dwindown/WooNooW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: resolve container width issues, spa redirects, and appearance settings overwrite. feat: enhance order/sub details and newsletter layout

Browse Source
This commit is contained in:
Dwindi Ramadhana
2026-02-05 00:09:40 +07:00
parent a0b5f8496d
commit 5f08c18ec7
77 changed files with 7027 additions and 4546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

474
includes/Api/NewsletterController.php
View File

@@ -1,15 +1,19 @@
<?php
namespace WooNooW\API;
use WP_REST_Request;
use WP_REST_Response;
use WP_Error;
use WooNooW\Core\Validation;
use WooNooW\Database\SubscriberTable;
class NewsletterController {
class NewsletterController
{
const API_NAMESPACE = 'woonoow/v1';
public static function register_routes() {
public static function register_routes()
{
register_rest_route(self::API_NAMESPACE, '/newsletter/subscribe', [
'methods' => 'POST',
'callback' => [__CLASS__, 'subscribe'],
@@ -18,45 +22,45 @@ class NewsletterController {
'email' => [
'required' => true,
'type' => 'string',
'validate_callback' => function($param) {
'validate_callback' => function ($param) {
return is_email($param);
},
],
],
]);
register_rest_route(self::API_NAMESPACE, '/newsletter/subscribers', [
'methods' => 'GET',
'callback' => [__CLASS__, 'get_subscribers'],
'permission_callback' => function() {
'permission_callback' => function () {
return current_user_can('manage_options');
},
]);
register_rest_route(self::API_NAMESPACE, '/newsletter/subscribers/(?P<email>[^/]+)', [
'methods' => 'DELETE',
'callback' => [__CLASS__, 'delete_subscriber'],
'permission_callback' => function() {
'permission_callback' => function () {
return current_user_can('manage_options');
},
]);
register_rest_route(self::API_NAMESPACE, '/newsletter/template/(?P<template>[^/]+)', [
'methods' => 'GET',
'callback' => [__CLASS__, 'get_template'],
'permission_callback' => function() {
'permission_callback' => function () {
return current_user_can('manage_options');
},
]);
register_rest_route(self::API_NAMESPACE, '/newsletter/template/(?P<template>[^/]+)', [
'methods' => 'POST',
'callback' => [__CLASS__, 'save_template'],
'permission_callback' => function() {
'permission_callback' => function () {
return current_user_can('manage_options');
},
]);
// Public unsubscribe endpoint (no auth needed, uses token)
register_rest_route(self::API_NAMESPACE, '/newsletter/unsubscribe', [
'methods' => 'GET',
@@ -73,139 +77,381 @@ class NewsletterController {
],
],
]);
// Public confirm endpoint (double opt-in)
register_rest_route(self::API_NAMESPACE, '/newsletter/confirm', [
'methods' => 'GET',
'callback' => [__CLASS__, 'confirm'],
'permission_callback' => '__return_true',
'args' => [
'email' => [
'required' => true,
'type' => 'string',
],
'token' => [
'required' => true,
'type' => 'string',
],
],
]);
}
public static function get_template(WP_REST_Request $request) {
public static function get_template(WP_REST_Request $request)
{
$template = $request->get_param('template');
$option_key = "woonoow_newsletter_{$template}_template";
$data = get_option($option_key, [
'subject' => $template === 'welcome' ? 'Welcome to {site_name} Newsletter!' : 'Confirm your newsletter subscription',
'content' => $template === 'welcome'
'content' => $template === 'welcome'
? "Thank you for subscribing to our newsletter!\n\nYou'll receive updates about our latest products and offers.\n\nBest regards,\n{site_name}"
: "Please confirm your newsletter subscription by clicking the link below:\n\n{confirmation_url}\n\nBest regards,\n{site_name}",
]);
return new WP_REST_Response([
'success' => true,
'subject' => $data['subject'] ?? '',
'content' => $data['content'] ?? '',
], 200);
}
public static function save_template(WP_REST_Request $request) {
public static function save_template(WP_REST_Request $request)
{
$template = $request->get_param('template');
$subject = sanitize_text_field($request->get_param('subject'));
$content = wp_kses_post($request->get_param('content'));
$option_key = "woonoow_newsletter_{$template}_template";
update_option($option_key, [
'subject' => $subject,
'content' => $content,
]);
return new WP_REST_Response([
'success' => true,
'message' => 'Template saved successfully',
], 200);
}
public static function delete_subscriber(WP_REST_Request $request) {
$email = urldecode($request->get_param('email'));
public static function delete_subscriber(WP_REST_Request $request)
{
$email = sanitize_email(urldecode($request->get_param('email')));
if (self::use_custom_table()) {
$result = SubscriberTable::delete_by_email($email);
if ($result) {
return new WP_REST_Response([
'success' => true,
'message' => 'Subscriber removed successfully',
], 200);
}
return new WP_Error('not_found', 'Subscriber not found', ['status' => 404]);
}
// Legacy: wp_options storage
$subscribers = get_option('woonoow_newsletter_subscribers', []);
$subscribers = array_filter($subscribers, function($sub) use ($email) {
$subscribers = array_filter($subscribers, function ($sub) use ($email) {
return isset($sub['email']) && $sub['email'] !== $email;
});
update_option('woonoow_newsletter_subscribers', array_values($subscribers));
return new WP_REST_Response([
'success' => true,
'message' => 'Subscriber removed successfully',
], 200);
}
public static function subscribe(WP_REST_Request $request) {
/**
* Check if custom subscriber table should be used
*/
private static function use_custom_table()
{
return SubscriberTable::table_exists();
}
public static function subscribe(WP_REST_Request $request)
{
$email = sanitize_email($request->get_param('email'));
$consent = (bool) $request->get_param('consent');
// Rate limiting (5 requests per IP per hour)
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
$rate_key = 'woonoow_newsletter_rate_' . md5($ip);
$attempts = (int) get_transient($rate_key);
if ($attempts >= 5) {
return new WP_Error('rate_limited', __('Too many requests. Please try again later.', 'woonoow'), ['status' => 429]);
}
set_transient($rate_key, $attempts + 1, HOUR_IN_SECONDS);
// Use centralized validation with extensible filter hooks
$validation = Validation::validate_email($email, 'newsletter_subscribe');
if (is_wp_error($validation)) {
return $validation;
}
// Get existing subscribers (now stored as objects with metadata)
$subscribers = get_option('woonoow_newsletter_subscribers', []);
// Check if already subscribed
$existing = array_filter($subscribers, function($sub) use ($email) {
return isset($sub['email']) && $sub['email'] === $email;
});
if (!empty($existing)) {
return new WP_REST_Response([
'success' => true,
'message' => 'You are already subscribed to our newsletter!',
], 200);
// Check GDPR consent requirement
$gdpr_required = get_option('woonoow_newsletter_gdpr_consent', false);
if ($gdpr_required && !$consent) {
return new WP_Error('consent_required', __('Please accept the terms to subscribe.', 'woonoow'), ['status' => 400]);
}
// Check if email belongs to a WP user
$user = get_user_by('email', $email);
$user_id = $user ? $user->ID : null;
// Add new subscriber with metadata
$subscribers[] = [
'email' => $email,
'user_id' => $user_id,
'status' => 'active',
'subscribed_at' => current_time('mysql'),
'ip_address' => $_SERVER['REMOTE_ADDR'] ?? '',
];
update_option('woonoow_newsletter_subscribers', $subscribers);
// Trigger notification events
// Check double opt-in setting
$double_opt_in = get_option('woonoow_newsletter_double_opt_in', true);
$status = $double_opt_in ? 'pending' : 'active';
if (self::use_custom_table()) {
// Use custom table
$existing = SubscriberTable::get_by_email($email);
if ($existing) {
if ($existing['status'] === 'active') {
return new WP_REST_Response([
'success' => true,
'message' => __('You are already subscribed to our newsletter!', 'woonoow'),
], 200);
}
if ($existing['status'] === 'pending') {
self::send_confirmation_email($email, $existing['user_id'] ?? null);
return new WP_REST_Response([
'success' => true,
'message' => __('Confirmation email resent. Please check your inbox.', 'woonoow'),
], 200);
}
// Resubscribe (was unsubscribed)
SubscriberTable::update_by_email($email, [
'status' => $status,
'consent' => $consent ? 1 : 0,
'subscribed_at' => current_time('mysql'),
'ip_address' => $ip,
]);
} else {
// New subscriber
SubscriberTable::add([
'email' => $email,
'user_id' => $user_id,
'status' => $status,
'consent' => $consent,
'subscribed_at' => current_time('mysql'),
'ip_address' => $ip,
]);
}
} else {
// Legacy: wp_options storage
$subscribers = get_option('woonoow_newsletter_subscribers', []);
// Check if already subscribed
$existing_key = null;
foreach ($subscribers as $key => $sub) {
if (isset($sub['email']) && $sub['email'] === $email) {
$existing_key = $key;
break;
}
}
if ($existing_key !== null) {
$existing = $subscribers[$existing_key];
if (($existing['status'] ?? 'active') === 'active') {
return new WP_REST_Response([
'success' => true,
'message' => __('You are already subscribed to our newsletter!', 'woonoow'),
], 200);
}
if (($existing['status'] ?? '') === 'pending') {
self::send_confirmation_email($email, $existing['user_id'] ?? null);
return new WP_REST_Response([
'success' => true,
'message' => __('Confirmation email resent. Please check your inbox.', 'woonoow'),
], 200);
}
}
$subscribers[] = [
'email' => $email,
'user_id' => $user_id,
'status' => $status,
'consent' => $consent,
'subscribed_at' => current_time('mysql'),
'ip_address' => $ip,
];
update_option('woonoow_newsletter_subscribers', $subscribers);
}
if ($double_opt_in) {
// Send confirmation email
self::send_confirmation_email($email, $user_id);
return new WP_REST_Response([
'success' => true,
'message' => __('Please check your email to confirm your subscription.', 'woonoow'),
], 200);
}
// Direct subscription (no double opt-in)
do_action('woonoow_newsletter_subscribed', $email, $user_id);
// Trigger notification system events (uses email builder)
do_action('woonoow/notification/event', 'newsletter_welcome', 'customer', [
'email' => $email,
'user_id' => $user_id,
'subscribed_at' => current_time('mysql'),
]);
do_action('woonoow/notification/event', 'newsletter_subscribed_admin', 'staff', [
'email' => $email,
'user_id' => $user_id,
'subscribed_at' => current_time('mysql'),
]);
return new WP_REST_Response([
'success' => true,
'message' => 'Successfully subscribed! Check your email for confirmation.',
'message' => __('Successfully subscribed to our newsletter!', 'woonoow'),
], 200);
}
private static function send_welcome_email($email) {
$site_name = get_bloginfo('name');
$template = get_option('woonoow_newsletter_welcome_template', '');
if (empty($template)) {
$template = "Thank you for subscribing to our newsletter!\n\nYou'll receive updates about our latest products and offers.\n\nBest regards,\n{site_name}";
}
$subject = sprintf('Welcome to %s Newsletter!', $site_name);
$message = str_replace('{site_name}', $site_name, $template);
wp_mail($email, $subject, $message);
/**
* Send confirmation email for double opt-in
*/
private static function send_confirmation_email($email, $user_id = null)
{
$confirmation_url = self::generate_confirmation_url($email);
do_action('woonoow/notification/event', 'newsletter_confirm', 'customer', [
'email' => $email,
'user_id' => $user_id,
'confirmation_url' => $confirmation_url,
]);
}
public static function get_subscribers(WP_REST_Request $request) {
/**
* Generate confirmation URL with secure token
*/
public static function generate_confirmation_url($email)
{
$token = self::generate_unsubscribe_token($email); // Reuse same token logic
$base_url = rest_url('woonoow/v1/newsletter/confirm');
return add_query_arg([
'email' => urlencode($email),
'token' => $token,
], $base_url);
}
/**
* Handle confirmation request (double opt-in)
*/
public static function confirm(WP_REST_Request $request)
{
$email = sanitize_email(urldecode($request->get_param('email')));
$token = sanitize_text_field($request->get_param('token'));
// Verify token
$expected_token = self::generate_unsubscribe_token($email);
if (!hash_equals($expected_token, $token)) {
return new WP_REST_Response([
'success' => false,
'message' => __('Invalid confirmation link', 'woonoow'),
], 400);
}
$found = false;
$user_id = null;
if (self::use_custom_table()) {
$existing = SubscriberTable::get_by_email($email);
if ($existing) {
if ($existing['status'] === 'active') {
$found = true;
} else {
SubscriberTable::update_by_email($email, [
'status' => 'active',
'confirmed_at' => current_time('mysql'),
]);
$user_id = $existing['user_id'] ?? null;
$found = true;
}
}
} else {
// Legacy: wp_options
$subscribers = get_option('woonoow_newsletter_subscribers', []);
foreach ($subscribers as &$sub) {
if (isset($sub['email']) && $sub['email'] === $email) {
if (($sub['status'] ?? '') === 'active') {
$found = true;
break;
}
$sub['status'] = 'active';
$sub['confirmed_at'] = current_time('mysql');
$user_id = $sub['user_id'] ?? null;
$found = true;
break;
}
}
if ($found) {
update_option('woonoow_newsletter_subscribers', $subscribers);
}
}
// Trigger subscription events
do_action('woonoow_newsletter_subscribed', $email, $user_id);
do_action('woonoow/notification/event', 'newsletter_welcome', 'customer', [
'email' => $email,
'user_id' => $user_id,
'subscribed_at' => current_time('mysql'),
]);
do_action('woonoow/notification/event', 'newsletter_subscribed_admin', 'staff', [
'email' => $email,
'user_id' => $user_id,
'subscribed_at' => current_time('mysql'),
]);
// Return HTML page for nice UX
$site_name = get_bloginfo('name');
$shop_url = wc_get_page_permalink('shop') ?: home_url();
$html = sprintf(
'<!DOCTYPE html><html><head><title>%s</title><style>body{font-family:system-ui,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;margin:0;background:#f5f5f5;}.box{background:white;padding:40px;border-radius:8px;text-align:center;box-shadow:0 2px 10px rgba(0,0,0,0.1);max-width:400px;}h1{color:#333;margin-bottom:16px;}p{color:#666;}a{display:inline-block;margin-top:20px;padding:12px 24px;background:#333;color:white;text-decoration:none;border-radius:6px;}</style></head><body><div class="box"><h1>✓ Confirmed!</h1><p>You are now subscribed to %s newsletter.</p><a href="%s">Continue Shopping</a></div></body></html>',
__('Subscription Confirmed', 'woonoow'),
esc_html($site_name),
esc_url($shop_url)
);
header('Content-Type: text/html; charset=utf-8');
echo $html;
exit;
}
// Dead code removed: send_welcome_email() - now handled via notification system
public static function get_subscribers(WP_REST_Request $request)
{
if (self::use_custom_table()) {
$result = SubscriberTable::get_all([
'per_page' => 100,
'page' => 1,
]);
return new WP_REST_Response([
'success' => true,
'data' => [
'subscribers' => $result['items'],
'count' => $result['total'],
],
], 200);
}
// Legacy: wp_options
$subscribers = get_option('woonoow_newsletter_subscribers', []);
return new WP_REST_Response([
'success' => true,
'data' => [
@@ -214,14 +460,15 @@ class NewsletterController {
],
], 200);
}
/**
* Handle unsubscribe request
*/
public static function unsubscribe(WP_REST_Request $request) {
public static function unsubscribe(WP_REST_Request $request)
{
$email = sanitize_email(urldecode($request->get_param('email')));
$token = sanitize_text_field($request->get_param('token'));
// Verify token
$expected_token = self::generate_unsubscribe_token($email);
if (!hash_equals($expected_token, $token)) {
@@ -230,31 +477,45 @@ class NewsletterController {
'message' => __('Invalid unsubscribe link', 'woonoow'),
], 400);
}
// Get subscribers
$subscribers = get_option('woonoow_newsletter_subscribers', []);
$found = false;
foreach ($subscribers as &$sub) {
if (isset($sub['email']) && $sub['email'] === $email) {
$sub['status'] = 'unsubscribed';
$sub['unsubscribed_at'] = current_time('mysql');
if (self::use_custom_table()) {
$existing = SubscriberTable::get_by_email($email);
if ($existing) {
SubscriberTable::update_by_email($email, [
'status' => 'unsubscribed',
'unsubscribed_at' => current_time('mysql'),
]);
$found = true;
break;
}
} else {
// Legacy: wp_options
$subscribers = get_option('woonoow_newsletter_subscribers', []);
foreach ($subscribers as &$sub) {
if (isset($sub['email']) && $sub['email'] === $email) {
$sub['status'] = 'unsubscribed';
$sub['unsubscribed_at'] = current_time('mysql');
$found = true;
break;
}
}
if ($found) {
update_option('woonoow_newsletter_subscribers', $subscribers);
}
}
if (!$found) {
return new WP_REST_Response([
'success' => false,
'message' => __('Email not found', 'woonoow'),
], 404);
}
update_option('woonoow_newsletter_subscribers', $subscribers);
do_action('woonoow_newsletter_unsubscribed', $email);
// Return HTML page for nice UX
$site_name = get_bloginfo('name');
$html = sprintf(
@@ -262,24 +523,26 @@ class NewsletterController {
__('Unsubscribed', 'woonoow'),
esc_html($site_name)
);
header('Content-Type: text/html; charset=utf-8');
echo $html;
exit;
}
/**
* Generate secure unsubscribe token
*/
private static function generate_unsubscribe_token($email) {
private static function generate_unsubscribe_token($email)
{
$secret = wp_salt('auth');
return hash_hmac('sha256', $email, $secret);
}
/**
* Generate unsubscribe URL for email templates
*/
public static function generate_unsubscribe_url($email) {
public static function generate_unsubscribe_url($email)
{
$token = self::generate_unsubscribe_token($email);
$base_url = rest_url('woonoow/v1/newsletter/unsubscribe');
return add_query_arg([
@@ -288,4 +551,3 @@ class NewsletterController {
], $base_url);
}
}