Initial commit: Atomaste website

Atomaste Reference/public_html/wp-content/plugins/complianz-gdpr/websitescan/class-wsc-api.php

@@ -0,0 +1,177 @@
+<?php
+defined('ABSPATH') or die("you do not have access to this page!");
+
+if (!class_exists("cmplz_wsc_api")) {
+	class cmplz_wsc_api
+	{
+		private static $_this;
+
+		function __construct()
+		{
+			if (isset(self::$_this))
+				wp_die(sprintf('%s is a singleton class and you cannot create a second instance.', get_class($this)));
+
+			self::$_this = $this;
+			add_action('rest_api_init', array($this, 'wsc_scan_enable_webhook_api'));
+		}
+
+		static function this()
+		{
+			return self::$_this;
+		}
+
+		/**
+		 * Register the REST API route for the WSC scan.
+		 *
+		 * This function registers a custom REST API route for the WSC scan. The route
+		 * accepts only POST requests and uses the `wsc_scan_callback` method as the
+		 * callback function.
+		 *
+		 * @return void
+		 */
+		public function wsc_scan_enable_webhook_api(): void
+		{
+			register_rest_route('complianz/v1', 'wsc-scan', array(
+				'methods' => 'POST', // Accept only POST requests
+				'callback' => array($this, 'wsc_scan_webhook_callback'),
+				'permission_callback' => '__return_true',
+			));
+			register_rest_route(
+				'complianz/v1',
+				'wsc-checks',
+				array(
+					'methods'             => 'POST', // Accept only POST requests.
+					'callback'            => array( $this, 'wsc_scan_webhook_checks_callback' ),
+					'permission_callback' => '__return_true',
+				)
+			);
+		}
+
+
+		/**
+		 * Handle the WSC scan webhook checks callback.
+		 *
+		 * This function processes the WSC scan webhook checks callback. It validates the request
+		 * and then processes the scan checks. If the request is invalid, an error is returned.
+		 *
+		 * @param WP_REST_Request $request The REST API request object.
+		 * @return WP_REST_Response|WP_Error The REST API response object or an error object.
+		 */
+		public function wsc_scan_webhook_checks_callback( WP_REST_Request $request ) {
+			$error            = self::wsc_scan_validate_request( $request, 'checks' );
+			$is_valid_request = empty( $error );
+
+			if ( ! $is_valid_request ) { // if the array is not empty, contains an error and the request is invalid.
+				return new WP_Error(
+					$error['code'],
+					$error['message'],
+					array( 'status' => $error['status'] )
+				);
+			}
+
+			$result = json_decode( $request->get_body() );
+
+			COMPLIANZ::$wsc_scanner->wsc_scan_process_checks( $result );
+
+			return new WP_REST_Response( 'Checks updated!', 200 );
+		}
+
+
+		/**
+		 * Process the WSC scan webhook callback.
+		 *
+		 * This function processes the WSC scan webhook callback. It validates the request
+		 * and then processes the scan results. If the request is invalid, an error is returned.
+		 *
+		 * @param WP_REST_Request $request The REST API request object.
+		 * @return WP_REST_Response|WP_Error The REST API response object or an error object.
+		 */
+		public function wsc_scan_webhook_callback(WP_REST_Request $request)
+		{
+			$error = self::wsc_scan_validate_request( $request,'scan' );
+			$is_valid_request = empty($error); // if the array is empty, the request is valid
+
+			if (!$is_valid_request) { // if the array is not empty, contains an error and the request is invalid
+				return new WP_Error(
+					$error['code'],
+					$error['message'],
+					array('status' => $error['status'])
+				);
+			}
+
+			// start the processing of the request
+			$result = json_decode($request->get_body());
+
+			if (!isset($result->data->result->trackers) || !is_array($result->data->result->trackers) || count($result->data->result->trackers) === 0) {
+				return new WP_REST_Response('No cookies found in the result.', 200);
+			}
+
+			$current_wsc_status = get_option('cmplz_wsc_scan_status');
+			// if the scan is already completed, exit
+			if ($current_wsc_status === 'completed') {
+				return new WP_REST_Response('Scan already completed.', 200);
+			}
+
+			COMPLIANZ::$wsc_scanner->wsc_complete_cookie_scan( $result, true );
+
+			return new WP_REST_Response('Cookies updated!', 200);
+
+		}
+
+		/**
+		 * Validate the WSC scan webhook request.
+		 *
+		 * This function validates the WSC scan webhook request. It checks if the request
+		 * is valid and contains the necessary information to process the scan results.
+		 *
+		 * @param WP_REST_Request $request The REST API request object.
+		 * @return array If the request is invalid an array containing the error details, otherwise an empty array.
+		 */
+		public static function wsc_scan_validate_request(WP_REST_Request $request, $type): array
+		{
+			// check the body
+			if (empty($request->get_body())) {
+				return [
+					'code' => 'invalid_request',
+					'message' => 'Request blocked: missing request.',
+					'status' => 400
+				];
+			}
+
+			// Get options for permission check
+			$scan_id = $type === 'scan' ? get_option('cmplz_wsc_scan_id', false) : get_option('cmplz_wsc_checks_scan_id',false);
+			$scan_created_at = $type === 'scan' ? get_option('cmplz_wsc_scan_createdAt', false) : get_option('cmplz_wsc_checks_scan_createdAt',false);
+			// Check if there is an active scan
+			if (!$scan_id || !$scan_created_at) {
+				return [
+					'code' => 'invalid_wsc_scan',
+					'message' => 'No active scan found.',
+					'status' => 400
+				];
+			}
+
+			// Check the user agent
+			$user_agent = $request->get_header('User-Agent');
+			if (strpos($user_agent, 'radar') === false) {
+				return [
+					'code' => 'invalid_user_agent',
+					'message' => 'Request blocked: unauthorized User-Agent.',
+					'status' => 400
+				];
+			}
+
+			// Verify scan status event in the request body
+			$data = json_decode($request->get_body());
+			if (!isset($data->event) || $data->event !== 'scan-completed') {
+				return [
+					'code' => 'invalid_event',
+					'message' => 'Request blocked: missing or invalid scan status.',
+					'status' => 400
+				];
+			}
+
+			// Return the errors array if any errors are found, or an empty array if all checks pass
+			return [];
+		}
+	}
+}