|
1 <?php |
|
2 |
|
3 class Akismet_REST_API { |
|
4 /** |
|
5 * Register the REST API routes. |
|
6 */ |
|
7 public static function init() { |
|
8 if ( ! function_exists( 'register_rest_route' ) ) { |
|
9 // The REST API wasn't integrated into core until 4.4, and we support 4.0+ (for now). |
|
10 return false; |
|
11 } |
|
12 |
|
13 register_rest_route( 'akismet/v1', '/key', array( |
|
14 array( |
|
15 'methods' => WP_REST_Server::READABLE, |
|
16 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
17 'callback' => array( 'Akismet_REST_API', 'get_key' ), |
|
18 ), array( |
|
19 'methods' => WP_REST_Server::EDITABLE, |
|
20 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
21 'callback' => array( 'Akismet_REST_API', 'set_key' ), |
|
22 'args' => array( |
|
23 'key' => array( |
|
24 'required' => true, |
|
25 'type' => 'string', |
|
26 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_key' ), |
|
27 'description' => __( 'A 12-character Akismet API key. Available at akismet.com/get/', 'akismet' ), |
|
28 ), |
|
29 ), |
|
30 ), array( |
|
31 'methods' => WP_REST_Server::DELETABLE, |
|
32 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
33 'callback' => array( 'Akismet_REST_API', 'delete_key' ), |
|
34 ) |
|
35 ) ); |
|
36 |
|
37 register_rest_route( 'akismet/v1', '/settings/', array( |
|
38 array( |
|
39 'methods' => WP_REST_Server::READABLE, |
|
40 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
41 'callback' => array( 'Akismet_REST_API', 'get_settings' ), |
|
42 ), |
|
43 array( |
|
44 'methods' => WP_REST_Server::EDITABLE, |
|
45 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
46 'callback' => array( 'Akismet_REST_API', 'set_boolean_settings' ), |
|
47 'args' => array( |
|
48 'akismet_strictness' => array( |
|
49 'required' => false, |
|
50 'type' => 'boolean', |
|
51 'description' => __( 'If true, Akismet will automatically discard the worst spam automatically rather than putting it in the spam folder.', 'akismet' ), |
|
52 ), |
|
53 'akismet_show_user_comments_approved' => array( |
|
54 'required' => false, |
|
55 'type' => 'boolean', |
|
56 'description' => __( 'If true, show the number of approved comments beside each comment author in the comments list page.', 'akismet' ), |
|
57 ), |
|
58 ), |
|
59 ) |
|
60 ) ); |
|
61 |
|
62 register_rest_route( 'akismet/v1', '/stats', array( |
|
63 'methods' => WP_REST_Server::READABLE, |
|
64 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
65 'callback' => array( 'Akismet_REST_API', 'get_stats' ), |
|
66 'args' => array( |
|
67 'interval' => array( |
|
68 'required' => false, |
|
69 'type' => 'string', |
|
70 'sanitize_callback' => array( 'Akismet_REST_API', 'sanitize_interval' ), |
|
71 'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ), |
|
72 'default' => 'all', |
|
73 ), |
|
74 ), |
|
75 ) ); |
|
76 |
|
77 register_rest_route( 'akismet/v1', '/stats/(?P<interval>[\w+])', array( |
|
78 'args' => array( |
|
79 'interval' => array( |
|
80 'description' => __( 'The time period for which to retrieve stats. Options: 60-days, 6-months, all', 'akismet' ), |
|
81 'type' => 'string', |
|
82 ), |
|
83 ), |
|
84 array( |
|
85 'methods' => WP_REST_Server::READABLE, |
|
86 'permission_callback' => array( 'Akismet_REST_API', 'privileged_permission_callback' ), |
|
87 'callback' => array( 'Akismet_REST_API', 'get_stats' ), |
|
88 ) |
|
89 ) ); |
|
90 } |
|
91 |
|
92 /** |
|
93 * Get the current Akismet API key. |
|
94 * |
|
95 * @param WP_REST_Request $request |
|
96 * @return WP_Error|WP_REST_Response |
|
97 */ |
|
98 public static function get_key( $request = null ) { |
|
99 return rest_ensure_response( Akismet::get_api_key() ); |
|
100 } |
|
101 |
|
102 /** |
|
103 * Set the API key, if possible. |
|
104 * |
|
105 * @param WP_REST_Request $request |
|
106 * @return WP_Error|WP_REST_Response |
|
107 */ |
|
108 public static function set_key( $request ) { |
|
109 if ( defined( 'WPCOM_API_KEY' ) ) { |
|
110 return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be changed via the API.', 'akismet' ), array( 'status'=> 409 ) ) ); |
|
111 } |
|
112 |
|
113 $new_api_key = $request->get_param( 'key' ); |
|
114 |
|
115 if ( ! self::key_is_valid( $new_api_key ) ) { |
|
116 return rest_ensure_response( new WP_Error( 'invalid_key', __( 'The value provided is not a valid and registered API key.', 'akismet' ), array( 'status' => 400 ) ) ); |
|
117 } |
|
118 |
|
119 update_option( 'wordpress_api_key', $new_api_key ); |
|
120 |
|
121 return self::get_key(); |
|
122 } |
|
123 |
|
124 /** |
|
125 * Unset the API key, if possible. |
|
126 * |
|
127 * @param WP_REST_Request $request |
|
128 * @return WP_Error|WP_REST_Response |
|
129 */ |
|
130 public static function delete_key( $request ) { |
|
131 if ( defined( 'WPCOM_API_KEY' ) ) { |
|
132 return rest_ensure_response( new WP_Error( 'hardcoded_key', __( 'This site\'s API key is hardcoded and cannot be deleted.', 'akismet' ), array( 'status'=> 409 ) ) ); |
|
133 } |
|
134 |
|
135 delete_option( 'wordpress_api_key' ); |
|
136 |
|
137 return rest_ensure_response( true ); |
|
138 } |
|
139 |
|
140 /** |
|
141 * Get the Akismet settings. |
|
142 * |
|
143 * @param WP_REST_Request $request |
|
144 * @return WP_Error|WP_REST_Response |
|
145 */ |
|
146 public static function get_settings( $request = null ) { |
|
147 return rest_ensure_response( array( |
|
148 'akismet_strictness' => ( get_option( 'akismet_strictness', '1' ) === '1' ), |
|
149 'akismet_show_user_comments_approved' => ( get_option( 'akismet_show_user_comments_approved', '1' ) === '1' ), |
|
150 ) ); |
|
151 } |
|
152 |
|
153 /** |
|
154 * Update the Akismet settings. |
|
155 * |
|
156 * @param WP_REST_Request $request |
|
157 * @return WP_Error|WP_REST_Response |
|
158 */ |
|
159 public static function set_boolean_settings( $request ) { |
|
160 foreach ( array( |
|
161 'akismet_strictness', |
|
162 'akismet_show_user_comments_approved', |
|
163 ) as $setting_key ) { |
|
164 |
|
165 $setting_value = $request->get_param( $setting_key ); |
|
166 if ( is_null( $setting_value ) ) { |
|
167 // This setting was not specified. |
|
168 continue; |
|
169 } |
|
170 |
|
171 // From 4.7+, WP core will ensure that these are always boolean |
|
172 // values because they are registered with 'type' => 'boolean', |
|
173 // but we need to do this ourselves for prior versions. |
|
174 $setting_value = Akismet_REST_API::parse_boolean( $setting_value ); |
|
175 |
|
176 update_option( $setting_key, $setting_value ? '1' : '0' ); |
|
177 } |
|
178 |
|
179 return self::get_settings(); |
|
180 } |
|
181 |
|
182 /** |
|
183 * Parse a numeric or string boolean value into a boolean. |
|
184 * |
|
185 * @param mixed $value The value to convert into a boolean. |
|
186 * @return bool The converted value. |
|
187 */ |
|
188 public static function parse_boolean( $value ) { |
|
189 switch ( $value ) { |
|
190 case true: |
|
191 case 'true': |
|
192 case '1': |
|
193 case 1: |
|
194 return true; |
|
195 |
|
196 case false: |
|
197 case 'false': |
|
198 case '0': |
|
199 case 0: |
|
200 return false; |
|
201 |
|
202 default: |
|
203 return (bool) $value; |
|
204 } |
|
205 } |
|
206 |
|
207 /** |
|
208 * Get the Akismet stats for a given time period. |
|
209 * |
|
210 * Possible `interval` values: |
|
211 * - all |
|
212 * - 60-days |
|
213 * - 6-months |
|
214 * |
|
215 * @param WP_REST_Request $request |
|
216 * @return WP_Error|WP_REST_Response |
|
217 */ |
|
218 public static function get_stats( $request ) { |
|
219 $api_key = Akismet::get_api_key(); |
|
220 |
|
221 $interval = $request->get_param( 'interval' ); |
|
222 |
|
223 $stat_totals = array(); |
|
224 |
|
225 $response = Akismet::http_post( Akismet::build_query( array( 'blog' => get_option( 'home' ), 'key' => $api_key, 'from' => $interval ) ), 'get-stats' ); |
|
226 |
|
227 if ( ! empty( $response[1] ) ) { |
|
228 $stat_totals[$interval] = json_decode( $response[1] ); |
|
229 } |
|
230 |
|
231 return rest_ensure_response( $stat_totals ); |
|
232 } |
|
233 |
|
234 private static function key_is_valid( $key ) { |
|
235 $response = Akismet::http_post( |
|
236 Akismet::build_query( |
|
237 array( |
|
238 'key' => $key, |
|
239 'blog' => get_option( 'home' ) |
|
240 ) |
|
241 ), |
|
242 'verify-key' |
|
243 ); |
|
244 |
|
245 if ( $response[1] == 'valid' ) { |
|
246 return true; |
|
247 } |
|
248 |
|
249 return false; |
|
250 } |
|
251 |
|
252 public static function privileged_permission_callback() { |
|
253 return current_user_can( 'manage_options' ); |
|
254 } |
|
255 |
|
256 public static function sanitize_interval( $interval, $request, $param ) { |
|
257 $interval = trim( $interval ); |
|
258 |
|
259 $valid_intervals = array( '60-days', '6-months', 'all', ); |
|
260 |
|
261 if ( ! in_array( $interval, $valid_intervals ) ) { |
|
262 $interval = 'all'; |
|
263 } |
|
264 |
|
265 return $interval; |
|
266 } |
|
267 |
|
268 public static function sanitize_key( $key, $request, $param ) { |
|
269 return trim( $key ); |
|
270 } |
|
271 } |