dwindown/WooNooW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Trust PHP auth check, skip redundant REST API call

Browse Source
This commit is contained in:
dwindown
2025-11-04 23:28:03 +07:00
parent e8e380231e
commit 8a0f2e581e
3 changed files with 36 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
includes/Api/AuthController.php
View File

@@ -85,9 +85,18 @@ class AuthController {
* @return WP_REST_Response Response object
*/
public static function check(): WP_REST_Response {
if ( ! is_user_logged_in() ) {
$is_logged_in = is_user_logged_in();
// Debug logging
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[AuthController::check] is_user_logged_in: ' . ( $is_logged_in ? 'true' : 'false' ) );
error_log( '[AuthController::check] Cookies: ' . print_r( $_COOKIE, true ) );
}
if ( ! $is_logged_in ) {
return new WP_REST_Response( [
'authenticated' => false,
'debug' => 'Not logged in',
], 200 );
}
@@ -98,6 +107,7 @@ class AuthController {
return new WP_REST_Response( [
'authenticated' => false,
'message' => __( 'Insufficient permissions', 'woonoow' ),
'debug' => 'No manage_woocommerce permission',
], 200 );
}