Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
  • 3.0.2
  • 3.0.1
  • 3.0.0
  • 2.0.1
  • 2.0.0
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.1.14
  • 0.1.13
  • 0.1.12
  • 0.1.11
  • 0.1.10
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
21 results
Compare
Name Last commit Last update
bin
includes
languages
tests
abstracts @ 8d368da5
.distignore
.editorconfig
.gitignore
.gitlab-ci.yml
.gitmodules
.phpcs.xml.dist
.travis.yml
Gruntfile.js
README.md
index.php
package.json
phpunit.xml.dist
wpct-http-bridge.php
README.md

Wpct Http bridge

What's this pluggin for?

This plugin connects WordPress with backends in a bidirectional way. The idea behind the plugin is to allow CRUD (create, read, update, and delete) operations between the two realms.

How does it work?

The plugin implements GET, POST, PUT & DELETE http methods on php to perform requests from WP to any backend. The connection headers are populated with two fields:

  1. API-KEY: <backend-api-key>
  2. Accept-Language: <wp-current-locale>

With this two headers, WP can consume the backend's APIs with localization. The <backend-api-key> is defined on the settings/wpct-http-bridge as an input field. The <wp-current-locale> value is recovered from the Wpct i18n plugin.

The plugin expose the hook 'wpct_http_headers' as a filter to modify the headers array before send the request.

On the other hand, the plugins implements JWT authentication over the WordPress Rest API that allow your backend to perform CRUD operations against WP.

JWT authentication extends the WP user system. This means that the backend should know some login credentials to generate access tokens.

Environment variables

The plugin supports enviroment variable usage as configuration.

  • WPCT_HTTP_AUTH_SECRET: A character string to sign the jwt tokens. Default value is '123456789'.

Wordpress REST API

The WordPress REST API provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON (JavaScript Object Notation) objects. In other words, the REST API allow the same actions user's can perform from worpress administartion page, but automatized. For more information about Wordpress REST API see the official documentation.

Endpoints

The plugin register two new endpoints on the wpct/v1 namespace of the WP REST API.

Get auth JWT

URL: wp-json/wpct/v1/http-bridge/auth

Method: POST

Authentication: No

Response

Code: 200

Content:

{
	"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE1MTYyMzkwMjIsIm5iZiI6MTUxNjIzOTAyMiwiZGF0YSI6eyJ1c2VyX2lkIjoxfX0.2jlFOg305ui0VTqC-RcoQP8kH7uF5DvW5O-FyNAHTDU",
	"user_login": "admin",
	"user_email": "admin@example.coop",
	"display_name": "Admin"
}

Bad request

Condition: Missing login credentials or not valid JSON payload

Code: 400

Content:

{
	"code": "rest_bad_request",
	"message": "Missing login credentials",
	"data": {
		"status": 400
	}
}

Unauthorized

Condition: User credentials are invalid

Code: 403

Content:

{
	"code": "rest_unauthorized",
	"message": "Invalid credentials",
	"data": {
		"status": 403
	}
}

Token validation

URL: wp-json/wpct/v1/http-bridge/validate

Method: GET

Authentication: Bearer authentication

Response

Code: 200

Content:

{
	"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE1MTYyMzkwMjIsIm5iZiI6MTUxNjIzOTAyMiwiZGF0YSI6eyJ1c2VyX2lkIjoxfX0.2jlFOg305ui0VTqC-RcoQP8kH7uF5DvW5O-FyNAHTDU",
	"user_login": "admin",
	"user_email": "admin@example.coop",
	"display_name": "Admin"
}

Unauthorized

Condition: Invalid token

Code: 403

Content:

{
	"code": "rest_unauthorized",
	"message": "Invalid credentials",
	"data": {
		"status": 403
	}
}

Filters

wpct_http_headers

Filter the HTTP headers before each request sent.

Arguments:

  1. array $headers: Assoicative array with header names and values.
  2. string $method: Method of the request.
  3. string $url: URL of the request.
add_filter('wpct_http_headers', function ($headers, $method, $url) {
	return $headers;
}, 10, 3);

wpct_http_validate_response

Filters the login data to be returned on REST API requests to the validate endpoint.

Arguments:

  1. array $login_data: Data to be returned with the auth token and user data.
  2. array $user: WP_User instance of the authenticated user.
add_filter('wpct_http_validate_response', function ($login_data, $user) {
	return $login_data;
}, 10, 2);

wpct_http_auth_response

Filters the login data to be returned on REST API requests to the auth endpoint.

Arguments:

  1. array $login_data: Data to be returned with the auth token and user data.
  2. array $user: WP_User instance of the authenticated user.
add_filter('wpct_http_auth_response', function ($login_data, $user) {
	return $login_data;
}, 10, 2);

wpct_http_auth_expire

Filters the exp claim value of generated JWTs. Default value is time() + 86400, 24 hours from now.

Arguments:

  1. int $exp: PHP timestamp.
  2. int $issuedAt: PHP timestamp.
add_filter('wpct_http_auth_expire', function ($exp, $issuedAt) {
	return $exp;
}, 10, 2);

wpct_http_auth_not_before

Filters the nbf claim value of generated JWTs. Default value is time().

Arguments:

  1. int $nbf: PHP timestamp.
  2. int $issuedAt: PHP timestamp.
add_filter('wpct_http_auth_not_before', function ($nbf, $issuedAt) {
	return $nbf;
}, 10, 2);