cloudflare/Cloudflare-WordPress
Publicmirrored fromhttps://github.com/cloudflare/Cloudflare-WordPress
proxy.php
61lines · modecode
9 years ago
| 1 | <?php |
| 2 | |
| 3 | require_once 'vendor/autoload.php'; |
| 4 | |
| 5 | // include wp-load.php, directs logs to debug.log |
| 6 | $parse_uri = explode('wp-content', $_SERVER['SCRIPT_FILENAME']); |
| 7 | require_once $parse_uri[0].'wp-load.php'; |
| 8 | |
| 9 | header('Content-Type: application/json'); |
| 10 | |
| 11 | $config = new CF\Integration\DefaultConfig(file_get_contents('config.js')); |
| 12 | $logger = new CF\Integration\DefaultLogger($config->getValue('debug')); |
| 13 | $dataStore = new CF\WordPress\DataStore($logger); |
| 14 | $wordpressAPI = new CF\WordPress\WordPressAPI($dataStore); |
| 15 | $wordpressIntegration = new CF\Integration\DefaultIntegration($config, $wordpressAPI, $dataStore, $logger); |
| 16 | $clientAPIClient = new CF\API\Client($wordpressIntegration); |
| 17 | $clientAPIClientRoutes = CF\WordPress\ClientRoutes::$routes; |
| 18 | $pluginAPIClient = new CF\API\Plugin($wordpressIntegration); |
| 19 | $pluginAPIPluginRoutes = CF\WordPress\PluginRoutes::$routes; |
| 20 | |
| 21 | $method = $_SERVER['REQUEST_METHOD']; |
| 22 | $parameters = $_GET; |
| 23 | $body = json_decode(file_get_contents('php://input'), true); |
| 24 | $path = (strtoupper($method === 'GET') ? $_GET['proxyURL'] : $body['proxyURL']); |
| 25 | |
| 26 | unset($parameters['proxyURL']); |
| 27 | unset($body['proxyURL']); |
| 28 | $request = new CF\API\Request($method, $path, $parameters, $body); |
| 29 | |
| 30 | //only check CSRF if its not a GET request |
| 31 | // TODO: change $wordpressAPI->getHostAPIKey() to something appropriate |
| 32 | // since it's null |
| 33 | $isCSRFTokenValid = false; |
| 34 | $isCSRFTokenValid = ($request->getMethod() === 'GET') ? true : CF\SecurityUtil::csrfTokenValidate($wordpressAPI->getHostAPIKey(), $wordpressAPI->getUserId(), $request->getBody()['cfCSRFToken']); |
| 35 | unset($body['cfCSRFToken']); |
| 36 | $apiResponse = ''; |
| 37 | $apiRouter = null; |
| 38 | |
| 39 | if (isClientAPI($request->getUrl())) { |
| 40 | $apiRouter = new CF\Router\DefaultRestAPIRouter($wordpressIntegration, $clientAPIClient, $clientAPIClientRoutes); |
| 41 | } else { |
| 42 | $apiRouter = new CF\Router\DefaultRestAPIRouter($wordpressIntegration, $pluginAPIClient, $pluginAPIPluginRoutes); |
| 43 | } |
| 44 | |
| 45 | if ($isCSRFTokenValid) { |
| 46 | $apiResponse = $apiRouter->route($request); |
| 47 | } else { |
| 48 | $apiResponse = $apiRouter->getAPIClient()->createAPIError('CSRF Token not valid.'); |
| 49 | } |
| 50 | |
| 51 | echo json_encode($apiResponse); |
| 52 | |
| 53 | /** |
| 54 | * @param $path |
| 55 | * |
| 56 | * @return bool |
| 57 | */ |
| 58 | function isClientAPI($path) |
| 59 | { |
| 60 | return strpos($path, CF\API\Client::ENDPOINT) !== false; |
| 61 | } |