@wp-typia/project-tools 0.11.1

package/templates/_shared/workspace/persistence-auth/server.php.mustache

@@ -0,0 +1,237 @@
+<?php
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+require_once __DIR__ . '/inc/rest-shared.php';
+require_once __DIR__ . '/inc/rest-auth.php';
+
+function {{phpPrefix}}_get_rest_build_dir() {
+	return dirname( __DIR__, 3 ) . '/build/blocks/{{slugKebabCase}}';
+}
+
+function {{phpPrefix}}_get_counter_table_name() {
+	global $wpdb;
+	return $wpdb->prefix . '{{phpPrefix}}_counters';
+}
+
+function {{phpPrefix}}_get_counter_lock_name( $post_id, $resource_key ) {
+	return 'wpt_pcl_' . md5(
+		'{{phpPrefix}}|' . (int) $post_id . '|' . (string) $resource_key
+	);
+}
+
+function {{phpPrefix}}_with_counter_lock( $post_id, $resource_key, $callback ) {
+	global $wpdb;
+
+	$lock_name = {{phpPrefix}}_get_counter_lock_name( $post_id, $resource_key );
+	$acquired  = (int) $wpdb->get_var(
+		$wpdb->prepare(
+			'SELECT GET_LOCK(%s, 5)',
+			$lock_name
+		)
+	);
+
+	if ( 1 !== $acquired ) {
+		return new WP_Error( 'counter_lock_timeout', 'Could not acquire the counter lock.', array( 'status' => 503 ) );
+	}
+
+	try {
+		return $callback();
+	} finally {
+		$wpdb->get_var(
+			$wpdb->prepare(
+				'SELECT RELEASE_LOCK(%s)',
+				$lock_name
+			)
+		);
+	}
+}
+
+function {{phpPrefix}}_maybe_install_storage() {
+	if ( 'custom-table' !== '{{dataStorageMode}}' ) {
+		return;
+	}
+
+	global $wpdb;
+	require_once ABSPATH . 'wp-admin/includes/upgrade.php';
+
+	$table_name      = {{phpPrefix}}_get_counter_table_name();
+	$charset_collate = $wpdb->get_charset_collate();
+	$sql             = "CREATE TABLE {$table_name} (
+		post_id bigint(20) unsigned NOT NULL,
+		resource_key varchar(100) NOT NULL,
+		count bigint(20) unsigned NOT NULL DEFAULT 0,
+		updated_at datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+		PRIMARY KEY  (post_id, resource_key)
+	) {$charset_collate};";
+
+	dbDelta( $sql );
+	$table_exists = $wpdb->get_var(
+		$wpdb->prepare(
+			'SHOW TABLES LIKE %s',
+			$table_name
+		)
+	);
+
+	if ( $table_name === $table_exists ) {
+		update_option( '{{phpPrefix}}_storage_version', '1.0.0' );
+	}
+}
+
+function {{phpPrefix}}_ensure_storage_installed() {
+	if ( 'custom-table' === '{{dataStorageMode}}' && '1.0.0' !== get_option( '{{phpPrefix}}_storage_version', '' ) ) {
+		{{phpPrefix}}_maybe_install_storage();
+	}
+}
+
+function {{phpPrefix}}_get_counter( $post_id, $resource_key ) {
+	global $wpdb;
+
+	if ( 'custom-table' === '{{dataStorageMode}}' ) {
+		$table_name = {{phpPrefix}}_get_counter_table_name();
+		$count      = $wpdb->get_var(
+			$wpdb->prepare(
+				// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Table name comes from an internal helper.
+				"SELECT count FROM {$table_name} WHERE post_id = %d AND resource_key = %s",
+				$post_id,
+				$resource_key
+			)
+		);
+
+		return null === $count ? 0 : (int) $count;
+	}
+
+	$meta_key = '_' . '{{phpPrefix}}' . '_counter_' . sanitize_key( $resource_key );
+	return (int) get_post_meta( $post_id, $meta_key, true );
+}
+
+function {{phpPrefix}}_increment_counter( $post_id, $resource_key, $delta ) {
+	global $wpdb;
+
+	if ( 'custom-table' === '{{dataStorageMode}}' ) {
+		$table_name    = {{phpPrefix}}_get_counter_table_name();
+		$delta_value   = (int) $delta;
+		$initial_count = max( 0, $delta_value );
+		$result        = $wpdb->query(
+			$wpdb->prepare(
+				// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Table name comes from an internal helper.
+				"INSERT INTO {$table_name} (post_id, resource_key, count, updated_at)
+				VALUES (%d, %s, %d, %s)
+				ON DUPLICATE KEY UPDATE
+					count = GREATEST(0, count + %d),
+					updated_at = VALUES(updated_at)",
+				$post_id,
+				$resource_key,
+				$initial_count,
+				current_time( 'mysql', true ),
+				$delta_value
+			)
+		);
+
+		if ( false === $result ) {
+			return new WP_Error( 'counter_update_failed', 'Failed to update the counter.', array( 'status' => 500 ) );
+		}
+
+		return {{phpPrefix}}_get_counter( $post_id, $resource_key );
+	}
+
+	return {{phpPrefix}}_with_counter_lock(
+		$post_id,
+		$resource_key,
+		function () use ( $delta, $post_id, $resource_key ) {
+			$meta_key   = '_' . '{{phpPrefix}}' . '_counter_' . sanitize_key( $resource_key );
+			$next_count = max( 0, {{phpPrefix}}_get_counter( $post_id, $resource_key ) + (int) $delta );
+			update_post_meta( $post_id, $meta_key, $next_count );
+			return $next_count;
+		}
+	);
+}
+
+function {{phpPrefix}}_build_state_response( $post_id, $resource_key, $count ) {
+	return array(
+		'postId'      => (int) $post_id,
+		'resourceKey' => (string) $resource_key,
+		'count'       => (int) $count,
+		'storage'     => '{{dataStorageMode}}',
+	);
+}
+
+function {{phpPrefix}}_handle_get_state( WP_REST_Request $request ) {
+	$payload = {{phpPrefix}}_validate_and_sanitize_request(
+		array(
+			'postId'      => $request->get_param( 'postId' ),
+			'resourceKey' => $request->get_param( 'resourceKey' ),
+		),
+		{{phpPrefix}}_get_rest_build_dir(),
+		'state-query',
+		'query'
+	);
+
+	if ( is_wp_error( $payload ) ) {
+		return $payload;
+	}
+
+	$count = {{phpPrefix}}_get_counter( (int) $payload['postId'], (string) $payload['resourceKey'] );
+	return rest_ensure_response(
+		{{phpPrefix}}_build_state_response(
+			(int) $payload['postId'],
+			(string) $payload['resourceKey'],
+			$count
+		)
+	);
+}
+
+function {{phpPrefix}}_handle_write_state( WP_REST_Request $request ) {
+	$payload = {{phpPrefix}}_validate_and_sanitize_request(
+		$request->get_json_params(),
+		{{phpPrefix}}_get_rest_build_dir(),
+		'write-state-request',
+		'body'
+	);
+
+	if ( is_wp_error( $payload ) ) {
+		return $payload;
+	}
+
+	$count = {{phpPrefix}}_increment_counter(
+		(int) $payload['postId'],
+		(string) $payload['resourceKey'],
+		isset( $payload['delta'] ) ? (int) $payload['delta'] : 1
+	);
+
+	if ( is_wp_error( $count ) ) {
+		return $count;
+	}
+
+	return rest_ensure_response(
+		{{phpPrefix}}_build_state_response(
+			(int) $payload['postId'],
+			(string) $payload['resourceKey'],
+			$count
+		)
+	);
+}
+
+function {{phpPrefix}}_register_routes() {
+	register_rest_route(
+		'{{namespace}}/v1',
+		'/{{slugKebabCase}}/state',
+		array(
+			array(
+				'methods'             => WP_REST_Server::READABLE,
+				'callback'            => '{{phpPrefix}}_handle_get_state',
+				'permission_callback' => '__return_true',
+			),
+			array(
+				'methods'             => WP_REST_Server::CREATABLE,
+				'callback'            => '{{phpPrefix}}_handle_write_state',
+				'permission_callback' => '{{phpPrefix}}_can_write_authenticated',
+			),
+		)
+	);
+}
+
+add_action( 'init', '{{phpPrefix}}_ensure_storage_installed' );
+add_action( 'rest_api_init', '{{phpPrefix}}_register_routes' );

package/templates/_shared/workspace/persistence-public/inc/rest-public.php.mustache

@@ -0,0 +1,273 @@
+<?php
+
+function {{phpPrefix}}_base64url_encode( $value ) {
+	return rtrim( strtr( base64_encode( $value ), '+/', '-_' ), '=' );
+}
+
+function {{phpPrefix}}_base64url_decode( $value ) {
+	if ( ! is_string( $value ) || '' === $value ) {
+		return false;
+	}
+
+	$padding = strlen( $value ) % 4;
+	if ( $padding > 0 ) {
+		$value .= str_repeat( '=', 4 - $padding );
+	}
+
+	return base64_decode( strtr( $value, '-_', '+/' ), true );
+}
+
+function {{phpPrefix}}_get_public_write_action() {
+	return '{{namespace}}/{{slugKebabCase}}/state/write';
+}
+
+function {{phpPrefix}}_get_public_write_client_subject() {
+	$remote_addr = isset( $_SERVER['REMOTE_ADDR'] ) && is_string( $_SERVER['REMOTE_ADDR'] )
+		? wp_unslash( $_SERVER['REMOTE_ADDR'] )
+		: '';
+	$user_agent  = isset( $_SERVER['HTTP_USER_AGENT'] ) && is_string( $_SERVER['HTTP_USER_AGENT'] )
+		? wp_unslash( $_SERVER['HTTP_USER_AGENT'] )
+		: '';
+
+	return md5( $remote_addr . '|' . $user_agent );
+}
+
+function {{phpPrefix}}_get_public_write_rate_limit_key( $post_id, $resource_key ) {
+	return '{{phpPrefix}}_public_write_rl_' . (int) $post_id . '_' . md5(
+		(string) $resource_key . '|' . {{phpPrefix}}_get_public_write_client_subject()
+	);
+}
+
+function {{phpPrefix}}_get_public_write_request_replay_key( $post_id, $resource_key, $request_id ) {
+	return '{{phpPrefix}}_public_write_req_' . (int) $post_id . '_' . md5(
+		(string) $resource_key . '|' . (string) $request_id
+	);
+}
+
+function {{phpPrefix}}_get_public_write_lock_key( $post_id, $resource_key, $scope, $lock_subject = '' ) {
+	$lock_subject = is_string( $lock_subject ) && '' !== $lock_subject
+		? $lock_subject
+		: {{phpPrefix}}_get_public_write_client_subject();
+
+	return 'wpt_pwl_' . md5(
+		'{{phpPrefix}}|' . (string) $scope . '|' . (int) $post_id . '|' . (string) $resource_key . '|' . $lock_subject
+	);
+}
+
+function {{phpPrefix}}_with_public_write_lock( $post_id, $resource_key, $scope, $callback, $lock_subject = '' ) {
+	global $wpdb;
+
+	$lock_key = {{phpPrefix}}_get_public_write_lock_key( $post_id, $resource_key, $scope, $lock_subject );
+	$acquired = (int) $wpdb->get_var(
+		$wpdb->prepare(
+			'SELECT GET_LOCK(%s, 5)',
+			$lock_key
+		)
+	);
+
+	if ( 1 === $acquired ) {
+		try {
+			return $callback();
+		} finally {
+			$wpdb->get_var(
+				$wpdb->prepare(
+					'SELECT RELEASE_LOCK(%s)',
+					$lock_key
+				)
+			);
+		}
+	}
+
+	return new WP_Error(
+		'rest_temporarily_unavailable',
+		'Could not acquire the public write lock.',
+		array( 'status' => 503 )
+	);
+}
+
+function {{phpPrefix}}_enforce_public_write_rate_limit( $post_id, $resource_key ) {
+	return {{phpPrefix}}_with_public_write_lock(
+		$post_id,
+		$resource_key,
+		'rate_limit',
+		function () use ( $post_id, $resource_key ) {
+			$key   = {{phpPrefix}}_get_public_write_rate_limit_key( $post_id, $resource_key );
+			$count = (int) get_transient( $key );
+
+			if ( $count >= 10 ) {
+				return new WP_Error(
+					'rest_rate_limited',
+					'Too many public write attempts. Wait a minute and try again.',
+					array( 'status' => 429 )
+				);
+			}
+
+			set_transient( $key, $count + 1, MINUTE_IN_SECONDS );
+			return true;
+		}
+	);
+}
+
+function {{phpPrefix}}_consume_public_write_request_id( $post_id, $resource_key, $request_id ) {
+	if ( ! is_string( $request_id ) || '' === $request_id ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write request id is missing.',
+			array( 'status' => 403 )
+		);
+	}
+
+	return {{phpPrefix}}_with_public_write_lock(
+		$post_id,
+		$resource_key,
+		'replay',
+		function () use ( $post_id, $resource_key, $request_id ) {
+			$key = {{phpPrefix}}_get_public_write_request_replay_key( $post_id, $resource_key, $request_id );
+			if ( false !== get_transient( $key ) ) {
+				return new WP_Error(
+					'rest_conflict',
+					'This public write request was already processed.',
+					array( 'status' => 409 )
+				);
+			}
+
+			set_transient( $key, 1, HOUR_IN_SECONDS );
+			return true;
+		},
+		$request_id
+	);
+}
+
+function {{phpPrefix}}_release_public_write_request_id( $post_id, $resource_key, $request_id ) {
+	if ( ! is_string( $request_id ) || '' === $request_id ) {
+		return;
+	}
+
+	delete_transient( {{phpPrefix}}_get_public_write_request_replay_key( $post_id, $resource_key, $request_id ) );
+}
+
+function {{phpPrefix}}_create_public_write_token( $post_id, $resource_key ) {
+	$expires_at = time() + HOUR_IN_SECONDS;
+	$payload    = array(
+		'action'      => {{phpPrefix}}_get_public_write_action(),
+		'exp'         => $expires_at,
+		'postId'      => (int) $post_id,
+		'resourceKey' => (string) $resource_key,
+	);
+	$json       = wp_json_encode( $payload );
+
+	if ( ! is_string( $json ) || '' === $json ) {
+		return array(
+			'expiresAt' => $expires_at,
+			'token'     => '',
+		);
+	}
+
+	$payload_segment   = {{phpPrefix}}_base64url_encode( $json );
+	$signature_segment = {{phpPrefix}}_base64url_encode(
+		hash_hmac( 'sha256', $payload_segment, wp_salt( 'nonce' ), true )
+	);
+
+	return array(
+		'expiresAt' => $expires_at,
+		'token'     => $payload_segment . '.' . $signature_segment,
+	);
+}
+
+function {{phpPrefix}}_verify_public_write_token( $token, $post_id, $resource_key ) {
+	if ( ! is_string( $token ) || '' === $token ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token is missing.',
+			array( 'status' => 403 )
+		);
+	}
+
+	$segments = explode( '.', $token );
+	if ( 2 !== count( $segments ) ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token format is invalid.',
+			array( 'status' => 403 )
+		);
+	}
+
+	list( $payload_segment, $signature_segment ) = $segments;
+	$expected_signature = {{phpPrefix}}_base64url_encode(
+		hash_hmac( 'sha256', $payload_segment, wp_salt( 'nonce' ), true )
+	);
+
+	if ( ! hash_equals( $expected_signature, $signature_segment ) ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token signature is invalid.',
+			array( 'status' => 403 )
+		);
+	}
+
+	$payload_json = {{phpPrefix}}_base64url_decode( $payload_segment );
+	if ( false === $payload_json ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token payload is invalid.',
+			array( 'status' => 403 )
+		);
+	}
+
+	$payload = json_decode( $payload_json, true );
+	if ( ! is_array( $payload ) ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token payload is invalid.',
+			array( 'status' => 403 )
+		);
+	}
+
+	if ( time() > (int) ( $payload['exp'] ?? 0 ) ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token has expired. Reload the page and try again.',
+			array( 'status' => 403 )
+		);
+	}
+
+	if ( {{phpPrefix}}_get_public_write_action() !== (string) ( $payload['action'] ?? '' ) ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token action is invalid.',
+			array( 'status' => 403 )
+		);
+	}
+
+	if ( (int) ( $payload['postId'] ?? 0 ) !== (int) $post_id ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token is not valid for this post.',
+			array( 'status' => 403 )
+		);
+	}
+
+	if ( (string) ( $payload['resourceKey'] ?? '' ) !== (string) $resource_key ) {
+		return new WP_Error(
+			'rest_forbidden',
+			'The public write token is not valid for this resource key.',
+			array( 'status' => 403 )
+		);
+	}
+
+	return true;
+}
+
+function {{phpPrefix}}_can_write_publicly( WP_REST_Request $request ) {
+	$body = $request->get_json_params();
+	$post_id = (int) ( is_array( $body ) ? ( $body['postId'] ?? 0 ) : 0 );
+	$resource_key = (string) ( is_array( $body ) ? ( $body['resourceKey'] ?? '' ) : '' );
+	$token = (string) ( is_array( $body ) ? ( $body['publicWriteToken'] ?? '' ) : '' );
+
+	$rate_limit = {{phpPrefix}}_enforce_public_write_rate_limit( $post_id, $resource_key );
+	if ( is_wp_error( $rate_limit ) ) {
+		return $rate_limit;
+	}
+
+	return {{phpPrefix}}_verify_public_write_token( $token, $post_id, $resource_key );
+}

package/templates/_shared/workspace/persistence-public/inc/rest-shared.php.mustache

@@ -0,0 +1,55 @@
+<?php
+
+function {{phpPrefix}}_load_schema_from_build_dir( $build_dir, $schema_name ) {
+	if ( ! is_string( $build_dir ) || '' === $build_dir ) {
+		return null;
+	}
+
+	$path = $build_dir . '/api-schemas/' . $schema_name . '.schema.json';
+	if ( ! is_readable( $path ) ) {
+		return null;
+	}
+
+	$contents = file_get_contents( $path );
+	if ( false === $contents ) {
+		return null;
+	}
+
+	$decoded = json_decode( $contents, true );
+	return is_array( $decoded ) ? $decoded : null;
+}
+
+function {{phpPrefix}}_sanitize_rest_schema( $schema ) {
+	if ( ! is_array( $schema ) ) {
+		return $schema;
+	}
+
+	unset( $schema['$schema'], $schema['title'] );
+
+	if ( isset( $schema['properties'] ) && is_array( $schema['properties'] ) ) {
+		foreach ( $schema['properties'] as $key => $property_schema ) {
+			$schema['properties'][ $key ] = {{phpPrefix}}_sanitize_rest_schema( $property_schema );
+		}
+	}
+
+	if ( isset( $schema['items'] ) && is_array( $schema['items'] ) ) {
+		$schema['items'] = {{phpPrefix}}_sanitize_rest_schema( $schema['items'] );
+	}
+
+	return $schema;
+}
+
+function {{phpPrefix}}_validate_and_sanitize_request( $value, $build_dir, $schema_name, $param_name ) {
+	$schema = {{phpPrefix}}_load_schema_from_build_dir( $build_dir, $schema_name );
+	if ( ! is_array( $schema ) ) {
+		return new WP_Error( 'missing_schema', 'Missing REST schema.', array( 'status' => 500 ) );
+	}
+
+	$rest_schema = {{phpPrefix}}_sanitize_rest_schema( $schema );
+	$validation  = rest_validate_value_from_schema( $value, $rest_schema, $param_name );
+	if ( is_wp_error( $validation ) ) {
+		return $validation;
+	}
+
+	return rest_sanitize_value_from_schema( $value, $rest_schema, $param_name );
+}