From e9967fa22781d922ba4eb8fb44fe72d200ac4b14 Mon Sep 17 00:00:00 2001
From: Jake Vanderwerf <get@jakevanderwerf.ca>
Date: Mon, 10 Nov 2025 21:04:10 +0000
Subject: [PATCH] =IconsManager.php update

---
 inc/rest/routes/MagicLinkRoutes.php |   88 +++++++++++++++++++++++--------------------
 1 files changed, 47 insertions(+), 41 deletions(-)

diff --git a/inc/rest/routes/MagicLinkRoutes.php b/inc/rest/routes/MagicLinkRoutes.php
index 3535d6d..fc12edc 100644
--- a/inc/rest/routes/MagicLinkRoutes.php
+++ b/inc/rest/routes/MagicLinkRoutes.php
@@ -32,38 +32,38 @@
 	public function registerRoutes(): void
 	{
 		// Send magic link
-		register_rest_route($this->namespace, '/magic-link', [
+		register_rest_route($this->namespace, '/magic', [
 			'methods' => 'POST',
 			'callback' => [$this, 'sendMagicLink'],
-			'permission_callback' => '__return_true', // Public endpoint
-			'args' => [
-				'email' => [
-					'required' => true,
-					'type' => 'string',
-					'format' => 'email',
-					'validate_callback' => function($param) {
-						return is_email($param);
-					}
-				],
-				'type' => [
-					'required' => false,
-					'type' => 'string',
-					'default' => 'login',
-					'enum' => ['login', 'signup', 'referral', 'reset']
-				],
-				'context' => [
-					'required' => false,
-					'type' => 'object',
-					'default' => []
-				]
-			]
+			'permission_callback' => [$this, 'checkRateLimit'],
+//			'args' => [
+//				'email' => [
+//					'required' => true,
+//					'type' => 'string',
+//					'format' => 'email',
+//					'validate_callback' => function($param) {
+//						return is_email($param);
+//					}
+//				],
+//				'type' => [
+//					'required' => false,
+//					'type' => 'string',
+//					'default' => 'login',
+//					'enum' => ['login', 'signup', 'referral', 'reset']
+//				],
+//				'context' => [
+//					'required' => false,
+//					'type' => 'object',
+//					'default' => []
+//				]
+//			]
 		]);
 
 		// Resend magic link
-		register_rest_route($this->namespace, '/magic-link/resend', [
+		register_rest_route($this->namespace, '/magic/resend', [
 			'methods' => 'POST',
 			'callback' => [$this, 'resendMagicLink'],
-			'permission_callback' => '__return_true',
+			'permission_callback' => [$this, 'checkRateLimit'],
 			'args' => [
 				'email' => [
 					'required' => true,
@@ -78,7 +78,7 @@
 		]);
 
 		// Check token validity (useful for frontend)
-		register_rest_route($this->namespace, '/magic-link/verify', [
+		register_rest_route($this->namespace, '/magic/verify', [
 			'methods' => 'POST',
 			'callback' => [$this, 'verifyToken'],
 			'permission_callback' => '__return_true',
@@ -104,7 +104,7 @@
 	 */
 	public function sendMagicLink(WP_REST_Request $request): WP_REST_Response
 	{
-		$email = sanitize_email($request->get_param('email'));
+		$email = sanitize_email($request->get_param('email')??$request->get_param('user_email')??'');
 		$type = sanitize_text_field($request->get_param('type'));
 		$context = $request->get_param('context') ?? [];
 
@@ -120,6 +120,16 @@
 			], 400);
 		}
 
+		// Check if email exists
+		$exists = email_exists($email);
+		if (!$exists) {
+
+			return new WP_REST_Response([
+				'success' => false,
+				'message' => 'User account not found'
+			], 400);
+		}
+
 		// Send the magic link
 		$result = $this->magic_link->sendMagicLink($email, $type, $context);
 		error_log('Result: '.print_r($result, true));
@@ -163,34 +173,30 @@
 		$token = sanitize_text_field($request->get_param('token'));
 		$email = sanitize_email($request->get_param('email'));
 
-		$cache_key = 'magic_token_' . $token;
-		$token_data = get_transient($cache_key);
+		// This returns array|WP_Error - check for error first
+		$token_data = $this->magic_link->verifyToken($token, $email);
 
-		if (!$token_data) {
+		if (is_wp_error($token_data)) {
 			return new WP_REST_Response([
 				'valid' => false,
-				'message' => 'Token expired or invalid'
+				'message' => $token_data->get_error_message()
 			], 400);
 		}
 
-		if ($token_data['email'] !== $email) {
+		// Now check the data
+		if (!isset($token_data['email']) || $token_data['email'] !== $email) {
 			return new WP_REST_Response([
 				'valid' => false,
 				'message' => 'Invalid token'
 			], 400);
 		}
 
-		if (time() > $token_data['expires_at']) {
-			return new WP_REST_Response([
-				'valid' => false,
-				'message' => 'Token expired'
-			], 400);
-		}
-
+		// Check expiration - but your cache-based system doesn't store expires_at
+		// If token wasn't expired, it wouldn't have been returned from cache
+		// So just return valid:
 		return new WP_REST_Response([
 			'valid' => true,
-			'type' => $token_data['type'],
-			'expires_in' => $token_data['expires_at'] - time()
+			'type' => $token_data['type'] ?? 'unknown'
 		], 200);
 	}
 

--
Gitblit v1.10.0