File: /home/britsurf.co.uk/public_html/wp-content/plugins/complianz-gdpr/websitescan/class-wsc-api.php
<?php
defined('ABSPATH') or die("you do not have access to this page!");
if (!class_exists("cmplz_wsc_api")) {
class cmplz_wsc_api
{
private static $_this;
function __construct()
{
if (isset(self::$_this))
wp_die(sprintf('%s is a singleton class and you cannot create a second instance.', get_class($this)));
self::$_this = $this;
add_action('rest_api_init', array($this, 'wsc_scan_enable_webhook_api'));
}
static function this()
{
return self::$_this;
}
/**
* Register the REST API route for the WSC scan.
*
* This function registers a custom REST API route for the WSC scan. The route
* accepts only POST requests and uses the `wsc_scan_callback` method as the
* callback function.
*
* @return void
*/
public function wsc_scan_enable_webhook_api(): void
{
register_rest_route('complianz/v1', 'wsc-scan', array(
'methods' => 'POST', // Accept only POST requests
'callback' => array($this, 'wsc_scan_webhook_callback'),
'permission_callback' => '__return_true',
));
register_rest_route(
'complianz/v1',
'wsc-checks',
array(
'methods' => 'POST', // Accept only POST requests.
'callback' => array( $this, 'wsc_scan_webhook_checks_callback' ),
'permission_callback' => '__return_true',
)
);
}
/**
* Handle the WSC scan webhook checks callback.
*
* This function processes the WSC scan webhook checks callback. It validates the request
* and then processes the scan checks. If the request is invalid, an error is returned.
*
* @param WP_REST_Request $request The REST API request object.
* @return WP_REST_Response|WP_Error The REST API response object or an error object.
*/
public function wsc_scan_webhook_checks_callback( WP_REST_Request $request ) {
$error = self::wsc_scan_validate_request( $request, 'checks' );
$is_valid_request = empty( $error );
if ( ! $is_valid_request ) { // if the array is not empty, contains an error and the request is invalid.
return new WP_Error(
$error['code'],
$error['message'],
array( 'status' => $error['status'] )
);
}
$result = json_decode( $request->get_body() );
COMPLIANZ::$wsc_scanner->wsc_scan_process_checks( $result );
return new WP_REST_Response( 'Checks updated!', 200 );
}
/**
* Process the WSC scan webhook callback.
*
* This function processes the WSC scan webhook callback. It validates the request
* and then processes the scan results. If the request is invalid, an error is returned.
*
* @param WP_REST_Request $request The REST API request object.
* @return WP_REST_Response|WP_Error The REST API response object or an error object.
*/
public function wsc_scan_webhook_callback(WP_REST_Request $request)
{
$error = self::wsc_scan_validate_request( $request,'scan' );
$is_valid_request = empty($error); // if the array is empty, the request is valid
if (!$is_valid_request) { // if the array is not empty, contains an error and the request is invalid
return new WP_Error(
$error['code'],
$error['message'],
array('status' => $error['status'])
);
}
// start the processing of the request
$result = json_decode($request->get_body());
if (!isset($result->data->result->trackers) || !is_array($result->data->result->trackers) || count($result->data->result->trackers) === 0) {
return new WP_REST_Response('No cookies found in the result.', 200);
}
$current_wsc_status = get_option('cmplz_wsc_scan_status');
// if the scan is already completed, exit
if ($current_wsc_status === 'completed') {
return new WP_REST_Response('Scan already completed.', 200);
}
COMPLIANZ::$wsc_scanner->wsc_complete_cookie_scan( $result, true );
return new WP_REST_Response('Cookies updated!', 200);
}
/**
* Validate the WSC scan webhook request.
*
* This function validates the WSC scan webhook request. It checks if the request
* is valid and contains the necessary information to process the scan results.
*
* @param WP_REST_Request $request The REST API request object.
* @return array If the request is invalid an array containing the error details, otherwise an empty array.
*/
public static function wsc_scan_validate_request(WP_REST_Request $request, $type): array
{
// check the body
if (empty($request->get_body())) {
return [
'code' => 'invalid_request',
'message' => 'Request blocked: missing request.',
'status' => 400
];
}
// Get options for permission check
$scan_id = $type === 'scan' ? get_option('cmplz_wsc_scan_id', false) : get_option('cmplz_wsc_checks_scan_id',false);
$scan_created_at = $type === 'scan' ? get_option('cmplz_wsc_scan_createdAt', false) : get_option('cmplz_wsc_checks_scan_createdAt',false);
// Check if there is an active scan
if (!$scan_id || !$scan_created_at) {
return [
'code' => 'invalid_wsc_scan',
'message' => 'No active scan found.',
'status' => 400
];
}
// Check the user agent
$user_agent = $request->get_header('User-Agent');
if (strpos($user_agent, 'radar') === false) {
return [
'code' => 'invalid_user_agent',
'message' => 'Request blocked: unauthorized User-Agent.',
'status' => 400
];
}
// Verify scan status event in the request body
$data = json_decode($request->get_body());
if (!isset($data->event) || $data->event !== 'scan-completed') {
return [
'code' => 'invalid_event',
'message' => 'Request blocked: missing or invalid scan status.',
'status' => 400
];
}
// Return the errors array if any errors are found, or an empty array if all checks pass
return [];
}
}
}