From 3035c1816b12933b696996cf6968952c73a49c84 Mon Sep 17 00:00:00 2001 From: Justin Shreve Date: Thu, 31 Oct 2024 13:54:05 -0400 Subject: [PATCH] Remove unusued endpoints, fix up auth and proxing to WP.com. Use ExternalLink for sidebar attribution --- ...wpcom-rest-api-v2-endpoint-tumblr-gifs.php | 113 ++++-------------- .../jetpack/extensions/blocks/gif/controls.js | 6 +- .../jetpack/extensions/blocks/gif/edit.js | 2 +- .../blocks/gif/hooks/use-fetch-tumblr-data.js | 2 +- .../jetpack/extensions/blocks/gif/style.scss | 2 +- 5 files changed, 26 insertions(+), 99 deletions(-) diff --git a/projects/plugins/jetpack/_inc/lib/core-api/wpcom-endpoints/class-wpcom-rest-api-v2-endpoint-tumblr-gifs.php b/projects/plugins/jetpack/_inc/lib/core-api/wpcom-endpoints/class-wpcom-rest-api-v2-endpoint-tumblr-gifs.php index 2c3f39f41be95..2a194c3ecbf70 100644 --- a/projects/plugins/jetpack/_inc/lib/core-api/wpcom-endpoints/class-wpcom-rest-api-v2-endpoint-tumblr-gifs.php +++ b/projects/plugins/jetpack/_inc/lib/core-api/wpcom-endpoints/class-wpcom-rest-api-v2-endpoint-tumblr-gifs.php @@ -25,8 +25,8 @@ public function __construct() { $this->version = 'v2'; $this->namespace = $this->base_api_path . '/' . $this->version; $this->rest_base = '/tumblr-gifs'; - $this->wpcom_is_site_specific_endpoint = false; - $this->wpcom_is_wpcom_only_endpoint = false; + $this->wpcom_is_site_specific_endpoint = true; + $this->wpcom_is_wpcom_only_endpoint = true; $this->is_wpcom = defined( 'IS_WPCOM' ) && IS_WPCOM; add_action( 'rest_api_init', array( $this, 'register_routes' ) ); } @@ -37,28 +37,6 @@ public function __construct() { * @return void */ public function register_routes() { - register_rest_route( - $this->namespace, - $this->rest_base . '/popular', - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_popular_gifs' ), - 'permission_callback' => array( $this, 'check_permissions' ), - 'args' => array( - 'limit' => array( - 'default' => 10, - 'type' => 'integer', - 'validate_callback' => array( $this, 'validate_numeric' ), - ), - 'offset' => array( - 'default' => 0, - 'type' => 'integer', - 'validate_callback' => array( $this, 'validate_numeric' ), - ), - ), - ) - ); - register_rest_route( $this->namespace, $this->rest_base . '/search/(?P.+)', @@ -85,23 +63,6 @@ public function register_routes() { ), ) ); - - register_rest_route( - $this->namespace, - $this->rest_base . '/feedback/(?P.+)', - array( - 'methods' => WP_REST_Server::READABLE, - 'callback' => array( $this, 'get_feedback' ), - 'permission_callback' => array( $this, 'check_permissions' ), - 'args' => array( - 'token' => array( - 'required' => true, - 'type' => 'string', - 'validate_callback' => 'rest_validate_request_arg', - ), - ), - ) - ); } /** @@ -110,46 +71,27 @@ public function register_routes() { * @return bool */ public function check_permissions() { - if ( ! $this->is_wpcom ) { - return current_user_can( 'manage_options' ); - } - - // If we are logged in as a user, we can allow access to the endpoint, as it is a request from a WordPress.com blog - if ( is_user_logged_in() ) { + if ( current_user_can( 'edit_posts' ) ) { return true; } - // If we are not logged in as a user, we need to check if the site is an Atomic site or a Jetpack site - // and has a valid Jetpack blog token. - - if ( ! class_exists( 'WPCOM_REST_API_V2_Endpoint_Jetpack_Auth' ) ) { - require_once dirname( __DIR__ ) . '/rest-api-plugins/endpoints/jetpack-auth.php'; - } - - $jp_auth_endpoint = new WPCOM_REST_API_V2_Endpoint_Jetpack_Auth(); - $jp_auth_endpoint->wpcom_is_site_specific_endpoint = $this->wpcom_is_site_specific_endpoint; - - if ( is_wp_error( $jp_auth_endpoint->is_jetpack_authorized_for_site() ) || ! $jp_auth_endpoint->is_jetpack_authorized_for_site() ) { - return false; - } + // Allow "as blog" requests to wpcom so users without accounts can insert the GIF block in the editor. + if ( $this->is_wpcom && is_jetpack_site( get_current_blog_id() ) ) { + if ( ! class_exists( 'WPCOM_REST_API_V2_Endpoint_Jetpack_Auth' ) ) { + require_once dirname( __DIR__ ) . '/rest-api-plugins/endpoints/jetpack-auth.php'; + } - return true; - } - - /** - * Get popular GIFs from Tumblr. - * - * @param WP_REST_Request $request The request object. - * - * @return WP_REST_Response The response object. - */ - public function get_popular_gifs( $request ) { - if ( ! $this->is_wpcom ) { - return $this->proxy_request_to_wpcom( $request, 'popular' ); + $jp_auth_endpoint = new WPCOM_REST_API_V2_Endpoint_Jetpack_Auth(); + if ( true === $jp_auth_endpoint->is_jetpack_authorized_for_site() ) { + return true; + } } - $response = $this->proxy_tumblr_request( 'gif/popular', $request->get_params() ); - return rest_ensure_response( $response ); + return new WP_Error( + 'rest_cannot_read_gifs', + __( 'Sorry, you are not allowed to access Tumblr GIFs on this site.', 'jetpack' ), + array( 'status' => rest_authorization_required_code() ) + ); } /** @@ -175,23 +117,6 @@ public function search_gifs( $request ) { return rest_ensure_response( $response ); } - /** - * Sends a 'feedback' request to Tumblr for a GIF search. - * - * @param WP_REST_Request $request The request object. - * - * @return WP_REST_Response The response object. - */ - public function get_feedback( $request ) { - if ( ! $this->is_wpcom ) { - return $this->proxy_request_to_wpcom( $request, 'feedback' ); - } - - $token = $request['token']; - $response = $this->proxy_tumblr_request( "gif/feedback/{$token}", $request->get_params() ); - return rest_ensure_response( $response ); - } - /** * Proxy request to Tumblr API. * @@ -235,7 +160,9 @@ public function validate_numeric( $param ) { * @return mixed|WP_Error Response from wpcom servers or an error. */ public function proxy_request_to_wpcom( $request, $path = '' ) { - $path = rawurldecode( $this->rest_base ) . ( $path ? '/' . rawurldecode( $path ) : '' ); + $blog_id = \Jetpack_Options::get_option( 'id' ); + $blog_id = (string) $blog_id; + $path = '/sites/' . rawurldecode( $blog_id ) . rawurldecode( $this->rest_base ) . ( $path ? '/' . rawurldecode( $path ) : '' ); $api_url = add_query_arg( $request->get_query_params(), $path ); $response = Client::wpcom_json_api_request_as_blog( $api_url, 'v2', array(), null, 'wpcom' ); diff --git a/projects/plugins/jetpack/extensions/blocks/gif/controls.js b/projects/plugins/jetpack/extensions/blocks/gif/controls.js index 1ebd1c943e9bb..c55b30bf2a467 100644 --- a/projects/plugins/jetpack/extensions/blocks/gif/controls.js +++ b/projects/plugins/jetpack/extensions/blocks/gif/controls.js @@ -1,5 +1,5 @@ import { InspectorControls } from '@wordpress/block-editor'; -import { PanelBody } from '@wordpress/components'; +import { ExternalLink, PanelBody } from '@wordpress/components'; import { __ } from '@wordpress/i18n'; export default function Controls() { @@ -7,9 +7,9 @@ export default function Controls() {

- + { __( 'Powered by Tumblr', 'jetpack' ) } - +

diff --git a/projects/plugins/jetpack/extensions/blocks/gif/edit.js b/projects/plugins/jetpack/extensions/blocks/gif/edit.js index 201a283159642..e0dd2ca229b86 100644 --- a/projects/plugins/jetpack/extensions/blocks/gif/edit.js +++ b/projects/plugins/jetpack/extensions/blocks/gif/edit.js @@ -64,7 +64,7 @@ function GifEdit( { attributes, setAttributes, isSelected } ) { className="wp-block-jetpack-gif_placeholder" icon={ icon } label={ metadata.title } - instructions={ __( 'Search for a term or paste a Tumblr GIF URL', 'jetpack' ) } + instructions={ __( 'Search for a term and find a GIF', 'jetpack' ) } > { setIsFetching( true ); try { - const jsonResponse = await apiFetch( { path: fetchUrl, global: true } ); + const jsonResponse = await apiFetch( { path: fetchUrl } ); const gifs = jsonResponse.response.gifs || []; setTumblrData( gifs ); diff --git a/projects/plugins/jetpack/extensions/blocks/gif/style.scss b/projects/plugins/jetpack/extensions/blocks/gif/style.scss index 0e0c53f563131..ffc3992426d07 100644 --- a/projects/plugins/jetpack/extensions/blocks/gif/style.scss +++ b/projects/plugins/jetpack/extensions/blocks/gif/style.scss @@ -60,7 +60,7 @@ margin: 0; color: #333; - a { + span, a { color: #333; text-decoration: none; &:hover {