update auth api

Author: kilbot

includes/API/Auth.php

@@ -10,193 +10,100 @@
 
 namespace WCPOS\WooCommercePOS\API;
 
-use WP_Error;
+use const WCPOS\WooCommercePOS\SHORT_NAME;
+use WP_REST_Controller;
 use WP_REST_Request;
 use WP_REST_Response;
 use WP_REST_Server;
-use WP_REST_Controller;
-use WCPOS\WooCommercePOS\Services\Auth as AuthService;
-use const WCPOS\WooCommercePOS\SHORT_NAME;
 
-/**
- *
- */
 class Auth extends WP_REST_Controller {
-		/**
-		 * Endpoint namespace.
-		 *
-		 * @var string
-		 */
+	/**
+	 * Endpoint namespace.
+	 *
+	 * @var string
+	 */
 	protected $namespace = SHORT_NAME . '/v1';
 
 	/**
 	 * Route base.
 	 *
 	 * @var string
 	 */
-	protected $rest_base = 'jwt';
+	protected $rest_base = 'auth';
 
 	/**
 	 * Stores constructor.
 	 */
 	public function __construct() {
 	}
 
-	/**
-	 *
-	 */
 	public function register_routes(): void {
-		// Generate JWT token
+		// Test authorization method support (public endpoint)
 		register_rest_route(
 			$this->namespace,
-			'/' . $this->rest_base . '/authorize',
+			'/' . $this->rest_base . '/test',
 			array(
 				'methods'             => WP_REST_Server::READABLE,
-				'callback'            => array( $this, 'generate_token' ),
-				'permission_callback' => function ( WP_REST_Request $request ) {
-					// special case for user=demo param
-					if ( $request->get_param( 'user' ) === 'demo' ) {
-						return true;
-					}
-
-					$authorization = $request->get_header( 'authorization' );
-
-					return ! is_null( $authorization );
-				},
-			)
-		);
-
-		// Validate JWT token
-		register_rest_route(
-			$this->namespace,
-			'/' . $this->rest_base . '/validate',
-			array(
-				'methods'             => WP_REST_Server::CREATABLE,
-				'callback'            => array( $this, 'validate_token' ),
-				'permission_callback' => '__return_true',
-				'args'                => array(
-					'jwt' => array(
-						'description' => __( 'JWT token.', 'woocommerce-pos' ),
-						'type'        => 'string',
-					),
-				),
-			)
-		);
-
-		// Refresh JWT token
-		register_rest_route(
-			$this->namespace,
-			'/' . $this->rest_base . '/refresh',
-			array(
-				'methods'             => WP_REST_Server::CREATABLE,
-				'callback'            => array( $this, 'refresh_token' ),
-				'permission_callback' => '__return_true',
-				'args'                => array(
-					'jwt' => array(
-						'description' => __( 'JWT token.', 'woocommerce-pos' ),
-						'type'        => 'string',
-					),
-				),
-			)
-		);
-
-		// Revoke JWT token
-		register_rest_route(
-			$this->namespace,
-			'/' . $this->rest_base . '/revoke',
-			array(
-				'methods'             => WP_REST_Server::CREATABLE,
-				'callback'            => array( $this, 'revoke_token' ),
-				'permission_callback' => '__return_true',
-				'args'                => array(
-					'jwt' => array(
-						'description' => __( 'JWT token.', 'woocommerce-pos' ),
-						'type'        => 'string',
-					),
-				),
+				'callback'            => array( $this, 'test_authorization' ),
+				'permission_callback' => '__return_true', // Public endpoint - no authentication required
 			)
 		);
 	}
 
 
 	/**
-	 * Get the user and password in the request body and generate a JWT.
+	 * Test authorization method endpoint.
 	 *
-	 * @NOTE - not allowing REST Auth at the moment
+	 * This public endpoint tests whether the server supports Authorization headers
+	 * or requires query parameters for authorization. This is important because
+	 * some servers block Authorization headers for security reasons.
 	 *
-	 * @param WP_REST_Request $request
-	 * @return WP_Error|WP_REST_Response
+	 * @param WP_REST_Request $request The REST request object.
+	 *
+	 * @return WP_REST_Response
 	 */
-	public function generate_token( WP_REST_Request $request ) {
-		$token                     = str_replace( 'Basic ', '', $request->get_header( 'authorization' ) );
-		$decoded                   = base64_decode( $token, true );
-		list($username, $password) = explode( ':', $decoded );
-
-		/** Try to authenticate the user with the passed credentials*/
-		$user = wp_authenticate( $username, $password );
-
-		// If the authentication fails return an error
-		if ( is_wp_error( $user ) ) {
-			$error_code = $user->get_error_code();
-
-			$user_data = new WP_Error(
-				'woocommerce_pos_' . $error_code,
-				$user->get_error_message( $error_code ),
-				array(
-					'status' => 403,
-				)
-			);
-		} else {
-			$auth_service = AuthService::instance();
-			$user_data = $auth_service->get_user_data( $user );
-			$stores = array_map(
-				function ( $store ) {
-					return $store->get_data();
-				},
-				wcpos_get_stores()
-			);
-			$user_data['stores'] = $stores;
+	public function test_authorization( WP_REST_Request $request ): WP_REST_Response {
+		// Check for Authorization header
+		$header_auth     = $request->get_header( 'authorization' );
+		$has_header_auth = ! empty( $header_auth );
+
+		// Check for authorization query parameter
+		$param_auth     = $request->get_param( 'authorization' );
+		$has_param_auth = ! empty( $param_auth );
+
+		// Only return success if we received authorization via at least one method
+		if ( ! $has_header_auth && ! $has_param_auth ) {
+			return rest_ensure_response( array(
+				'status'  => 'error',
+				'message' => 'No authorization token detected',
+			) );
 		}
 
-		/**
-		 * Let the user modify the data before sending it back
-		 *
-		 * @param {object} $data
-		 * @param {WP_User} $user
-		 *
-		 * @returns {object} Response data
-		 *
-		 * @since 1.0.0
-		 *
-		 * @hook woocommerce_pos_jwt_auth_token_before_dispatch
-		 */
-		$user_data = apply_filters( 'woocommerce_pos_jwt_auth_token_before_dispatch', $user_data, $user );
-
-		return rest_ensure_response( $user_data );
-	}
+		$response_data = array(
+			'status'     => 'success',
+			'message'    => 'Authorization token detected successfully',
+		);
 
-	/**
-	 * Validate JWT Token.
-	 *
-	 * @param WP_REST_Request $request
-	 * @return WP_REST_Response
-	 */
-	public function validate_token( WP_REST_Request $request ): WP_REST_Response {
-		$token = $request->get_param( 'jwt' );
-		$auth_service = AuthService::instance();
-		$result = $auth_service->validate_token( $token );
-		return rest_ensure_response( $result );
-	}
+		// Add authorization details
+		$response_data['received_header_auth'] = $has_header_auth;
+		if ( $has_header_auth ) {
+			$response_data['header_value'] = $header_auth;
+		}
 
-	/**
-	 * Refresh JWT Token.
-	 */
-	public function refresh_token(): void {
-	}
+		$response_data['received_param_auth'] = $has_param_auth;
+		if ( $has_param_auth ) {
+			$response_data['param_value'] = $param_auth;
+		}
 
-	/**
-	 * Revoke JWT Token.
-	 */
-	public function revoke_token(): void {
+		// Indicate which method was used
+		if ( $has_header_auth && $has_param_auth ) {
+			$response_data['auth_method'] = 'both';
+		} elseif ( $has_header_auth ) {
+			$response_data['auth_method'] = 'header';
+		} else {
+			$response_data['auth_method'] = 'param';
+		}
+
+		return rest_ensure_response( $response_data );
 	}
 }

includes/Templates/Frontend.php

@@ -8,6 +8,7 @@
 namespace WCPOS\WooCommercePOS\Templates;
 
 use Ramsey\Uuid\Uuid;
+use WCPOS\WooCommercePOS\Admin\Permalink;
 use const WCPOS\WooCommercePOS\PLUGIN_URL;
 use WCPOS\WooCommercePOS\Services\Auth;
 use const WCPOS\WooCommercePOS\SHORT_NAME;
@@ -83,11 +84,14 @@ public function head(): void {
 	 * Output the footer scripts.
 	 */
 	public function footer(): void {
-		$development    = isset( $_ENV['DEVELOPMENT'] ) && $_ENV['DEVELOPMENT'];
-		$user           = wp_get_current_user();
-		$github_url     = 'https://cdn.jsdelivr.net/gh/wcpos/web-bundle@1.8/';
-		$auth_service   = Auth::instance();
-		$stores         = array_map(
+		$development          = isset( $_ENV['DEVELOPMENT'] ) && $_ENV['DEVELOPMENT'];
+		$user                 = wp_get_current_user();
+		$cdn_base_url         = $development ? 'http://localhost:4567/build/' : 'https://cdn.jsdelivr.net/gh/wcpos/web-bundle@1.8/build/';
+		$wcpos_permalink_slug = Permalink::get_slug();
+		$wcpos_permalink_slug = empty( $wcpos_permalink_slug ) ? 'pos' : $wcpos_permalink_slug;
+		$wcpos_permalink_slug = '/' . ltrim( $wcpos_permalink_slug, '/' );
+		$auth_service         = Auth::instance();
+		$stores               = array_map(
 			function ( $store ) {
 				return $store->get_data();
 			},
@@ -108,7 +112,7 @@ function ( $store ) {
 
 		$vars = array(
 			'version'        => VERSION,
-			'manifest'       => $github_url . 'metadata.json',
+			'manifest'       => $cdn_base_url . 'metadata.json',
 			'homepage'       => woocommerce_pos_url(),
 			'logout_url'     => $this->pos_logout_url(),
 			'site'           => array(
@@ -145,7 +149,6 @@ function ( $store ) {
 		 */
 		$vars          = apply_filters( 'woocommerce_pos_inline_vars', $vars );
 		$initial_props = wp_json_encode( $vars );
-		$dev_bundle    = site_url( '/entry.bundle?platform=web&dev=true&hot=false&transform.routerRoot=app' );
 
 		/**
 		 * Add path to worker scripts.
@@ -183,53 +186,43 @@ function loadCSS(source, callback) {
 
     var idbWorker = '{$idbWorker}';
     var initialProps = {$initial_props};
+    var cdnBaseUrl = '{$cdn_base_url}';
+	var baseUrl = '{$wcpos_permalink_slug}';
     </script>" . "\n";
-
-		// The actual app bundle
-		if ( $development ) {
-			// Development Mode
-			echo "<script>
-			getScript('{$dev_bundle}', function() {
-					console.log('Development JavaScript bundle loaded');
-			});
-			</script>" . "\n";
-		} else {
-			// Production Mode
-			echo "<script>
-			var request = new Request(initialProps.manifest);
-
-			window.fetch(request)
-					.then(function(response) { return response.json(); })
-					.then(function(data) {
-							var baseUrl = '{$github_url}';
-							var bundle = data.fileMetadata.web.bundle;
-							var bundleUrl = baseUrl + bundle;
-
-							// Check if CSS file is specified in the manifest
-							if (data.fileMetadata.web.css) {
-									var cssFile = data.fileMetadata.web.css;
-									var cssUrl = baseUrl + cssFile;
-
-									// Load CSS first
-									loadCSS(cssUrl, function() {
-											console.log('CSS loaded');
-											// Load JavaScript after CSS is loaded
-											getScript(bundleUrl, function() {
-													console.log('JavaScript bundle loaded');
-											});
-									});
-							} else {
-									// If no CSS file, load JavaScript immediately
-									getScript(bundleUrl, function() {
-											console.log('JavaScript bundle loaded');
-									});
-							}
-					})
-					.catch(function(error) {
-							console.error('Error fetching manifest:', error);
-					});
-			</script>" . "\n";
-		}
+		
+		echo "<script>
+		var request = new Request(initialProps.manifest);
+
+		window.fetch(request)
+				.then(function(response) { return response.json(); })
+				.then(function(data) {
+						var bundle = data.fileMetadata.web.bundle;
+						var bundleUrl = cdnBaseUrl + bundle;
+
+						// Check if CSS file is specified in the manifest
+						if (data.fileMetadata.web.css) {
+								var cssFile = data.fileMetadata.web.css;
+								var cssUrl = cdnBaseUrl + cssFile;
+
+								// Load CSS first
+								loadCSS(cssUrl, function() {
+										console.log('CSS loaded');
+										// Load JavaScript after CSS is loaded
+										getScript(bundleUrl, function() {
+												console.log('JavaScript bundle loaded');
+										});
+								});
+						} else {
+								// If no CSS file, load JavaScript immediately
+								getScript(bundleUrl, function() {
+										console.log('JavaScript bundle loaded');
+								});
+						}
+				})
+				.catch(function(error) {
+						console.error('Error fetching manifest:', error);
+				});
+		</script>" . "\n";
 	}
 
 	private function pos_logout_url() {