Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
40.71% |
46 / 113 |
|
20.00% |
2 / 10 |
CRAP | |
0.00% |
0 / 1 |
| AJAX | |
40.71% |
46 / 113 |
|
20.00% |
2 / 10 |
290.34 | |
0.00% |
0 / 1 |
| __construct | |
100.00% |
12 / 12 |
|
100.00% |
1 / 1 |
1 | |||
| init | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
2 | |||
| is_valid_guid | |
0.00% |
0 / 6 |
|
0.00% |
0 / 1 |
12 | |||
| wp_ajax_videopress_get_playback_jwt | |
0.00% |
0 / 19 |
|
0.00% |
0 / 1 |
56 | |||
| is_current_user_authed_for_video | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| request_jwt_from_wpcom | |
0.00% |
0 / 17 |
|
0.00% |
0 / 1 |
56 | |||
| wp_ajax_videopress_get_upload_jwt | |
77.78% |
14 / 18 |
|
0.00% |
0 / 1 |
4.18 | |||
| wp_ajax_videopress_get_upload_token | |
77.78% |
14 / 18 |
|
0.00% |
0 / 1 |
4.18 | |||
| wp_ajax_update_transcoding_status | |
0.00% |
0 / 15 |
|
0.00% |
0 / 1 |
12 | |||
| get_videopress_blog_id | |
75.00% |
3 / 4 |
|
0.00% |
0 / 1 |
3.14 | |||
| 1 | <?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName |
| 2 | |
| 3 | namespace Automattic\Jetpack\VideoPress; |
| 4 | |
| 5 | use Automattic\Jetpack\Connection\Client; |
| 6 | |
| 7 | /** |
| 8 | * VideoPress AJAX action handlers and utilities. |
| 9 | * |
| 10 | * Note: this is also being used on WordPress.com. |
| 11 | * Use IS_WPCOM checks for functionality that is specific to WPCOM/Jetpack. |
| 12 | */ |
| 13 | class AJAX { |
| 14 | |
| 15 | /** |
| 16 | * Singleton AJAX instance. |
| 17 | * |
| 18 | * @var AJAX |
| 19 | **/ |
| 20 | private static $instance = null; |
| 21 | |
| 22 | /** |
| 23 | * Private AJAX constructor. |
| 24 | * |
| 25 | * Use the AJAX::init() method to get an instance. |
| 26 | */ |
| 27 | private function __construct() { |
| 28 | add_action( 'wp_ajax_videopress-get-upload-token', array( $this, 'wp_ajax_videopress_get_upload_token' ) ); |
| 29 | add_action( 'wp_ajax_videopress-get-upload-jwt', array( $this, 'wp_ajax_videopress_get_upload_jwt' ) ); |
| 30 | add_action( 'wp_ajax_nopriv_videopress-get-playback-jwt', array( $this, 'wp_ajax_videopress_get_playback_jwt' ) ); |
| 31 | add_action( 'wp_ajax_videopress-get-playback-jwt', array( $this, 'wp_ajax_videopress_get_playback_jwt' ) ); |
| 32 | |
| 33 | add_action( |
| 34 | 'wp_ajax_videopress-update-transcoding-status', |
| 35 | array( |
| 36 | $this, |
| 37 | 'wp_ajax_update_transcoding_status', |
| 38 | ), |
| 39 | -1 |
| 40 | ); |
| 41 | } |
| 42 | |
| 43 | /** |
| 44 | * Initialize the AJAX and get back a singleton instance. |
| 45 | * |
| 46 | * @return AJAX |
| 47 | */ |
| 48 | public static function init() { |
| 49 | if ( self::$instance === null ) { |
| 50 | self::$instance = new AJAX(); |
| 51 | } |
| 52 | |
| 53 | return self::$instance; |
| 54 | } |
| 55 | |
| 56 | /** |
| 57 | * Validate a guid. |
| 58 | * |
| 59 | * @param string $guid The guid to validate. |
| 60 | * |
| 61 | * @return bool |
| 62 | **/ |
| 63 | private function is_valid_guid( $guid ) { |
| 64 | if ( empty( $guid ) ) { |
| 65 | return false; |
| 66 | } |
| 67 | |
| 68 | preg_match( '/^[a-z0-9]{8}$/i', $guid, $matches ); |
| 69 | |
| 70 | if ( empty( $matches ) ) { |
| 71 | return false; |
| 72 | } |
| 73 | |
| 74 | return true; |
| 75 | } |
| 76 | |
| 77 | /** |
| 78 | * Ajax method that is used by the VideoPress player to get a token to play a video. |
| 79 | * |
| 80 | * This is used for both logged in and logged out users. |
| 81 | * |
| 82 | * @return void |
| 83 | */ |
| 84 | public function wp_ajax_videopress_get_playback_jwt() { |
| 85 | $guid = filter_input( INPUT_POST, 'guid' ); |
| 86 | $embedded_post_id = filter_input( INPUT_POST, 'post_id', FILTER_VALIDATE_INT ); |
| 87 | $selected_plan_id = filter_input( INPUT_POST, 'subscription_plan_id' ); |
| 88 | |
| 89 | if ( empty( $embedded_post_id ) ) { |
| 90 | $embedded_post_id = 0; |
| 91 | } |
| 92 | |
| 93 | if ( empty( $guid ) || ! $this->is_valid_guid( $guid ) ) { |
| 94 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 95 | wp_send_json_error( array( 'message' => __( 'need a guid', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 96 | return; |
| 97 | } |
| 98 | |
| 99 | if ( ! $this->is_current_user_authed_for_video( $guid, $embedded_post_id, $selected_plan_id ) ) { |
| 100 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 101 | wp_send_json_error( array( 'message' => __( 'You cannot view this video.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 102 | return; |
| 103 | } |
| 104 | |
| 105 | $token = $this->request_jwt_from_wpcom( $guid ); |
| 106 | |
| 107 | if ( empty( $token ) ) { |
| 108 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 109 | wp_send_json_error( array( 'message' => __( 'Could not obtain a VideoPress playback JWT. Please try again later. (empty upload token)', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 110 | return; |
| 111 | } |
| 112 | |
| 113 | if ( is_wp_error( $token ) ) { |
| 114 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 115 | wp_send_json_error( array( 'message' => __( 'Could not obtain a VideoPress upload JWT. Please try again later.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 116 | return; |
| 117 | } |
| 118 | |
| 119 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 120 | wp_send_json_success( array( 'jwt' => $token ), null, JSON_UNESCAPED_SLASHES ); |
| 121 | } |
| 122 | |
| 123 | /** |
| 124 | * Determines if the current user can view the provided video. Only ever gets fired if site-wide private videos are enabled. |
| 125 | * |
| 126 | * Filterable for 3rd party plugins. |
| 127 | * |
| 128 | * @param string $guid The video id being checked. |
| 129 | * @param int $embedded_post_id The post id the video is embedded in or 0. |
| 130 | * @param int $selected_plan_id The plan id the earn block this video is embedded in has. |
| 131 | */ |
| 132 | private function is_current_user_authed_for_video( $guid, $embedded_post_id, $selected_plan_id = 0 ) { |
| 133 | return Access_Control::instance()->is_current_user_authed_for_video( $guid, $embedded_post_id, $selected_plan_id ); |
| 134 | } |
| 135 | |
| 136 | /** |
| 137 | * Requests JWT from wpcom. |
| 138 | * |
| 139 | * @param string $guid The video id being checked. |
| 140 | */ |
| 141 | private function request_jwt_from_wpcom( $guid ) { |
| 142 | if ( defined( 'IS_WPCOM' ) && IS_WPCOM && function_exists( 'video_wpcom_get_playback_jwt_for_guid' ) ) { |
| 143 | $jwt_data = video_wpcom_get_playback_jwt_for_guid( $guid ); |
| 144 | if ( is_wp_error( $jwt_data ) ) { |
| 145 | return false; |
| 146 | } |
| 147 | return $jwt_data->metadata_token; |
| 148 | } |
| 149 | |
| 150 | $video_blog_id = $this->get_videopress_blog_id(); |
| 151 | $args = array( |
| 152 | 'method' => 'POST', |
| 153 | ); |
| 154 | |
| 155 | $endpoint = "sites/{$video_blog_id}/media/videopress-playback-jwt/{$guid}"; |
| 156 | $result = Client::wpcom_json_api_request_as_blog( $endpoint, 'v2', $args, null, 'wpcom' ); |
| 157 | if ( is_wp_error( $result ) ) { |
| 158 | return $result; |
| 159 | } |
| 160 | |
| 161 | $response = json_decode( $result['body'], true ); |
| 162 | |
| 163 | if ( empty( $response['metadata_token'] ) ) { |
| 164 | return false; |
| 165 | } |
| 166 | |
| 167 | return $response['metadata_token']; |
| 168 | } |
| 169 | |
| 170 | /** |
| 171 | * Ajax method that is used by the VideoPress uploader to get a token to upload a file to the wpcom api. |
| 172 | * |
| 173 | * @return void |
| 174 | */ |
| 175 | public function wp_ajax_videopress_get_upload_jwt() { |
| 176 | if ( ! current_user_can( 'upload_files' ) ) { |
| 177 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 178 | wp_send_json_error( array( 'message' => __( 'You do not have permission to upload files.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 179 | return; |
| 180 | } |
| 181 | |
| 182 | $video_blog_id = $this->get_videopress_blog_id(); |
| 183 | $args = array( |
| 184 | 'method' => 'POST', |
| 185 | ); |
| 186 | |
| 187 | $endpoint = "sites/{$video_blog_id}/media/videopress-upload-jwt"; |
| 188 | $result = Client::wpcom_json_api_request_as_blog( $endpoint, 'v2', $args, null, 'wpcom' ); |
| 189 | if ( is_wp_error( $result ) ) { |
| 190 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 191 | wp_send_json_error( array( 'message' => __( 'Could not obtain a VideoPress upload JWT. Please try again later.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 192 | return; |
| 193 | } |
| 194 | |
| 195 | $response = json_decode( $result['body'], true ); |
| 196 | |
| 197 | if ( empty( $response['upload_token'] ) ) { |
| 198 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 199 | wp_send_json_error( array( 'message' => __( 'Could not obtain a VideoPress upload JWT. Please try again later. (empty upload token)', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 200 | return; |
| 201 | } |
| 202 | |
| 203 | $response['upload_action_url'] = videopress_make_resumable_upload_path( $video_blog_id ); |
| 204 | |
| 205 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 206 | wp_send_json_success( $response, null, JSON_UNESCAPED_SLASHES ); |
| 207 | } |
| 208 | |
| 209 | /** |
| 210 | * Ajax method that is used by the VideoPress uploader to get a token to upload a file to the wpcom api. |
| 211 | * |
| 212 | * @return void |
| 213 | */ |
| 214 | public function wp_ajax_videopress_get_upload_token() { |
| 215 | if ( ! current_user_can( 'upload_files' ) ) { |
| 216 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 217 | wp_send_json_error( array( 'message' => __( 'You do not have permission to upload files.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 218 | return; |
| 219 | } |
| 220 | |
| 221 | $video_blog_id = $this->get_videopress_blog_id(); |
| 222 | |
| 223 | $args = array( |
| 224 | 'method' => 'POST', |
| 225 | ); |
| 226 | |
| 227 | $endpoint = "sites/{$video_blog_id}/media/token"; |
| 228 | $result = Client::wpcom_json_api_request_as_blog( $endpoint, Client::WPCOM_JSON_API_VERSION, $args ); |
| 229 | |
| 230 | if ( is_wp_error( $result ) ) { |
| 231 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 232 | wp_send_json_error( array( 'message' => __( 'Could not obtain a VideoPress upload token. Please try again later.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 233 | return; |
| 234 | } |
| 235 | |
| 236 | $response = json_decode( $result['body'], true ); |
| 237 | |
| 238 | if ( empty( $response['upload_token'] ) ) { |
| 239 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 240 | wp_send_json_error( array( 'message' => __( 'Could not obtain a VideoPress upload token. Please try again later.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 241 | return; |
| 242 | } |
| 243 | |
| 244 | $response['upload_action_url'] = videopress_make_media_upload_path( $video_blog_id ); |
| 245 | |
| 246 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 247 | wp_send_json_success( $response, null, JSON_UNESCAPED_SLASHES ); |
| 248 | } |
| 249 | |
| 250 | /** |
| 251 | * Ajax action to update the video transcoding status from the WPCOM API. |
| 252 | * |
| 253 | * @return void |
| 254 | */ |
| 255 | public function wp_ajax_update_transcoding_status() { |
| 256 | if ( ! isset( $_POST['post_id'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Informational AJAX response. |
| 257 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 258 | wp_send_json_error( array( 'message' => __( 'A valid post_id is required.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 259 | return; |
| 260 | } |
| 261 | |
| 262 | $post_id = (int) $_POST['post_id']; // phpcs:ignore WordPress.Security.NonceVerification.Missing |
| 263 | |
| 264 | if ( ! videopress_update_meta_data( $post_id ) ) { |
| 265 | // @phan-suppress-next-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 266 | wp_send_json_error( array( 'message' => __( 'That post does not have a VideoPress video associated to it.', 'jetpack-videopress-pkg' ) ), null, JSON_UNESCAPED_SLASHES ); |
| 267 | return; |
| 268 | } |
| 269 | |
| 270 | wp_send_json_success( |
| 271 | array( |
| 272 | 'message' => __( 'Status updated', 'jetpack-videopress-pkg' ), |
| 273 | 'status' => videopress_get_transcoding_status( $post_id ), |
| 274 | ), |
| 275 | null, // @phan-suppress-current-line PhanTypeMismatchArgumentProbablyReal -- It takes null, but its phpdoc only says int. |
| 276 | JSON_UNESCAPED_SLASHES |
| 277 | ); |
| 278 | } |
| 279 | |
| 280 | /** |
| 281 | * Returns the proper blog id depending on Jetpack or WP.com |
| 282 | * |
| 283 | * @return int the blog id |
| 284 | */ |
| 285 | public function get_videopress_blog_id() { |
| 286 | if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) { |
| 287 | return get_current_blog_id(); |
| 288 | } |
| 289 | |
| 290 | $options = Options::get_options(); |
| 291 | return $options['shadow_blog_id']; |
| 292 | } |
| 293 | } |