Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 26 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 1 |
| WPCOM_REST_API_V2_Verbum_OEmbed | |
0.00% |
0 / 25 |
|
0.00% |
0 / 4 |
42 | |
0.00% |
0 / 1 |
| __construct | |
0.00% |
0 / 5 |
|
0.00% |
0 / 1 |
2 | |||
| register_routes | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
2 | |||
| permission_callback | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
6 | |||
| get_embed_data | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
6 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * Plugin Name: Verbum Comments Experience Embeds. |
| 4 | * Description: This is used to get the embed data for the embed block. The core API requires authentication, so we need to create our own endpoint. |
| 5 | * Author: Vertex |
| 6 | * Text Domain: jetpack-mu-wpcom |
| 7 | * |
| 8 | * @package automattic/jetpack-mu-plugins |
| 9 | */ |
| 10 | |
| 11 | declare( strict_types = 1 ); |
| 12 | |
| 13 | /** |
| 14 | * Verbum Comments Experience Embeds endpoint. |
| 15 | */ |
| 16 | class WPCOM_REST_API_V2_Verbum_OEmbed extends \WP_REST_Controller { |
| 17 | /** |
| 18 | * Constructor. |
| 19 | */ |
| 20 | public function __construct() { |
| 21 | $this->namespace = 'wpcom/v2'; |
| 22 | $this->rest_base = '/verbum/embed'; |
| 23 | $this->wpcom_is_wpcom_only_endpoint = false; |
| 24 | $this->wpcom_is_site_specific_endpoint = false; |
| 25 | add_action( 'rest_api_init', array( $this, 'register_routes' ) ); |
| 26 | } |
| 27 | |
| 28 | /** |
| 29 | * Register the routes for the objects of the controller. |
| 30 | */ |
| 31 | public function register_routes() { |
| 32 | register_rest_route( |
| 33 | $this->namespace, |
| 34 | $this->rest_base, |
| 35 | array( |
| 36 | 'show_in_index' => false, |
| 37 | 'methods' => \WP_REST_Server::READABLE, |
| 38 | 'callback' => array( $this, 'get_embed_data' ), |
| 39 | 'permission_callback' => array( $this, 'permission_callback' ), |
| 40 | ) |
| 41 | ); |
| 42 | } |
| 43 | |
| 44 | /** |
| 45 | * Check if the user is authenticated. |
| 46 | * |
| 47 | * @param WP_REST_Request $request The request object. |
| 48 | * @return bool |
| 49 | */ |
| 50 | public function permission_callback( WP_REST_Request $request ) { |
| 51 | if ( is_user_logged_in() ) { |
| 52 | return true; // Bypass nonce check for logged-in users. |
| 53 | } |
| 54 | |
| 55 | $nonce = $request->get_param( 'embed_nonce' ); |
| 56 | |
| 57 | return wp_verify_nonce( $nonce, 'embed_nonce' ); |
| 58 | } |
| 59 | |
| 60 | /** |
| 61 | * Get the embed data for the embed block. |
| 62 | * |
| 63 | * @param WP_REST_Request $request The request object. |
| 64 | * @return array|\WP_Error |
| 65 | */ |
| 66 | public function get_embed_data( WP_REST_Request $request ) { |
| 67 | $url = sanitize_url( $request->get_param( 'embed_url' ) ); |
| 68 | $instance = new WP_oEmbed(); |
| 69 | $embed_data = $instance->get_data( $url, array() ); |
| 70 | |
| 71 | // Return error if the embed data is empty. |
| 72 | // This matches the core response. |
| 73 | if ( false === $embed_data ) { |
| 74 | return new \WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) ); |
| 75 | } |
| 76 | |
| 77 | return $embed_data; |
| 78 | } |
| 79 | } |
| 80 | |
| 81 | wpcom_rest_api_v2_load_plugin( 'WPCOM_REST_API_V2_Verbum_oEmbed' ); |