| | 1 | <?php |
| | 2 | /** |
| | 3 | * Plugin Name: WP Asynchronous Tasks |
| | 4 | * Version: 1.0 |
| | 5 | * Description: Creates an abstract class to execute asynchronous tasks |
| | 6 | * Author: 10up, Eric Mann, Luke Gedeon, John P. Bloch |
| | 7 | * License: MIT |
| | 8 | */ |
| | 9 | |
| | 10 | if ( ! class_exists( 'WP_Async_Task' ) ) { |
| | 11 | abstract class WP_Async_Task { |
| | 12 | |
| | 13 | /** |
| | 14 | * Constant identifier for a task that should be available to logged-in users |
| | 15 | * |
| | 16 | * See constructor documentation for more details. |
| | 17 | */ |
| | 18 | const LOGGED_IN = 1; |
| | 19 | |
| | 20 | /** |
| | 21 | * Constant identifier for a task that should be available to logged-out users |
| | 22 | * |
| | 23 | * See constructor documentation for more details. |
| | 24 | */ |
| | 25 | const LOGGED_OUT = 2; |
| | 26 | |
| | 27 | /** |
| | 28 | * Constant identifier for a task that should be available to all users regardless of auth status |
| | 29 | * |
| | 30 | * See constructor documentation for more details. |
| | 31 | */ |
| | 32 | const BOTH = 3; |
| | 33 | |
| | 34 | /** |
| | 35 | * This is the argument count for the main action set in the constructor. It |
| | 36 | * is set to an arbitrarily high value of twenty, but can be overridden if |
| | 37 | * necessary |
| | 38 | * |
| | 39 | * @var int |
| | 40 | */ |
| | 41 | protected $argument_count = 20; |
| | 42 | |
| | 43 | /** |
| | 44 | * Priority to fire intermediate action. |
| | 45 | * |
| | 46 | * @var int |
| | 47 | */ |
| | 48 | protected $priority = 10; |
| | 49 | |
| | 50 | /** |
| | 51 | * @var string |
| | 52 | */ |
| | 53 | protected $action; |
| | 54 | |
| | 55 | /** |
| | 56 | * @var array |
| | 57 | */ |
| | 58 | protected $_body_data; |
| | 59 | |
| | 60 | /** |
| | 61 | * Constructor to wire up the necessary actions |
| | 62 | * |
| | 63 | * Which hooks the asynchronous postback happens on can be set by the |
| | 64 | * $auth_level parameter. There are essentially three options: logged in users |
| | 65 | * only, logged out users only, or both. Set this when you instantiate an |
| | 66 | * object by using one of the three class constants to do so: |
| | 67 | * - LOGGED_IN |
| | 68 | * - LOGGED_OUT |
| | 69 | * - BOTH |
| | 70 | * $auth_level defaults to BOTH |
| | 71 | * |
| | 72 | * @throws Exception If the class' $action value hasn't been set |
| | 73 | * |
| | 74 | * @param int $auth_level The authentication level to use (see above) |
| | 75 | */ |
| | 76 | public function __construct( $auth_level = self::BOTH ) { |
| | 77 | if ( empty( $this->action ) ) { |
| | 78 | throw new Exception( 'Action not defined for class ' . __CLASS__ ); |
| | 79 | } |
| | 80 | add_action( $this->action, array( $this, 'launch' ), (int) $this->priority, (int) $this->argument_count ); |
| | 81 | if ( $auth_level & self::LOGGED_IN ) { |
| | 82 | add_action( "admin_post_wp_async_$this->action", array( $this, 'handle_postback' ) ); |
| | 83 | } |
| | 84 | if ( $auth_level & self::LOGGED_OUT ) { |
| | 85 | add_action( "admin_post_nopriv_wp_async_$this->action", array( $this, 'handle_postback' ) ); |
| | 86 | } |
| | 87 | } |
| | 88 | |
| | 89 | /** |
| | 90 | * Add the shutdown action for launching the real postback if we don't |
| | 91 | * get an exception thrown by prepare_data(). |
| | 92 | * |
| | 93 | * @uses func_get_args() To grab any arguments passed by the action |
| | 94 | */ |
| | 95 | public function launch() { |
| | 96 | $data = func_get_args(); |
| | 97 | try { |
| | 98 | $data = $this->prepare_data( $data ); |
| | 99 | } catch ( Exception $e ) { |
| | 100 | return; |
| | 101 | } |
| | 102 | |
| | 103 | $data['action'] = "wp_async_$this->action"; |
| | 104 | $data['_nonce'] = $this->create_async_nonce(); |
| | 105 | |
| | 106 | $this->_body_data = $data; |
| | 107 | |
| | 108 | if ( ! has_action( 'shutdown', array( $this, 'launch_on_shutdown' ) ) ) { |
| | 109 | add_action( 'shutdown', array( $this, 'launch_on_shutdown' ) ); |
| | 110 | } |
| | 111 | } |
| | 112 | |
| | 113 | /** |
| | 114 | * Launch the request on the WordPress shutdown hook |
| | 115 | * |
| | 116 | * On VIP we got into data races due to the postback sometimes completing |
| | 117 | * faster than the data could propogate to the database server cluster. |
| | 118 | * This made WordPress get empty data sets from the database without |
| | 119 | * failing. On their advice, we're moving the actual firing of the async |
| | 120 | * postback to the shutdown hook. Supposedly that will ensure that the |
| | 121 | * data at least has time to get into the object cache. |
| | 122 | * |
| | 123 | * @uses $_COOKIE To send a cookie header for async postback |
| | 124 | * @uses apply_filters() |
| | 125 | * @uses admin_url() |
| | 126 | * @uses wp_remote_post() |
| | 127 | */ |
| | 128 | public function launch_on_shutdown() { |
| | 129 | if ( ! empty( $this->_body_data ) ) { |
| | 130 | $cookies = array(); |
| | 131 | foreach ( $_COOKIE as $name => $value ) { |
| | 132 | $cookies[] = "$name=" . urlencode( is_array( $value ) ? serialize( $value ) : $value ); |
| | 133 | } |
| | 134 | |
| | 135 | $request_args = array( |
| | 136 | 'timeout' => 0.01, |
| | 137 | 'blocking' => false, |
| | 138 | 'sslverify' => apply_filters( 'https_local_ssl_verify', true ), |
| | 139 | 'body' => $this->_body_data, |
| | 140 | 'headers' => array( |
| | 141 | 'cookie' => implode( '; ', $cookies ), |
| | 142 | ), |
| | 143 | ); |
| | 144 | |
| | 145 | $url = admin_url( 'admin-post.php' ); |
| | 146 | |
| | 147 | wp_remote_post( $url, $request_args ); |
| | 148 | } |
| | 149 | } |
| | 150 | |
| | 151 | /** |
| | 152 | * Verify the postback is valid, then fire any scheduled events. |
| | 153 | * |
| | 154 | * @uses $_POST['_nonce'] |
| | 155 | * @uses is_user_logged_in() |
| | 156 | * @uses add_filter() |
| | 157 | * @uses wp_die() |
| | 158 | */ |
| | 159 | public function handle_postback() { |
| | 160 | if ( isset( $_POST['_nonce'] ) && $this->verify_async_nonce( $_POST['_nonce'] ) ) { |
| | 161 | if ( ! is_user_logged_in() ) { |
| | 162 | $this->action = "nopriv_$this->action"; |
| | 163 | } |
| | 164 | $this->run_action(); |
| | 165 | } |
| | 166 | |
| | 167 | add_filter( 'wp_die_handler', function() { die(); } ); |
| | 168 | wp_die(); |
| | 169 | } |
| | 170 | |
| | 171 | /** |
| | 172 | * Create a random, one time use token. |
| | 173 | * |
| | 174 | * Based entirely on wp_create_nonce() but does not tie the nonce to the |
| | 175 | * current logged-in user. |
| | 176 | * |
| | 177 | * @uses wp_nonce_tick() |
| | 178 | * @uses wp_hash() |
| | 179 | * |
| | 180 | * @return string The one-time use token |
| | 181 | */ |
| | 182 | protected function create_async_nonce() { |
| | 183 | $action = $this->get_nonce_action(); |
| | 184 | $i = wp_nonce_tick(); |
| | 185 | |
| | 186 | return substr( wp_hash( $i . $action . get_class( $this ), 'nonce' ), - 12, 10 ); |
| | 187 | } |
| | 188 | |
| | 189 | /** |
| | 190 | * Verify that the correct nonce was used within the time limit. |
| | 191 | * |
| | 192 | * @uses wp_nonce_tick() |
| | 193 | * @uses wp_hash() |
| | 194 | * |
| | 195 | * @param string $nonce Nonce to be verified |
| | 196 | * |
| | 197 | * @return bool Whether the nonce check passed or failed |
| | 198 | */ |
| | 199 | protected function verify_async_nonce( $nonce ) { |
| | 200 | $action = $this->get_nonce_action(); |
| | 201 | $i = wp_nonce_tick(); |
| | 202 | |
| | 203 | // Nonce generated 0-12 hours ago |
| | 204 | if ( substr( wp_hash( $i . $action . get_class( $this ), 'nonce' ), - 12, 10 ) == $nonce ) { |
| | 205 | return 1; |
| | 206 | } |
| | 207 | |
| | 208 | // Nonce generated 12-24 hours ago |
| | 209 | if ( substr( wp_hash( ( $i - 1 ) . $action . get_class( $this ), 'nonce' ), - 12, 10 ) == $nonce ) { |
| | 210 | return 2; |
| | 211 | } |
| | 212 | |
| | 213 | // Invalid nonce |
| | 214 | return false; |
| | 215 | } |
| | 216 | |
| | 217 | /** |
| | 218 | * Get a nonce action based on the $action property of the class |
| | 219 | * |
| | 220 | * @return string The nonce action for the current instance |
| | 221 | */ |
| | 222 | protected function get_nonce_action() { |
| | 223 | $action = $this->action; |
| | 224 | if ( substr( $action, 0, 7 ) === 'nopriv_' ) { |
| | 225 | $action = substr( $action, 7 ); |
| | 226 | } |
| | 227 | $action = "wp_async_$action"; |
| | 228 | return $action; |
| | 229 | } |
| | 230 | |
| | 231 | /** |
| | 232 | * Prepare any data to be passed to the asynchronous postback |
| | 233 | * |
| | 234 | * The array this function receives will be a numerically keyed array from |
| | 235 | * func_get_args(). It is expected that you will return an associative array |
| | 236 | * so that the $_POST values used in the asynchronous call will make sense. |
| | 237 | * |
| | 238 | * The array you send back may or may not have anything to do with the data |
| | 239 | * passed into this method. It all depends on the implementation details and |
| | 240 | * what data is needed in the asynchronous postback. |
| | 241 | * |
| | 242 | * Do not set values for 'action' or '_nonce', as those will get overwritten |
| | 243 | * later in launch(). |
| | 244 | * |
| | 245 | * @throws Exception If the postback should not occur for any reason |
| | 246 | * |
| | 247 | * @param array $data The raw data received by the launch method |
| | 248 | * |
| | 249 | * @return array The prepared data |
| | 250 | */ |
| | 251 | abstract protected function prepare_data( $data ); |
| | 252 | |
| | 253 | /** |
| | 254 | * Run the do_action function for the asynchronous postback. |
| | 255 | * |
| | 256 | * This method needs to fetch and sanitize any and all data from the $_POST |
| | 257 | * superglobal and provide them to the do_action call. |
| | 258 | * |
| | 259 | * The action should be constructed as "wp_async_task_$this->action" |
| | 260 | */ |
| | 261 | abstract protected function run_action(); |
| | 262 | |
| | 263 | } |
| | 264 | |
| | 265 | } |
| | 266 | |