jakevan/jvb.git

			@@ -62,7 +62,7 @@
			*/
			protected array $credentials = []; // Service credentials (API keys, tokens, etc.)
			protected ?int $userID = null; // User context for user-specific integrations

			private bool $token_refresh_attempted = false; // Circuit breaker for token refresh

			protected array $fields = []; // The fields to generate that become credentials
			protected array $advanced = []; // The fields that are optional settings
			@@ -258,10 +258,6 @@
			if (!empty($this->credentials['expires_at'])) {
			$expires_at = intval($this->credentials['expires_at']);
			if ($expires_at <= time()) {
			// Token expired, try to refresh
			if (!empty($this->credentials['refresh_token'])) {
			return $this->refreshOAuthToken();
			}
			return false;
			}
			}
			@@ -434,7 +430,6 @@
			} else {
			$result = $this->$method();
			}
			error_log('Action result: '.print_r($result, true));
			if (is_wp_error($result)) {
			return [
			'success' => false,
			@@ -655,9 +650,7 @@
			}

			try {
			error_log('Credentials to save: '.print_r($this->credentials, true));
			if ($this->isOAuthService && !$this->hasOAuthCredentials()){
			error_log('Just saving credentials, we don\'t have OAuth setup yet...');
			//If this is an OAuth service, we might only be saving the app credentials first
			$result = true;
			} else {
			@@ -765,6 +758,9 @@
			array $options = []
			): array\|WP_Error
			{
			if (!$this->is_healthy) {
			return new WP_Error('unhealthy', 'Connection marked unhealthy. Skipping fetch');
			}
			$this->ensureInitialized();
			if (!$this->isSetUp()){
			$this->logError('Connection not setup for '.$this->service_name, [
			@@ -778,24 +774,21 @@
			return new WP_Error('rate_limit', 'Rate limit exceeded. Please try again later.');
			}

			// Debug: Check if credentials are loaded
			error_log('['.$this->service_name.'] Make Request - Credentials loaded: ' . (!empty($this->credentials) ? 'Yes' : 'No'));
			error_log('With Credentials: '.print_r($this->credentials, true));

			$attempt = 0;
			$lastError = null;

			while ($attempt < $this->maxRetries) {
			try {
			$this->logDebug('[Integrations] Making request to '.$this->service_name);
			// $this->logDebug('[Integrations] Making request to '.$this->service_name);
			$result = $this->executeRequest($method, $endpoint, $data, $baseKey, $options);
			if (!$result) {
			return new WP_Error('Request Error');
			}
			$this->recordRequest($method, $endpoint);
			$this->logDebug('[Integrations]', [
			'response' => $result
			]);
			// $this->logDebug('[Integrations]', [
			// 'response' => $result
			// ]);
			// Reset error stats on success
			$this->resetErrorStats();
			return $result;
			@@ -844,7 +837,7 @@
			return null;
			}

			$this->logDebug("$method request to: $url: ".print_r($args, true));
			// $this->logDebug("$method request to: $url: ".print_r($args, true));

			// Make the request
			$response = match($method) {
			@@ -875,9 +868,9 @@
			if ($retry_count === 0) {
			$retry_count++;

			$this->logDebug('Got 401, attempting token refresh...');
			// $this->logDebug('Got 401, attempting token refresh...');
			if ($this->refreshOAuthToken()) {
			$this->logDebug('Token refreshed successfully, retrying request...');
			// $this->logDebug('Token refreshed successfully, retrying request...');

			// Rebuild request args with new token
			$args = $this->buildRequestArgs($method, $data, $options);
			@@ -924,13 +917,17 @@
			bool $force = false
			): ?array
			{
			$cacheKey = $this->buildCacheKey('GET', $endpoint, $params);
			$ttl = $this->cacheStrategy[$cacheStrategy] ?? $this->ttl;
			$cacheKey = $this->buildCacheKey('GET', $endpoint, $params, $baseKey);

			$ttl = is_int($cacheStrategy)
			? max(0, $cacheStrategy)
			: ($this->cacheStrategy[$cacheStrategy] ?? $this->ttl);

			if (!$force && $ttl > 0) {
			$cached = $this->cache->get($cacheKey);
			if ($cached !== false) {
			$this->logDebug("Cache hit for: $cacheKey");

			// $this->logDebug("Cache hit for: $cacheKey");
			return $cached;
			}
			}
			@@ -944,7 +941,6 @@

			return $result;
			}

			/**
			* Check if response contains an error
			* Override in child classes for service-specific error detection
			@@ -1217,14 +1213,10 @@

			public function handleAjaxResponse()
			{
			error_log('Ajax Response: '.print_r($_GET, true));

			$code = $_GET['code'];
			$state = $_GET['state'];

			error_log('OAuth Callback - Code: ' . $code);
			error_log('OAuth Callback - State: ' . $state);


			$state_parts = explode('\|', $state);
			$state_key = $state_parts[0] ?? '';
			@@ -1232,16 +1224,13 @@
			$user_id = ($user_id === 0) ? null : $user_id;
			$return_url = isset($state_parts[2]) ? base64_decode($state_parts[2]) : admin_url('admin.php?page=jvb-integrations');

			error_log('Service: '.print_r($this->service_name, true));
			$state_data = get_transient('oauth_state_' . $state_key);
			error_log('State Data: '.print_r($state_data, true));
			if (!$state_data \|\| $state_data['service'] !== $this->service_name) {
			wp_die('Invalid state parameter', 'OAuth Error');
			}

			// Delete the transient to prevent reuse
			delete_transient('oauth_state_' . $state_key);
			error_log('Return URL: '.print_r($return_url, true));
			// Handle error from OAuth provider
			if (array_key_exists('error', $_GET)) {
			$error_description = $_GET['error_description'] ?? 'Authorization denied';
			@@ -1393,17 +1382,29 @@
			if ($this->isOAuthService && $this->hasOAuthCredentials()) {
			// Check if token is expired first
			if (!$this->isOAuthValid()) {
			$this->logDebug('OAuth token expired, attempting refresh');
			if (!$this->refreshOAuthToken()) {
			$this->logError('Failed to refresh expired OAuth token');
			// Only attempt refresh once per request
			if (!$this->token_refresh_attempted) {
			$this->token_refresh_attempted = true;
			// $this->logDebug('OAuth token expired, attempting refresh');

			if (!$this->refreshOAuthToken()) {
			$this->logError('Failed to refresh expired OAuth token - stopping execution');
			// Token refresh failed - DO NOT continue making API requests
			return;
			}
			} else {
			// Already attempted refresh in this request
			// $this->logDebug('Token refresh already attempted, skipping');
			return;
			}
			}
			// Check if we should proactively refresh (before expiry)
			elseif ($this->shouldRefreshToken()) {
			$this->logDebug('OAuth token should be refreshed proactively');
			elseif ($this->shouldRefreshToken() && !$this->token_refresh_attempted) {
			$this->token_refresh_attempted = true;
			// $this->logDebug('OAuth token should be refreshed proactively');
			if (!$this->refreshOAuthToken()) {
			$this->logError('Failed to proactively refresh OAuth token');
			// Not critical - token is still valid
			// Not critical - token is still valid, so continue
			}
			}
			}
			@@ -1427,6 +1428,7 @@
			// Switch context
			$this->userID = $user_id;
			$this->credentials = [];
			$this->resetTokenRefreshFlag(); // ADD THIS LINE

			$this->ensureInitialized();
			}
			@@ -1626,8 +1628,6 @@

			$auth_url = $this->oauth['authorize'] . '?' . http_build_query($params);

			// Debug log for troubleshooting
			error_log("Generated OAuth URL for {$this->service_name}: " . $auth_url);

			return $auth_url;
			}
			@@ -1921,7 +1921,6 @@
			return false;
			}

			// Build refresh request data
			$request_data = [
			'client_id' => $this->credentials['client_id'],
			'client_secret' => $this->credentials['client_secret'],
			@@ -1929,12 +1928,24 @@
			'grant_type' => 'refresh_token'
			];

			// Use centralized OAuth request method
			$response = $this->makeOAuthRequest('POST', $this->oauth['token'], $request_data);

			if (is_wp_error($response)) {
			$this->logError('Failed to refresh Square token', [
			'error' => $response->get_error_message()
			$error_message = $response->get_error_message();

			if (str_contains($error_message, 'invalid_grant')) {
			$this->logError('OAuth refresh token is invalid - user must re-authorize', [
			'error' => $error_message
			], 'critical');

			// Mark unhealthy immediately
			$this->error_stats['consecutive_errors'] = $this->error_threshold;
			$this->is_healthy = false;
			$this->saveErrorStats();
			}

			$this->logError('Failed to refresh OAuth token for '.$this->service_name, [
			'error' => $error_message
			]);
			return false;
			}
			@@ -1943,7 +1954,7 @@
			$this->credentials['access_token'] = $response['access_token'];
			$this->credentials['expires_at'] = time() + ($response['expires_in'] ?? 2592000); // 30 days

			// Note: Square returns the SAME refresh token
			// Note: Some services return the SAME refresh token
			if (isset($response['refresh_token'])) {
			$this->credentials['refresh_token'] = $response['refresh_token'];
			}
			@@ -2125,45 +2136,36 @@
			*/
			public function handleSavePost(int $postID, WP_Post $post, bool $update): void
			{
			error_log('Testing For Save Post');
			if (jvbNoSaveIt($postID, $post)) {
			error_log('Excluded by jvbNoSaveIt');
			return;
			}
			if (empty($this->syncPostTypes)) {
			error_log('No Syncable post types');
			return;
			}

			$config = JVB_CONTENT[jvbNoBase($post->post_type)]??null;
			if (!$config) {
			error_log('No Config set');
			return;
			}

			$settings = $config['integrations'][$this->service_name]??null;
			if (!$settings) {
			error_log('No settings');
			return;
			}

			$fields = $this->getSyncFields($postID, 'post', ['schedule_'.$this->service_name]);
			error_log('Fields to check: '.print_r($fields, true));
			if (!$fields['share_to_'.$this->service_name]) {
			return;
			}

			$isShared = isset($fields["_{$this->service_name}_item_id"]);
			if ($update && $isShared && !$fields['_keep_synced_'.$this->service_name]) {
			error_log('Do not keep synced, not syncing with '.$this->service_name);
			return;
			}

			if ($post->post_status !== 'publish' && !$isShared) {
			error_log('Not published and not already shared');
			return;
			}
			error_log('Sending to integration for processing...');
			$this->handleTheSavePost($postID, $post, $update, $settings);
			}

			@@ -2636,11 +2638,6 @@
			];
			$this->is_healthy = true;
			$this->saveErrorStats();

			$this->logDebug('Integration health manually reset', [
			'reset_by' => get_current_user_id(),
			'reset_time' => time()
			]);
			}

			/**
			@@ -2775,9 +2772,6 @@

			// Check for duplicate processing (idempotency)
			if ($this->isWebhookProcessed($payload)) {
			$this->logDebug('Webhook already processed', [
			'webhook_id' => $this->extractWebhookId($payload)
			]);
			return true; // Return true to prevent retries
			}

			@@ -3073,7 +3067,7 @@
			switch ($action) {
			case 'save_credentials':
			$title = $label;
			$label = jvbIcon('save');
			$label = jvbIcon('floppy-disk');
			break;
			case 'clear_credentials':
			$title = $label;
			@@ -3190,7 +3184,6 @@
			// Verify nonce
			$nonce_field = 'jvb_integration_nonce_' . $service;
			$nonce_action = 'jvb_integration_save_' . $service;
			error_log('handleAdminPost: '.print_r($_POST, true));
			if (!isset($_POST[$nonce_field]) \|\| !wp_verify_nonce($_POST[$nonce_field], $nonce_action)) {
			wp_die('Security check failed');
			}
			@@ -3527,4 +3520,12 @@
			throw new Exception('Failed to save JPEG image');
			}
			}
			/**
			* Reset token refresh attempt flag
			* Called automatically when switching users
			*/
			protected function resetTokenRefreshFlag(): void
			{
			$this->token_refresh_attempted = false;
			}
			}