-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathCryptAPI.php
More file actions
187 lines (156 loc) · 6.72 KB
/
Copy pathCryptAPI.php
File metadata and controls
187 lines (156 loc) · 6.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
<?php
/*
Plugin Name: CryptAPI Payment Gateway for WooCommerce
Plugin URI: https://github.com/cryptapi/woocommerce-cryptapi
Description: Accept cryptocurrency payments on your WooCommerce website
Version: 5.2.1
Requires at least: 5.8
Tested up to: 6.9.4
WC requires at least: 5.8
WC tested up to: 10.7.0
Requires PHP: 7.2
Author: cryptapi
Author URI: https://cryptapi.io/
License: MIT
Text Domain: cryptapi
Domain Path: /languages
*/
if (!defined('ABSPATH')) {
exit; // Exit if accessed directly.
}
define('CRYPTAPI_PLUGIN_VERSION', '5.2.1');
define('CRYPTAPI_PLUGIN_PATH', plugin_dir_path(__FILE__));
define('CRYPTAPI_PLUGIN_URL', plugin_dir_url(__FILE__));
spl_autoload_register(function ($class) {
$prefix = 'CryptAPI\\';
$base_dir = __DIR__ . '/';
$len = strlen($prefix);
if (strncmp($prefix, $class, $len) !== 0) {
return;
}
$relative_class = substr($class, $len);
$file = $base_dir . str_replace('\\', '/', $relative_class) . '.php';
if (file_exists($file)) {
require $file;
}
});
add_action('init', function () {
load_plugin_textdomain('cryptapi', false, dirname(plugin_basename(__FILE__)) . '/languages');
}, 1);
add_action('plugins_loaded', function () {
if (!class_exists('WooCommerce')) {
add_action('admin_notices', function () {
echo '<div class="error"><p><strong>' . sprintf(esc_html__('CryptAPI requires WooCommerce to be installed and active. You can download %s here.', 'cryptapi'), '<a href="https://woocommerce.com/" target="_blank">WooCommerce</a>') . '</strong></p></div>';
});
return;
}
if (!extension_loaded('bcmath')) {
add_action('admin_notices', function () {
echo '<div class="error"><p><strong>' . sprintf(esc_html__('CryptAPI requires PHP\'s BCMath extension. You can know more about it %s.', 'cryptapi'), '<a href="https://www.php.net/manual/en/book.bc.php" target="_blank">here</a>') . '</strong></p></div>';
});
return;
}
$register = new \CryptAPI\Register();
$register->register();
$initialize = new \CryptAPI\Initialize();
$initialize->initialize();
// Instantiate the gateway on `init` (not `plugins_loaded`) so that __() calls
// inside the constructor and init_form_fields() run after the textdomain is
// available. WP 6.7+ refuses to JIT-load translations before `init`.
add_action('init', function () {
new \CryptAPI\Controllers\WC_CryptAPI_Gateway();
}, 5);
});
add_filter('cron_schedules', function ($schedules) {
// Frequent interval so the order-cancellation timeout (as short as 15 min)
// is honoured promptly. The cron body is a single lightweight
// wc_get_orders() query, so a 60s cadence is cheap.
$schedules['cryptapi_interval'] = array(
'interval' => 60,
'display' => esc_html__('CryptAPI Interval', 'cryptapi'),
);
return $schedules;
});
register_activation_hook(__FILE__, function () {
if (!wp_next_scheduled('cryptapi_cronjob')) {
wp_schedule_event(time(), 'cryptapi_interval', 'cryptapi_cronjob');
}
});
register_deactivation_hook(__FILE__, function () {
wp_clear_scheduled_hook('cryptapi_cronjob');
});
use Automattic\WooCommerce\Utilities\FeaturesUtil;
// Declare compatibility with WooCommerce features
add_action('before_woocommerce_init', function () {
if (class_exists(FeaturesUtil::class)) {
FeaturesUtil::declare_compatibility('custom_order_tables', __FILE__, true);
FeaturesUtil::declare_compatibility('cart_checkout_blocks', __FILE__, true);
}
});
// Register minimum endpoint to be used in the blocks
add_action('rest_api_init', function () {
register_rest_route('cryptapi/v1', '/get-minimum', array(
'methods' => 'POST',
'callback' => 'cryptapi_get_minimum',
'permission_callback' => 'cryptapi_verify_nonce',
));
register_rest_route('cryptapi/v1', '/update-coin', array(
'methods' => 'POST',
'callback' => 'cryptapi_update_coin',
'permission_callback' => 'cryptapi_verify_nonce',
));
});
function cryptapi_verify_nonce(WP_REST_Request $request) {
// The wp_rest nonce is the real CSRF control here. The previous
// Origin === home_url() check was dropped: it was spoofable (non-browser
// clients set any Origin) and it broke sub-directory installs, where the
// browser Origin (scheme+host, no path) never equals home_url().
$nonce = $request->get_header('X-WP-Nonce');
return (bool) wp_verify_nonce($nonce, 'wp_rest');
}
function cryptapi_get_minimum(WP_REST_Request $request) {
$coin = sanitize_text_field($request->get_param('coin'));
$fiat = sanitize_text_field($request->get_param('fiat'));
$value = sanitize_text_field($request->get_param('value'));
// Only allow currently-supported coins: $coin flows into an outbound API
// URL path, so never forward an arbitrary caller-supplied string.
if (!$coin || !array_key_exists($coin, \CryptAPI\Controllers\WC_CryptAPI_Gateway::load_coins())) {
return new WP_REST_Response(['status' => 'error'], 400);
}
try {
$convert = (float) \CryptAPI\Utils\Api::get_conversion($fiat, $coin, (string) $value, false);
$minimum = (float) \CryptAPI\Utils\Api::get_info($coin)->minimum_transaction_coin;
if ($convert > $minimum) {
return new WP_REST_Response(['status' => 'success'], 200);
} else {
return new WP_REST_Response(['status' => 'error'], 200);
}
} catch (Exception $e) {
return new WP_REST_Response(['status' => 'error'], 500);
}
}
function cryptapi_update_coin(WP_REST_Request $request) {
$coin = sanitize_text_field($request->get_param('coin'));
$selected = $request->get_param('selected', false);
// Ensure WooCommerce session is available
if (!WC()->session) {
$session_handler = new \WC_Session_Handler();
$session_handler->init();
WC()->session = $session_handler;
}
if (!$selected) {
WC()->session->set('cryptapi_coin', 'none');
WC()->session->set('chosen_payment_method', '');
return new WP_REST_Response(['success' => true, 'coin' => $coin], 200);
}
// Only accept 'none' or a currently-supported coin; never store an
// arbitrary caller-supplied string in the session — it later flows into
// fee estimation (handling_fee) and outbound API calls.
if ($coin !== 'none' && !array_key_exists($coin, \CryptAPI\Controllers\WC_CryptAPI_Gateway::load_coins())) {
return new WP_REST_Response(['error' => 'Invalid coin'], 400);
}
// Set the session value
WC()->session->set('cryptapi_coin', $coin);
WC()->session->set('chosen_payment_method', 'cryptapi');
return new WP_REST_Response(['success' => true, 'coin' => $coin], 200);
}