* } */ class Link_Controller extends REST_Controller implements HasRequirements { /** * Story_Post_Type instance. * * @var Story_Post_Type Story_Post_Type instance. */ private Story_Post_Type $story_post_type; /** * Constructor. * * @param Story_Post_Type $story_post_type Story_Post_Type instance. */ public function __construct( Story_Post_Type $story_post_type ) { $this->story_post_type = $story_post_type; $this->namespace = 'web-stories/v1'; $this->rest_base = 'link'; } /** * Get the list of service IDs required for this service to be registered. * * Needed because the story post type needs to be registered first. * * @since 1.13.0 * * @return string[] List of required services. */ public static function get_requirements(): array { return [ 'story_post_type' ]; } /** * Registers routes for links. * * @since 1.0.0 * * @see register_rest_route() */ public function register_routes(): void { register_rest_route( $this->namespace, '/' . $this->rest_base, [ [ 'methods' => WP_REST_Server::READABLE, 'callback' => [ $this, 'parse_link' ], 'permission_callback' => [ $this, 'parse_link_permissions_check' ], 'args' => [ 'url' => [ 'description' => __( 'The URL to process.', 'web-stories' ), 'required' => true, 'type' => 'string', 'format' => 'uri', 'validate_callback' => [ $this, 'validate_url' ], ], ], ], ] ); } /** * Parses a URL to return some metadata for inserting links. * * @SuppressWarnings(PHPMD.CyclomaticComplexity) * @SuppressWarnings(PHPMD.NPathComplexity) * @SuppressWarnings(PHPMD.ExcessiveMethodLength) * * @since 1.0.0 * * @param WP_REST_Request $request Full data about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function parse_link( $request ) { /** * Requested URL. * * @var string $url */ $url = $request['url']; $url = untrailingslashit( $url ); /** * Filters the link data TTL value. * * @since 1.0.0 * * @param int $time Time to live (in seconds). Default is 1 day. * @param string $url The attempted URL. */ $cache_ttl = apply_filters( 'web_stories_link_data_cache_ttl', DAY_IN_SECONDS, $url ); $cache_key = 'web_stories_link_data_' . md5( $url ); $data = get_transient( $cache_key ); if ( \is_string( $data ) && ! empty( $data ) ) { /** * Decoded cached link data. * * @var array{title: string, image: string, description: string}|null $link */ $link = json_decode( $data, true ); if ( $link ) { $response = $this->prepare_item_for_response( $link, $request ); return rest_ensure_response( $response ); } } $data = [ 'title' => '', 'image' => '', 'description' => '', ]; // Do not request instagram.com, as it redirects to a login page. // See https://github.com/GoogleForCreators/web-stories-wp/issues/10451. $matches = []; $query_string = wp_parse_url( $url, PHP_URL_QUERY ); $check_url = \is_string( $query_string ) ? str_replace( "?$query_string", '', $url ) : $url; if ( preg_match( '~^https?://(www\.)?instagram\.com/([^/]+)/?$~', $check_url, $matches ) ) { $data['title'] = sprintf( /* translators: %s: Instagram username. */ __( 'Instagram - @%s', 'web-stories' ), $matches[2] ); set_transient( $cache_key, wp_json_encode( $data ), $cache_ttl ); $response = $this->prepare_item_for_response( $data, $request ); return rest_ensure_response( $response ); } $args = [ 'limit_response_size' => 153_600, // 150 KB. 'timeout' => 7, // phpcs:ignore WordPressVIPMinimum.Performance.RemoteRequestTimeout.timeout_timeout ]; /** * Filters the HTTP request args for link data retrieval. * * Can be used to adjust timeout and response size limit. * * @since 1.0.0 * * @param array $args Arguments used for the HTTP request * @param string $url The attempted URL. */ $args = apply_filters( 'web_stories_link_data_request_args', $args, $url ); $response = wp_safe_remote_get( $url, $args ); if ( is_wp_error( $response ) && 'http_request_failed' === $response->get_error_code() ) { return new \WP_Error( 'rest_invalid_url', __( 'Invalid URL', 'web-stories' ), [ 'status' => 404 ] ); } if ( WP_Http::OK !== wp_remote_retrieve_response_code( $response ) ) { // Not saving to cache since the error might be temporary. $response = $this->prepare_item_for_response( $data, $request ); return rest_ensure_response( $response ); } $html = wp_remote_retrieve_body( $response ); // Strip . $html_head_end = stripos( $html, '' ); if ( $html_head_end ) { $html = substr( $html, 0, $html_head_end ); } if ( ! $html ) { set_transient( $cache_key, wp_json_encode( $data ), $cache_ttl ); $response = $this->prepare_item_for_response( $data, $request ); return rest_ensure_response( $response ); } try { $doc = Document::fromHtml( $html ); } catch ( \DOMException $exception ) { set_transient( $cache_key, wp_json_encode( $data ), $cache_ttl ); $response = $this->prepare_item_for_response( $data, $request ); return rest_ensure_response( $response ); } if ( ! $doc ) { set_transient( $cache_key, wp_json_encode( $data ), $cache_ttl ); $response = $this->prepare_item_for_response( $data, $request ); return rest_ensure_response( $response ); } $xpath = $doc->xpath; // Link title. $title = ''; $title_query = $xpath->query( '//title' ); if ( $title_query instanceof DOMNodeList && $title_query->length > 0 ) { $title_node = $title_query->item( 0 ); if ( $title_node instanceof DOMElement ) { $title = $title_node->textContent; } } if ( ! $title ) { /** * List of found elements. * * @var DOMNodeList $og_title_query */ $og_title_query = $xpath->query( '//meta[@property="og:title"]' ); $title = $this->get_dom_attribute_content( $og_title_query, 'content' ); } if ( ! $title ) { /** * List of found elements. * * @var DOMNodeList $og_site_name_query */ $og_site_name_query = $xpath->query( '//meta[@property="og:site_name"]' ); $title = $this->get_dom_attribute_content( $og_site_name_query, 'content' ); } // Site icon. /** * List of found elements. * * @var DOMNodeList $og_image_query */ $og_image_query = $xpath->query( '//meta[@property="og:image"]' ); $image = $this->get_dom_attribute_content( $og_image_query, 'content' ); if ( ! $image ) { /** * List of found elements. * * @var DOMNodeList $icon_query */ $icon_query = $xpath->query( '//link[contains(@rel, "icon")]' ); $image = $this->get_dom_attribute_content( $icon_query, 'content' ); } if ( ! $image ) { /** * List of found elements. * * @var DOMNodeList $touch_icon_query */ $touch_icon_query = $xpath->query( '//link[contains(@rel, "apple-touch-icon")]' ); $image = $this->get_dom_attribute_content( $touch_icon_query, 'href' ); } // Link description. /** * List of found elements. * * @var DOMNodeList $description_query */ $description_query = $xpath->query( '//meta[@name="description"]' ); $description = $this->get_dom_attribute_content( $description_query, 'content' ); if ( ! $description ) { /** * List of found elements. * * @var DOMNodeList $og_description_query */ $og_description_query = $xpath->query( '//meta[@property="og:description"]' ); $description = $this->get_dom_attribute_content( $og_description_query, 'content' ); } $data = [ 'title' => $title ?: '', 'image' => $image ?: '', 'description' => $description ?: '', ]; $response = $this->prepare_item_for_response( $data, $request ); set_transient( $cache_key, wp_json_encode( $data ), $cache_ttl ); return rest_ensure_response( $response ); } /** * Prepares a single lock output for response. * * @since 1.10.0 * * @param array{title: string, image: string, description: string} $link Link value, default to false is not set. * @param WP_REST_Request $request Request object. * @return WP_REST_Response|WP_Error Response object. */ public function prepare_item_for_response( $link, $request ) { $fields = $this->get_fields_for_response( $request ); $schema = $this->get_item_schema(); $data = []; $check_fields = array_keys( $link ); foreach ( $check_fields as $check_field ) { if ( ! empty( $schema['properties'][ $check_field ] ) && rest_is_field_included( $check_field, $fields ) ) { $data[ $check_field ] = rest_sanitize_value_from_schema( $link[ $check_field ], $schema['properties'][ $check_field ] ); } } /** * Request context. * * @var string $context */ $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; $data = $this->add_additional_fields_to_object( $data, $request ); $data = $this->filter_response_by_context( $data, $context ); // Wrap the data in a response object. return rest_ensure_response( $data ); } /** * Retrieves the link's schema, conforming to JSON Schema. * * @since 1.10.0 * * @return array Item schema data. * * @phpstan-return Schema */ public function get_item_schema(): array { if ( $this->schema ) { /** * Schema. * * @phpstan-var Schema $schema */ $schema = $this->add_additional_fields_schema( $this->schema ); return $schema; } $schema = [ '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'link', 'type' => 'object', 'properties' => [ 'title' => [ 'description' => __( 'Link\'s title', 'web-stories' ), 'type' => 'string', 'context' => [ 'view', 'edit', 'embed' ], ], 'image' => [ 'description' => __( 'Link\'s image', 'web-stories' ), 'type' => 'string', 'format' => 'uri', 'context' => [ 'view', 'edit', 'embed' ], ], 'description' => [ 'description' => __( 'Link\'s description', 'web-stories' ), 'type' => 'string', 'context' => [ 'view', 'edit', 'embed' ], ], ], ]; $this->schema = $schema; /** * Schema * * @phpstan-var Schema $schema */ $schema = $this->add_additional_fields_schema( $this->schema ); return $schema; } /** * Checks if current user can process links. * * @since 1.0.0 * * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function parse_link_permissions_check() { if ( ! $this->story_post_type->has_cap( 'edit_posts' ) ) { return new \WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to process links.', 'web-stories' ), [ 'status' => rest_authorization_required_code() ] ); } return true; } /** * Callback to validate urls. * * @since 1.11.0 * * @param string $value Value to be validated. * @return true|WP_Error */ public function validate_url( $value ) { $url = untrailingslashit( $value ); if ( empty( $url ) || ! wp_http_validate_url( $url ) ) { return new \WP_Error( 'rest_invalid_url', __( 'Invalid URL', 'web-stories' ), [ 'status' => 400 ] ); } return true; } /** * Retrieve content of a given DOM node attribute. * * @since 1.0.0 * * @param DOMNodeList|false $query XPath query result. * @param string $attribute Attribute name. * @return string|false Attribute content on success, false otherwise. */ protected function get_dom_attribute_content( $query, string $attribute ) { if ( ! $query instanceof DOMNodeList || 0 === $query->length ) { return false; } /** * DOMElement * * @var DOMElement|DOMNode $node */ $node = $query->item( 0 ); if ( ! $node instanceof DOMElement ) { return false; } return $node->getAttribute( $attribute ); } }