key( $request ) { return $this->logged_in_and_can_access_route( $request ) || true === $this->has_valid_api_key( $request ); } /** * Determine if logged in user can access this route (calls current_user_can). * * @since 2.6.4 * * @param WP_REST_Request $request The REST Request. * * @return bool */ public function logged_in_and_can_access_route( $request ) { return OMAPI::get_instance()->can_access( $request->get_route() ); } /** * Determine if the passed connection token is valid. * * @since 2.16.6 * * @param WP_REST_Request $request The REST Request. * * @return WP_Error|bool */ public function has_connection_token( $request ) { $request_connection_token = $request->get_param( 'connectionToken' ); $connection_token = $this->base->get_option( 'connectionToken' ); if ( 'omwpoct_' . $connection_token !== $request_connection_token ) { return new WP_Error( 'omapp_rest_forbidden', esc_html__( 'Could not verify your connection token.', 'optin-monster-api' ), array( 'status' => rest_authorization_required_code(), ) ); } return true; } /** * Validate this API Key * We validate an API Key by fetching the Sites this key can fetch * And then confirming that this key has access to at least one of these sites * * @since 1.8.0 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param string $apikey The OM api key. * * @return bool True if the Key can be validated */ public function validate_api_key( $apikey ) { $this->has_valid_api_key = OMAPI_ApiKey::validate( $apikey ); return $this->has_valid_api_key; } /** * Convert an exception to a REST API WP_Error object. * * @since 2.0.0 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param Exception $e The exception. * * @return WP_Error */ protected function exception_to_response( Exception $e ) { // Return WP_Error objects directly. if ( $e instanceof OMAPI_WpErrorException && $e->getWpError() ) { return $e->getWpError(); } $code = $e->getCode(); if ( empty( $code ) || $code < 400 ) { $code = 400; } $data = ! empty( $e->data ) ? $e->data : array(); $data = wp_parse_args( $data, array( 'status' => $code, ) ); $error_code = rest_authorization_required_code() === $code ? 'omapp_rest_forbidden' : 'omapp_rest_error'; return new WP_Error( $error_code, $e->getMessage(), $data ); } /** * Convert a WP_Error to a proper REST API WP_Error object. * * @since 2.6.5 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param WP_Error $e The WP_Error object. * @param mixed $data Data to include in the error data. * * @return WP_Error */ protected function wp_error_to_response( WP_Error $e, $data = array() ) { $api = OMAPI_Api::instance(); $data = is_array( $data ) || is_object( $data ) ? (array) $data : array(); $error_data = $e->get_error_data(); $error_message = $e->get_error_message(); $error_code = $e->get_error_code(); if ( empty( $error_data['status'] ) ) { $status = is_numeric( $error_data ) ? $error_data : 400; $error_code = (string) rest_authorization_required_code() === (string) $status ? 'omapp_rest_forbidden' : 'omapp_rest_error'; $error_data = wp_parse_args( array( 'status' => $status, ), $data ); } else { $error_data = wp_parse_args( $error_data, $data ); } return new WP_Error( $error_code, $error_message, $error_data ); } /** * Verify the request nonce and throw an exception if verification fails. * * @since 2.0.0 * @since 2.8.0 Migrated from OMAPI_RestApi * * @param WP_REST_Request $request The REST request. * * @return void * * @throws Exception If the nonce is missing or invalid. */ public function verify_request_nonce( $request ) { $nonce = $request->get_param( 'nonce' ); if ( empty( $nonce ) ) { $nonce = $request->get_header( 'X-WP-Nonce' ); } if ( empty( $nonce ) ) { throw new Exception( esc_html__( 'Missing security token!', 'optin-monster-api' ), rest_authorization_required_code() ); } // Check the nonce. $result = wp_verify_nonce( $nonce, 'wp_rest' ); if ( ! $result ) { throw new Exception( esc_html__( 'Security token invalid!', 'optin-monster-api' ), rest_authorization_required_code() ); } } }
Save Changes
Rename File
Rename