| | |
|---|
| | | */ |
|---|
| | | public function getAuthStatus(WP_REST_Request $request): WP_REST_Response |
|---|
| | | { |
|---|
| | | $user = wp_get_current_user(); |
|---|
| | | $authenticated = $user->exists(); |
|---|
| | | $data = $this->buildAuth(); |
|---|
| | | $response = $this->success($data); |
|---|
| | | |
|---|
| | | $response = [ |
|---|
| | | 'authenticated' => $authenticated, |
|---|
| | | 'user' => false, |
|---|
| | | 'nonces' => [ |
|---|
| | | 'wp_rest' => wp_create_nonce('wp_rest'), |
|---|
| | | ], |
|---|
| | | 'session_id' => session_id() ?: wp_generate_password(32, false), |
|---|
| | | ]; |
|---|
| | | // Add caching headers |
|---|
| | | $response->header('Cache-Control', 'private, max-age=300'); // 5 minutes |
|---|
| | | $response->header('Vary', 'Cookie'); // Important for nginx |
|---|
| | | |
|---|
| | | if ($authenticated) { |
|---|
| | | // Validate session fingerprint |
|---|
| | | if (!$this->validateSessionFingerprint($user->ID, $request)) { |
|---|
| | | wp_logout(); |
|---|
| | | $response['authenticated'] = false; |
|---|
| | | $response['session_invalid'] = true; |
|---|
| | | } else { |
|---|
| | | $response['user'] = [ |
|---|
| | | 'id' => $user->ID, |
|---|
| | | 'name' => $user->display_name, |
|---|
| | | 'email' => $user->user_email, |
|---|
| | | 'roles' => $user->roles, |
|---|
| | | 'link' => get_user_meta($user->ID, BASE . 'link', true), |
|---|
| | | ]; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $this->success($response); |
|---|
| | | return $response; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | return $this->success([ |
|---|
| | | 'message' => 'Login successful', |
|---|
| | | 'redirect' => $redirect, |
|---|
| | | 'auth' => [ |
|---|
| | | 'authenticated' => true, |
|---|
| | | 'user' => [ |
|---|
| | | 'id' => $user->ID, |
|---|
| | | 'name' => $user->display_name, |
|---|
| | | 'email' => $user->user_email, |
|---|
| | | 'roles' => $user->roles, |
|---|
| | | 'link' => get_user_meta($user->ID, BASE . 'link', true), |
|---|
| | | ], |
|---|
| | | 'nonces' => [ |
|---|
| | | 'wp_rest' => wp_create_nonce('wp_rest'), |
|---|
| | | ], |
|---|
| | | 'session_id' => session_id() ?: wp_generate_password(32, false), |
|---|
| | | ] |
|---|
| | | 'auth' => $this->buildAuth($user->ID) |
|---|
| | | ]); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | return wp_mail($user->user_email, $subject, $message); |
|---|
| | | } |
|---|
| | | |
|---|
| | | protected function buildAuth(?int $user = null): array |
|---|
| | | { |
|---|
| | | if (is_user_logged_in()) { |
|---|
| | | $user = ($user) ?: get_current_user_id(); |
|---|
| | | return [ |
|---|
| | | 'authenticated' => true, |
|---|
| | | 'user' => $user, |
|---|
| | | 'nonces' => $this->getUserNonces($user) |
|---|
| | | ]; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return [ |
|---|
| | | 'authenticated' => false, |
|---|
| | | 'user' => false, |
|---|
| | | 'nonces' => [ |
|---|
| | | 'wp_rest' => wp_create_nonce('wp_rest') |
|---|
| | | ] |
|---|
| | | ]; |
|---|
| | | } |
|---|
| | | protected function getUserNonces(int $userID):array { |
|---|
| | | $nonces = [ |
|---|
| | | 'wp_rest' => wp_create_nonce('wp_rest'), |
|---|
| | | ]; |
|---|
| | | if (Features::forSite()->has('dashboard')) { |
|---|
| | | $nonces['dash'] = wp_create_nonce('dash-'.$userID); |
|---|
| | | } |
|---|
| | | if (Features::forSite()->has('favourites')) { |
|---|
| | | $nonces['favourites'] = wp_create_nonce('favourites-'.$userID); |
|---|
| | | } |
|---|
| | | if (Features::anyContentHas('karma') || |
|---|
| | | Features::anyTaxonomyHas('karma') || |
|---|
| | | Features::anyUserHas('karma')) { |
|---|
| | | $nonces['votes'] = wp_create_nonce('votes-'.$userID); |
|---|
| | | } |
|---|
| | | if (Features::forSite()->has('notifications')) { |
|---|
| | | $nonces['notifications'] = wp_create_nonce('notifications-'.$userID); |
|---|
| | | } |
|---|
| | | return $nonces; |
|---|
| | | } |
|---|
| | | } |
|---|
