관리-도구

편집 파일: class-fontawesome-api-settings.php

<?php
/**
 * This module is not considered part of the public API, only internal.
 */
namespace FortAwesome;

require_once trailingslashit( FONTAWESOME_DIR_PATH ) . 'includes/class-fontawesome-exception.php';

use \WP_Error, \InvalidArgumentException;

/**
 * Provides read/write access to the Font Awesome API settings.
 */
class FontAwesome_API_Settings {
	/**
	 * Name of the option used to store API settings.
	 *
	 * @since 4.0.0
	 * @ignore
	 */
	const OPTIONS_KEY = 'font-awesome-api-settings';

/**
	 * Current access token.
	 *
	 * @internal
	 * @ignore
	 */
	protected $access_token = null;

/**
	 * Expiration time for current access token.
	 *
	 * @internal
	 * @ignore
	 */
	protected $access_token_expiration_time = null;

/**
	 * Current API token.
	 *
	 * @internal
	 * @ignore
	 */
	protected $api_token = null;

/**
	 * Singleton instance.
	 *
	 * @internal
	 * @ignore
	 */
	protected static $instance = null;

/**
	 * Encryption method.
	 *
	 * @internal
	 * @ignore
	 */
	protected $encryption_method = null;

/**
	 * Encryption cipher length.
	 *
	 * @internal
	 * @ignore
	 */
	protected $encryption_cipher_length = null;

/**
	 * Encryption key.
	 *
	 * @internal
	 * @ignore
	 */
	protected $encryption_key = null;

/**
	 * Encryption salt.
	 *
	 * @internal
	 * @ignore
	 */
	protected $encryption_salt = null;

/**
	 * Preferred encryption method.
	 *
	 * @internal
	 * @ignore
	 */
	const PREFERRED_ENCRYPTION_METHOD = 'aes-256-ctr';

/**
	 * Returns the FontAwesome_API_Settings singleton instance.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @return FontAwesome_API_Settings
	 */
	public static function instance() {
		if ( is_null( self::$instance ) ) {
			self::$instance = new self();
		}
		return self::$instance;
	}

/**
	 * Resets the singleton instance referenced by this class and returns that new instance.
	 * All previous releases metadata held in the previous instance will be abandoned.
	 *
	 * @return FontAwesome_API_Settings
	 */
	public static function reset() {
		self::$instance = null;
		return self::instance();
	}

/**
	 * Private constructor.
	 *
	 * @ignore
	 */
	private function __construct() {
		$this->initialize();
	}

/**
	 * Initialize and instance
	 *
	 * Internal use only.
	 *
	 * @internal
	 * @ignore
	 */
	public function initialize() {
		$this->prepare_encryption();

$option = $this->get_option();

if (
			! is_array( $option ) ||
			! isset( $option['api_token'] ) ||
			! array_key_exists( 'access_token', $option ) ||
			! array_key_exists( 'access_token_expiration_time', $option )
		) {
			return;
		}

$this->api_token = is_string( $option['api_token'] )
			? $this->decrypt( $option['api_token'] )
			: null;

$this->access_token = is_string( $option['access_token'] )
			? $this->decrypt( $option['access_token'] )
			: null;

$this->access_token_expiration_time = is_numeric( $option['access_token_expiration_time'] )
			? $option['access_token_expiration_time']
			: null;
	}

/**
	 * Writes current config.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 * @return bool whether write succeeded or needs no update
	 */
	public function write() {
		$new_api_token = is_string( $this->api_token() )
			? $this->encrypt( $this->api_token() )
			: null;

$new_access_token = is_string( $this->access_token() )
			? $this->encrypt( $this->access_token() )
			: null;

$new_access_token_expiration_time = is_numeric( $this->access_token_expiration_time() )
			? $this->access_token_expiration_time()
			: null;

$new_option_value = array(
			'api_token'                    => $new_api_token,
			'access_token'                 => $new_access_token,
			'access_token_expiration_time' => $new_access_token_expiration_time,
		);

$old_option_value = $this->get_option();

if (
			is_array( $old_option_value ) &&
			array_key_exists( 'api_token', $old_option_value ) &&
			$old_option_value['api_token'] === $new_option_value['api_token'] &&
			array_key_exists( 'access_token', $old_option_value ) &&
			$old_option_value['access_token'] === $new_option_value['access_token'] &&
			array_key_exists( 'access_token_expiration_time', $old_option_value ) &&
			$old_option_value['access_token_expiration_time'] === $new_option_value['access_token_expiration_time']
		) {
			// They are already equivalent, so we don't need to write again.
			return true;
		}

if ( file_exists( trailingslashit( ABSPATH ) . 'font-awesome-api.ini' ) ) {
			/**
			 * Remove the old API settings file if it exists.
			 * Anything previously stored in it will be obsolete.
			 */
			@unlink( trailingslashit( ABSPATH ) . 'font-awesome-api.ini' );
		}

return $this->update_option( $new_option_value );
	}

/**
	 * Removes current API Token and related settings, setting them all to null,
	 * and deletes the option store.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @internal
	 * @ignore
	 */
	public function remove() {
		delete_option( self::OPTIONS_KEY );
		self::reset();
	}

/**
	 * Returns the current API Token.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 */
	public function api_token() {
		return $this->api_token;
	}

/**
	 * Sets the API Token.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 */
	public function set_api_token( $api_token ) {
		$this->api_token = $api_token;
	}

/**
	 * Returns the current access token.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 */
	public function access_token() {
		return $this->access_token;
	}

/**
	 * Sets the current access_token.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 */
	public function set_access_token( $access_token ) {
		$this->access_token = $access_token;
	}

/**
	 * Sets the current access_token_expiration_time.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @param int $access_token_expiration_time time in unix epoch seconds as non-zero integer value
	 * @throws InvalidArgumentException if the given param is zero or cannot be cast as an integer
	 */
	public function set_access_token_expiration_time( $access_token_expiration_time ) {
		$int_val = intval( $access_token_expiration_time );

if ( 0 !== $int_val ) {
			$this->access_token_expiration_time = $access_token_expiration_time;
		} else {
			throw new InvalidArgumentException();
		}
	}

/**
	 * Returns the expiration time for the current access token.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 */
	public function access_token_expiration_time() {
		return $this->access_token_expiration_time;
	}

/**
	 * Requests an access_token with the current api_token. Stores the result
	 * upon successfully retrieving an access token.
	 *
	 * Internal use only. Not part of this plugin's API.
	 *
	 * @ignore
	 * @internal
	 * @throws ApiTokenMissingException
	 * @throws ApiTokenEndpointRequestException
	 * @throws ApiTokenEndpointResponseException
	 * @throws ApiTokenInvalidException
	 * @throws AccessTokenStorageException
	 * @return void
	 */
	public function request_access_token() {
		if ( ! is_string( $this->api_token() ) ) {
			throw new ApiTokenMissingException();
		}

$response = $this->post(
			array(
				'body'    => '',
				'headers' => array(
					'authorization' => 'Bearer ' . $this->api_token(),
				),
			)
		);

if ( is_wp_error( $response ) ) {
			throw ApiTokenEndpointRequestException::with_wp_error( add_failed_request_diagnostics( $response ) );
		}

if ( 200 !== $response['response']['code'] ) {
			throw ApiTokenInvalidException::with_wp_response( $response );
		}

$body = json_decode( $response['body'], true );

if (
			! isset( $body['access_token'] ) ||
			! is_string( $body['access_token'] ) ||
			! isset( $body['expires_in'] ) ||
			! is_int( $body['expires_in'] )
		) {
			throw ApiTokenEndpointResponseException::with_wp_response( $response );
		}

$this->set_access_token( $body['access_token'] );

try {
			$this->set_access_token_expiration_time( $body['expires_in'] + time() );
		} catch ( InvalidArgumentException $e ) {
			throw ApiTokenEndpointResponseException::with_wp_response( $response );
		}

$result = $this->write();

if ( ! boolval( $result ) ) {
			throw new AccessTokenStorageException();
		} else {
			return true;
		}
	}

/**
	 * Determines encryption method, key, salt, and cipher iv length if
	 * the openssl extension is available.
	 *
	 * Internal use only.
	 *
	 * @internal
	 * @ignore
	 */
	public function prepare_encryption() {
		if ( ! extension_loaded( 'openssl' ) ) {
			return;
		}

$methods = openssl_get_cipher_methods();
		$method  = null;

if ( array_search( self::PREFERRED_ENCRYPTION_METHOD, $methods, true ) ) {
			$method = self::PREFERRED_ENCRYPTION_METHOD;
		} elseif ( is_array( $methods ) && count( $methods ) > 0 ) {
			// Take the first available method as a fallback.
			$method = $methods[0];
		}

if (
			$method &&
			defined( 'LOGGED_IN_SALT' ) &&
			is_string( LOGGED_IN_SALT ) &&
			defined( 'LOGGED_IN_KEY' ) &&
			is_string( LOGGED_IN_KEY )
		) {
			$this->encryption_method        = $method;
			$this->encryption_cipher_length = openssl_cipher_iv_length( $method );
			$this->encryption_key           = LOGGED_IN_KEY;
			$this->encryption_salt          = LOGGED_IN_SALT;
		}
	}

/**
	 * Encrypts and returns data.
	 *
	 * Internal use only.
	 *
	 * This method is patterned after the Data_Encryption::encrypt() method
	 * in the Site Kit by Google plugin, version 1.4.0, licensed under Apache v2.0.
	 * https://www.apache.org/licenses/LICENSE-2.0
	 *
	 * @ignore
	 * @internal
	 */
	public function encrypt( $data ) {
		if ( ! $this->encryption_key ) {
			return $data;
		}

$init_vec = openssl_random_pseudo_bytes( $this->encryption_cipher_length );

$raw = openssl_encrypt(
			$data . $this->encryption_salt,
			$this->encryption_method,
			$this->encryption_key,
			0,
			$init_vec
		);

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
		return base64_encode( $init_vec . $raw );
	}

/**
	 * Decrypts and returns data.
	 *
	 * Internal use only.
	 *
	 * This method is patterned after the Data_Encryption::decrypt() method
	 * in the Site Kit by Google plugin, version 1.4.0, licensed under Apache v2.0.
	 * https://www.apache.org/licenses/LICENSE-2.0
	 *
	 * @ignore
	 * @internal
	 */
	public function decrypt( $data ) {
		if ( ! $this->encryption_method ) {
			return $data;
		}

// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_decode
		$raw = base64_decode( $data, true );

$init_vec = substr( $raw, 0, $this->encryption_cipher_length );

$raw = substr( $raw, $this->encryption_cipher_length );

$result = openssl_decrypt(
			$raw,
			$this->encryption_method,
			$this->encryption_key,
			0,
			$init_vec
		);

if (
			! $result ||
			substr( $result, - strlen( $this->encryption_salt ) ) !== $this->encryption_salt
		) {
			return null;
		}

return substr( $result, 0, - strlen( $this->encryption_salt ) );
	}

/**
	 * Wrapper for wp_remote_post(). Mostly to make it easier to mock the network
	 * request with a subclass.
	 *
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 * @return WP_Error | array just like wp_remote_post()
	 */
	protected function post( $args ) {
		return wp_remote_post( FONTAWESOME_API_URL . '/token', $args );
	}

/**
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 */
	public function get_option() {
		return get_option( self::OPTIONS_KEY );
	}

/**
	 * Internal use only. Not part of this plugin's public API.
	 *
	 * @ignore
	 * @internal
	 */
	public function update_option( $new_option_value ) {
		return update_option(
			self::OPTIONS_KEY,
			$new_option_value
		);
	}
}

/**
 * Convenience global function to get a singleton instance of the API Settings.
 *
 * Internal use only. Not part of this plugin's public API.
 *
 * @return FontAwesome_API_Settings
 */
function fa_api_settings() {
	return FontAwesome_API_Settings::instance();
}