科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>plugin development - Allow REST API Endpoint to specific user and hide from public

    plugin development - Allow REST API Endpoint to specific user and hide from public

    programmeradmin3浏览0评论

    So I've been working on trying to figure this out, but I can't seem to get the right answer or even find docs online regarding this issue, so I'm reaching out to the community to see if I can get some assistance.

    So I have the following RestRoutes class:

    class RestRoutes
{
    private string $namespace;
    private string $resource;

    public function __construct()
    {
        $this->namespace = 'twitter/v1';
        $this->resource = '/posts/';
        $this->init();
    }

    public function init(): void
    {
        add_action('rest_api_init', [$this, 'register_rest_route']);
    }

    public function register_rest_route(): void
    {
        register_rest_route(
            $this->namespace,
            $this->resource,
            [
                'methods'  => 'GET',
                'callback' => [$this, 'twitter_posts'],
                'permission_callback' => '__return_true'
            ]
        );
    }

    public function twitter_posts(): WP_REST_Response|array
    {
        $data = get_transient('twitter_socialapi_data');
        if (!empty($data)) {
            return $data;
        }
        try {
            $response = Twitter::init()->get_profile_tweets(50);
            if (empty($response)) {
                return [];
            }
            $tweets = [];
            foreach ($response as $tweet) {
                $tweets[] = [
                    'id' => $tweet->get_id(),
                    'text' => $tweet->get_body(),
                    'link' => $tweet->get_tweet_link(),
                    'profile_image_url' => $tweet->user()->get_image_url(),
                    'profile_url' => $tweet->user()->get_url(),
                    'name' => $tweet->user()->get_name(),
                    'username' => $tweet->user()->get_username(),
                    'created_at' => $tweet->get_created_at()->format('h:i A · F d, Y')
                ];
            }
            set_transient('twitter_socialapi_data', $tweets, 3 * HOUR_IN_SECONDS);
        } catch(Exception $e) {
            return [];
        }

        return $tweets;
    }
}

    Which when I go to the following endpoint /wp-json/twitter/v1/posts, I get data:

    [{"id":"1491469724835889154","text":"RT <a href=\"https:\/\/twitter\/FOXSoccer\" title=\"FOXSoccer\" target=\"_blank\">@FOXSoccer<\/a>: What a save from Al Hilal's Al-Mayouf !\ud83e\udde4 <a href=\"https:\/\/t.co\/D7p4vwIn44\" target=\"_blank\"><\/a><img class=\"tweet-photo\" src=\"https:\/\/pbs.twimg\/media\/FLLDiZnXEAY38Wu.jpg\" style=\"width: 100%; margin-top: 11px; border-radius: 12px\" \/>"}]

    As it currently sits, ANYONE with the endpoint can make requests.

    How does one make the endpoint private to just a specific user?

    I have a WordPress user called source and I've already added the application password, as shown below:

    Does anyone know how to properly allow only the specific user to make the request? Use Basic Authentication within Postman, etc..

    Thanks all!

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论