是否可以添加使用WooCommerce授权的新API端点? [英] Is it possible to add a new API endpoint that uses WooCommerce's authorization?

问题描述

我需要在我的WordPress插件中添加一个API端点，该端点将写入数据库等.我希望它由调用此新API的远程系统触发.

I need to add an API endpoint in my WordPress plugin that will write to the database, etc. I want it to be triggered by a remote system that will call this new API.

但是，我想使用内置的WooCommerce REST身份验证，在此处设置身份验证:

However, I'd like to use the built-in WooCommerce REST authentication, the auth set up here:

(不，这些凭据不再起作用).

(And no, those credentials don't work, anymore).

有没有办法做到这一点?要添加一个自定义HTTP终结点，该终结点将使用WooCommerce的身份验证，然后运行一些我想运行的任意代码?

Is there a way to do this? To add a custom HTTP endpoint that will use the auth from WooCommerce and then run some arbitrary code that I want to run?

或者是否可以在现有的WooCommerce API端点上添加一个挂钩以在该端点执行之前运行?我只需要一种使用现有WooCommerce REST API身份验证的方式来触发一些我需要在插件中运行的更新.

Or is there a way to add a hook on an existing WooCommerce API endpoint to run before that endpoint executes? I just need a way to use the existing WooCommerce REST API auth to trigger some updates I need to run in my plugin.

推荐答案

您可以在Woocommerce端点下添加一条路由以使用此密钥/秘密身份验证系统.

You can add a route under the Woocommerce endpoint to use this key/secret authentication system.

这是一个可行的示例:

add_action('rest_api_init', function () {
    register_rest_route('wc', '/test', [
        'methods'  => 'GET',
        'callback' => 'my_awesome_func',
    ]);
});

function my_awesome_func(WP_REST_Request $request)
{

    if (is_user_logged_in() && (int)wp_get_current_user()->ID === 123) {
        //your stuff only for legged in user 123
        return new WP_REST_Response('ok', 200);
    }

    return new WP_Error('unauthorized', __('You shall not pass'), [ 'status' => 401 ]); //can also use WP_REST_Response

 }

这将:

• 在"wc"下添加新的GET路由.端点(woocommerce端点)，因此 https://example.com/wp-json/wc/test
• 然后使用"HTTP基本身份验证"按照 Woocommerce文档
• is_user_logged_in()和 wp_get_current_user()的结果将取决于密钥/秘密的正确组合.如果正确，则关联用户将被认证".至于Wordpress.
• 如果组合正确，则得到 [true，WP_user_object] ，如果键不正确，则会得到 [false，Empty_user_object] .
• 如果正确的密钥和不正确的机密，将抛出401(不是我的示例中的一个，而是woocommerce的另一个401.在这种情况下，未达到 my_awesome_func().我相信这就像wp-login，正确登录(键)时自定义错误消息，不错的^^')

• add a new GET route under the "wc" endpoint (woocommerce one), so https://example.com/wp-json/wc/test
• you then use "HTTP Basic auth" to pass your key and secret as per Woocommerce documentation
• the results of is_user_logged_in() and wp_get_current_user() will depend on the correct combination of key/secret. If correct, a the associated user will be "authentified" as for Wordpress.
• if correct combination you'll get [true, WP_user_object], if incorrect key [false, Empty_user_object].
• If correct key and incorrect secret, a 401 will be thrown (not the one in my example, another 401 by woocommerce. my_awesome_func() is not reached in this case. I believe it's like wp-login, custom error message when correct login (key), nice ^^')

然后，您需要按照自己的规则来保护自己的路线:

You then need to secure your route by your rules:

• 检查用户是否像 if(！is_user_logged_in())一样返回false
• 检查用户ID wp_get_current_user()-> ID
• 通过您的角色/权限系统进行检查
• 现在您有了用户ID，就可以使用它进行所需的操作
• 使用 WP_REST_Request $ request 参数处理GET或POST HTTP参数.

• Checking if user is logged in like if(!is_user_logged_in()) return false
• Checking user ID wp_get_current_user()->ID
• Checking by your role/permission system
• now that you have user ID, you do what you want with it
• use the WP_REST_Request $request parameter to handle GET or POST HTTP parameters.

因此它看起来像:

add_action('rest_api_init', function () {
    register_rest_route('wc', '/test', [
        'methods'  => 'GET',
        'callback' => 'my_awesome_func',
    ]);
});

function my_awesome_func(WP_REST_Request $request)
{

    if (is_user_logged_in() && (int)wp_get_current_user()->ID === 123) {
        //your stuff only for legged in user 123
        return new WP_REST_Response('ok', 200);
    }

    return new WP_Error('unauthorized', __('You shall not pass'), [ 'status' => 401 ]); //can also use WP_REST_Response
}

似乎可能有正确的方法添加Woocommerce REST API端点(找不到关于它的适当文档...).但是我对此进行了测试，并且至少可以使用Woocommerce密钥/秘密身份验证系统起作用，我认为该系统适用于/wc/端点下.

It seems there may be proper ways to add a Woocommerce REST API endpoint (couldn't find proper documentation about it...). But I tested this and it worked, at least to use the Woocommerce key/Secret authentication system, which I believe is applied under the /wc/ endpoint.

注意:小心地将路由添加到wc端点，因为您可能会覆盖现有的路由端点.例如:添加/product/mytest 可能与处理/product/[product_id] 的Woocommerce官方路线发生冲突.

Note: careful adding routes to the wc endpoints, as you may override an existing route endpoint. Eg: adding /product/mytest could conflict with an official Woocommerce route that handles /product/[product_id].

注2:我首先使用核心API身份验证系统).因此，我移到了Woocommerce API端点.

Note 2: I first tested with a custom WordPress REST API route, and passing Woocommerce key/secret to see if WordPress could see me correctly authenticated and identified. But it didn't work (WP uses the core API auth system). So I moved to the Woocommerce API endpoint.

注3:您可以使用具有自定义路由的Wordpress REST API和机器对机器"的自定义路径来实现相同的目的.身份验证插件，例如Oauth，应用程序密码，JWT ...如

Note 3: You could achieve the same using the Wordpress REST API with a custom route, and a "machine to machine" authentication plugins like Oauth, application password, JWT... like described on WP REST API authentication documentation page.

这篇关于是否可以添加使用WooCommerce授权的新API端点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！