Add Site Metadata Endpoint and API Key Management

- Introduced a new Site Metadata endpoint (`GET /wp-json/igny8/v1/site-metadata/`) for retrieving available post types and taxonomies, including counts. - Added API key input in the admin settings for authentication, with secure storage and revocation functionality. - Implemented a toggle for enabling/disabling two-way sync operations. - Updated documentation to reflect new features and usage examples. - Enhanced permission checks for REST API calls to ensure secure access.
2025-11-21 15:18:48 +00:00
parent 1eba4a4e15
commit c35b3c3641
10 changed files with 475 additions and 34 deletions
--- a/igny8-wp-integration-plugin/admin/class-admin.php
+++ b/igny8-wp-integration-plugin/admin/class-admin.php
@@ -64,6 +64,11 @@ class Igny8Admin {
    public function register_settings() {
        register_setting('igny8_settings', 'igny8_email');
        register_setting('igny8_settings', 'igny8_site_id');
+        register_setting('igny8_settings', 'igny8_enable_two_way_sync', array(
+            'type' => 'boolean',
+            'sanitize_callback' => array($this, 'sanitize_boolean'),
+            'default' => 1
+        ));
        
        register_setting('igny8_bridge_connection', 'igny8_connection_enabled', array(
            'type' => 'boolean',
@@ -161,6 +166,17 @@ class Igny8Admin {
            $this->handle_connection();
        }
        
+        // Handle revoke API key
+        if (isset($_POST['igny8_revoke_api_key']) && check_admin_referer('igny8_revoke_api_key')) {
+            self::revoke_api_key();
+            add_settings_error(
+                'igny8_settings',
+                'igny8_api_key_revoked',
+                __('API key revoked and removed from this site.', 'igny8-bridge'),
+                'updated'
+            );
+        }
+        
        // Handle webhook secret regeneration
        if (isset($_POST['igny8_regenerate_secret']) && check_admin_referer('igny8_regenerate_secret')) {
            $new_secret = igny8_regenerate_webhook_secret();
@@ -182,43 +198,78 @@ class Igny8Admin {
    private function handle_connection() {
        $email = sanitize_email($_POST['igny8_email'] ?? '');
        $password = $_POST['igny8_password'] ?? '';
-        
-        if (empty($email) || empty($password)) {
+        $api_key = sanitize_text_field($_POST['igny8_api_key'] ?? '');
+
+        // Require email, password AND API key per updated policy
+        if (empty($email) || empty($password) || empty($api_key)) {
            add_settings_error(
                'igny8_settings',
                'igny8_error',
-                __('Email and password are required.', 'igny8-bridge'),
+                __('Email, password and API key are all required to establish the connection.', 'igny8-bridge'),
                'error'
            );
            return;
        }
-        
+
+        // First, attempt login with email/password
        $api = new Igny8API();
-        
-        if ($api->login($email, $password)) {
-            update_option('igny8_email', $email);
-            
-            // Try to get site ID (if available)
-            $site_response = $api->get('/system/sites/');
-            if ($site_response['success'] && !empty($site_response['results'])) {
-                $site = $site_response['results'][0];
-                update_option('igny8_site_id', $site['id']);
-            }
-            
-            add_settings_error(
-                'igny8_settings',
-                'igny8_connected',
-                __('Successfully connected to IGNY8 API.', 'igny8-bridge'),
-                'updated'
-            );
-        } else {
+
+        if (!$api->login($email, $password)) {
            add_settings_error(
                'igny8_settings',
                'igny8_error',
-                __('Failed to connect to IGNY8 API. Please check your credentials.', 'igny8-bridge'),
+                __('Failed to connect to IGNY8 API with provided credentials.', 'igny8-bridge'),
                'error'
            );
+            return;
        }
+
+        // Store email
+        update_option('igny8_email', $email);
+
+        // Store API key securely and also set access token to the API key for subsequent calls if desired
+        if (function_exists('igny8_store_secure_option')) {
+            igny8_store_secure_option('igny8_api_key', $api_key);
+            igny8_store_secure_option('igny8_access_token', $api_key);
+        } else {
+            update_option('igny8_api_key', $api_key);
+            update_option('igny8_access_token', $api_key);
+        }
+
+        // Try to get site ID (if available) using the authenticated client
+        $site_response = $api->get('/system/sites/');
+        if ($site_response['success'] && !empty($site_response['results'])) {
+            $site = $site_response['results'][0];
+            update_option('igny8_site_id', $site['id']);
+        }
+
+        add_settings_error(
+            'igny8_settings',
+            'igny8_connected',
+            __('Successfully connected to IGNY8 API and stored API key.', 'igny8-bridge'),
+            'updated'
+        );
+    }
+
+    /**
+     * Revoke stored API key (secure delete)
+     *
+     * Public so tests can call it directly.
+     */
+    public static function revoke_api_key() {
+        if (function_exists('igny8_delete_secure_option')) {
+            igny8_delete_secure_option('igny8_api_key');
+            igny8_delete_secure_option('igny8_access_token');
+            igny8_delete_secure_option('igny8_refresh_token');
+        } else {
+            delete_option('igny8_api_key');
+            delete_option('igny8_access_token');
+            delete_option('igny8_refresh_token');
+        }
+
+        // Also clear token-issued timestamps
+        delete_option('igny8_token_refreshed_at');
+        delete_option('igny8_access_token_issued');
    }
    
    /**