salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor IGNY8 Bridge to use API key authentication exclusively

Browse Source 
- Removed email/password authentication and related settings from the plugin.
- Updated API connection logic to utilize only the API key for authentication.
- Simplified the admin interface by removing webhook-related settings and messages.
- Enhanced the settings page with improved UI and status indicators for API connection.
- Added a new REST API endpoint to check plugin status and connection health.
- Updated styles for a modernized look and feel across the admin interface.
This commit is contained in:
IGNY8 VPS (Salman)
2025-11-22 10:31:07 +00:00
parent 3b3be535d6
commit a0d9bccb05
10 changed files with 1064 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
igny8-wp-plugin/includes/class-igny8-rest-api.php
View File

@@ -77,20 +77,23 @@ class Igny8RestAPI {
'callback' => array($this, 'get_site_metadata'),
'permission_callback' => '__return_true',
));
// Plugin status endpoint - returns connection status and API key info
register_rest_route('igny8/v1', '/status', array(
'methods' => 'GET',
'callback' => array($this, 'get_status'),
'permission_callback' => '__return_true', // Public endpoint for health checks
));
}
/**
* Check API permission
* Check API permission - uses API key only
*
* @param WP_REST_Request $request Request object
* @return bool|WP_Error
*/
public function check_permission($request) {
// Do NOT block endpoints when the plugin connection is disabled.
// The plugin-side "Enable Sync Operations" option should only stop background sync actions,
// but REST discovery endpoints should remain callable. Authentication is still required.
// Check if authenticated with IGNY8 via stored token OR X-IGNY8-API-KEY header
// Check if authenticated with IGNY8 via API key
$api = new Igny8API();
// Accept explicit X-IGNY8-API-KEY header for incoming requests
@@ -102,33 +105,24 @@ class Igny8RestAPI {
}
}
if (!$api->is_authenticated()) {
return new WP_Error(
'rest_forbidden',
__('IGNY8 API not authenticated', 'igny8-bridge'),
array('status' => 401)
);
}
// Verify API token from request header
// Check Authorization Bearer header
$auth_header = $request->get_header('Authorization');
if ($auth_header) {
$token = get_option('igny8_access_token');
if ($token && strpos($auth_header, 'Bearer ' . $token) !== false) {
$stored_api_key = function_exists('igny8_get_secure_option') ? igny8_get_secure_option('igny8_api_key') : get_option('igny8_api_key');
if ($stored_api_key && strpos($auth_header, 'Bearer ' . $stored_api_key) !== false) {
return true;
}
}
// Allow if IGNY8 is connected (for internal use)
// Allow if API key is configured (for internal use)
if ($api->is_authenticated()) {
return true;
}
return new WP_Error(
'rest_forbidden',
__('Invalid authentication', 'igny8-bridge'),
array('status' => 403)
__('IGNY8 API key not authenticated', 'igny8-bridge'),
array('status' => 401)
);
}
@@ -345,6 +339,30 @@ class Igny8RestAPI {
return $response;
}
/**
* GET /status - Returns plugin connection status and API key info
*
* @param WP_REST_Request $request
* @return WP_REST_Response
*/
public function get_status($request) {
$api = new Igny8API();
$api_key = function_exists('igny8_get_secure_option') ? igny8_get_secure_option('igny8_api_key') : get_option('igny8_api_key');
$connection_enabled = igny8_is_connection_enabled();
$data = array(
'connected' => !empty($api_key) && $api->is_authenticated(),
'has_api_key' => !empty($api_key),
'communication_enabled' => $connection_enabled,
'plugin_version' => defined('IGNY8_BRIDGE_VERSION') ? IGNY8_BRIDGE_VERSION : '1.0.0',
'wordpress_version' => get_bloginfo('version'),
'last_health_check' => get_option('igny8_last_api_health_check', 0),
'health' => (!empty($api_key) && $connection_enabled) ? 'healthy' : 'not_configured'
);
return $this->build_unified_response(true, $data, 'Plugin status retrieved', null, null, 200);
}
/**
* GET /site-metadata/ - returns post types, taxonomies and counts in unified format
*