feat: Implement standalone admin at /admin with custom login page and auth system
This commit is contained in:
dwindown
114
includes/Api/AuthController.php
Normal file
114
includes/Api/AuthController.php
Normal file
@@ -0,0 +1,114 @@
|
||||
<?php
|
||||
namespace WooNooW\Api;
|
||||
|
||||
use WP_REST_Request;
|
||||
use WP_REST_Response;
|
||||
use WP_Error;
|
||||
|
||||
/**
|
||||
* Authentication Controller for Standalone Admin
|
||||
*
|
||||
* Handles login, logout, and auth status checks for the standalone admin interface.
|
||||
*
|
||||
* @package WooNooW\Api
|
||||
*/
|
||||
class AuthController {
|
||||
|
||||
/**
|
||||
* Login endpoint for standalone admin
|
||||
*
|
||||
* @param WP_REST_Request $request Request object
|
||||
* @return WP_REST_Response Response object
|
||||
*/
|
||||
public static function login( WP_REST_Request $request ): WP_REST_Response {
|
||||
$username = sanitize_text_field( $request->get_param( 'username' ) );
|
||||
$password = $request->get_param( 'password' );
|
||||
|
||||
if ( empty( $username ) || empty( $password ) ) {
|
||||
return new WP_REST_Response( [
|
||||
'success' => false,
|
||||
'message' => __( 'Username and password are required', 'woonoow' ),
|
||||
], 400 );
|
||||
}
|
||||
|
||||
// Authenticate user
|
||||
$user = wp_authenticate( $username, $password );
|
||||
|
||||
if ( is_wp_error( $user ) ) {
|
||||
return new WP_REST_Response( [
|
||||
'success' => false,
|
||||
'message' => __( 'Invalid username or password', 'woonoow' ),
|
||||
], 401 );
|
||||
}
|
||||
|
||||
// Check if user has WooCommerce permissions
|
||||
if ( ! user_can( $user, 'manage_woocommerce' ) ) {
|
||||
return new WP_REST_Response( [
|
||||
'success' => false,
|
||||
'message' => __( 'You do not have permission to access this area', 'woonoow' ),
|
||||
], 403 );
|
||||
}
|
||||
|
||||
// Set auth cookie
|
||||
wp_set_auth_cookie( $user->ID, true );
|
||||
|
||||
// Return user data and new nonce
|
||||
return new WP_REST_Response( [
|
||||
'success' => true,
|
||||
'user' => [
|
||||
'id' => $user->ID,
|
||||
'name' => $user->display_name,
|
||||
'email' => $user->user_email,
|
||||
'avatar' => get_avatar_url( $user->ID ),
|
||||
],
|
||||
'nonce' => wp_create_nonce( 'wp_rest' ),
|
||||
], 200 );
|
||||
}
|
||||
|
||||
/**
|
||||
* Logout endpoint
|
||||
*
|
||||
* @return WP_REST_Response Response object
|
||||
*/
|
||||
public static function logout(): WP_REST_Response {
|
||||
wp_logout();
|
||||
|
||||
return new WP_REST_Response( [
|
||||
'success' => true,
|
||||
'message' => __( 'Logged out successfully', 'woonoow' ),
|
||||
], 200 );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check auth status
|
||||
*
|
||||
* @return WP_REST_Response Response object
|
||||
*/
|
||||
public static function check(): WP_REST_Response {
|
||||
if ( ! is_user_logged_in() ) {
|
||||
return new WP_REST_Response( [
|
||||
'authenticated' => false,
|
||||
], 200 );
|
||||
}
|
||||
|
||||
$user = wp_get_current_user();
|
||||
|
||||
// Check WooCommerce permission
|
||||
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
||||
return new WP_REST_Response( [
|
||||
'authenticated' => false,
|
||||
'message' => __( 'Insufficient permissions', 'woonoow' ),
|
||||
], 200 );
|
||||
}
|
||||
|
||||
return new WP_REST_Response( [
|
||||
'authenticated' => true,
|
||||
'user' => [
|
||||
'id' => $user->ID,
|
||||
'name' => $user->display_name,
|
||||
'email' => $user->user_email,
|
||||
'avatar' => get_avatar_url( $user->ID ),
|
||||
],
|
||||
], 200 );
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user