| 1 | <?php |
| 2 | /** |
| 3 | * Plugin Name: WP Asynchronous Tasks |
| 4 | * Version: 1.0 |
| 5 | * Description: Creates an abstract class to execute asynchronous tasks |
| 6 | * Author: 10up, Eric Mann, Luke Gedeon, John P. Bloch |
| 7 | * License: MIT |
| 8 | */ |
| 9 | |
| 10 | if ( ! class_exists( 'WP_Async_Task' ) ) { |
| 11 | abstract class WP_Async_Task { |
| 12 | |
| 13 | /** |
| 14 | * Constant identifier for a task that should be available to logged-in users |
| 15 | * |
| 16 | * See constructor documentation for more details. |
| 17 | */ |
| 18 | const LOGGED_IN = 1; |
| 19 | |
| 20 | /** |
| 21 | * Constant identifier for a task that should be available to logged-out users |
| 22 | * |
| 23 | * See constructor documentation for more details. |
| 24 | */ |
| 25 | const LOGGED_OUT = 2; |
| 26 | |
| 27 | /** |
| 28 | * Constant identifier for a task that should be available to all users regardless of auth status |
| 29 | * |
| 30 | * See constructor documentation for more details. |
| 31 | */ |
| 32 | const BOTH = 3; |
| 33 | |
| 34 | /** |
| 35 | * This is the argument count for the main action set in the constructor. It |
| 36 | * is set to an arbitrarily high value of twenty, but can be overridden if |
| 37 | * necessary |
| 38 | * |
| 39 | * @var int |
| 40 | */ |
| 41 | protected $argument_count = 20; |
| 42 | |
| 43 | /** |
| 44 | * Priority to fire intermediate action. |
| 45 | * |
| 46 | * @var int |
| 47 | */ |
| 48 | protected $priority = 10; |
| 49 | |
| 50 | /** |
| 51 | * @var string |
| 52 | */ |
| 53 | protected $action; |
| 54 | |
| 55 | /** |
| 56 | * @var array |
| 57 | */ |
| 58 | protected $_body_data; |
| 59 | |
| 60 | /** |
| 61 | * Constructor to wire up the necessary actions |
| 62 | * |
| 63 | * Which hooks the asynchronous postback happens on can be set by the |
| 64 | * $auth_level parameter. There are essentially three options: logged in users |
| 65 | * only, logged out users only, or both. Set this when you instantiate an |
| 66 | * object by using one of the three class constants to do so: |
| 67 | * - LOGGED_IN |
| 68 | * - LOGGED_OUT |
| 69 | * - BOTH |
| 70 | * $auth_level defaults to BOTH |
| 71 | * |
| 72 | * @throws Exception If the class' $action value hasn't been set |
| 73 | * |
| 74 | * @param int $auth_level The authentication level to use (see above) |
| 75 | */ |
| 76 | public function __construct( $auth_level = self::BOTH ) { |
| 77 | if ( empty( $this->action ) ) { |
| 78 | throw new Exception( 'Action not defined for class ' . __CLASS__ ); |
| 79 | } |
| 80 | add_action( $this->action, array( $this, 'launch' ), (int) $this->priority, (int) $this->argument_count ); |
| 81 | if ( $auth_level & self::LOGGED_IN ) { |
| 82 | add_action( "admin_post_wp_async_$this->action", array( $this, 'handle_postback' ) ); |
| 83 | } |
| 84 | if ( $auth_level & self::LOGGED_OUT ) { |
| 85 | add_action( "admin_post_nopriv_wp_async_$this->action", array( $this, 'handle_postback' ) ); |
| 86 | } |
| 87 | } |
| 88 | |
| 89 | /** |
| 90 | * Add the shutdown action for launching the real postback if we don't |
| 91 | * get an exception thrown by prepare_data(). |
| 92 | * |
| 93 | * @uses func_get_args() To grab any arguments passed by the action |
| 94 | */ |
| 95 | public function launch() { |
| 96 | $data = func_get_args(); |
| 97 | try { |
| 98 | $data = $this->prepare_data( $data ); |
| 99 | } catch ( Exception $e ) { |
| 100 | return; |
| 101 | } |
| 102 | |
| 103 | $data['action'] = "wp_async_$this->action"; |
| 104 | $data['_nonce'] = $this->create_async_nonce(); |
| 105 | |
| 106 | $this->_body_data = $data; |
| 107 | |
| 108 | if ( ! has_action( 'shutdown', array( $this, 'launch_on_shutdown' ) ) ) { |
| 109 | add_action( 'shutdown', array( $this, 'launch_on_shutdown' ) ); |
| 110 | } |
| 111 | } |
| 112 | |
| 113 | /** |
| 114 | * Launch the request on the WordPress shutdown hook |
| 115 | * |
| 116 | * On VIP we got into data races due to the postback sometimes completing |
| 117 | * faster than the data could propogate to the database server cluster. |
| 118 | * This made WordPress get empty data sets from the database without |
| 119 | * failing. On their advice, we're moving the actual firing of the async |
| 120 | * postback to the shutdown hook. Supposedly that will ensure that the |
| 121 | * data at least has time to get into the object cache. |
| 122 | * |
| 123 | * @uses $_COOKIE To send a cookie header for async postback |
| 124 | * @uses apply_filters() |
| 125 | * @uses admin_url() |
| 126 | * @uses wp_remote_post() |
| 127 | */ |
| 128 | public function launch_on_shutdown() { |
| 129 | if ( ! empty( $this->_body_data ) ) { |
| 130 | $cookies = array(); |
| 131 | foreach ( $_COOKIE as $name => $value ) { |
| 132 | $cookies[] = "$name=" . urlencode( is_array( $value ) ? serialize( $value ) : $value ); |
| 133 | } |
| 134 | |
| 135 | $request_args = array( |
| 136 | 'timeout' => 0.01, |
| 137 | 'blocking' => false, |
| 138 | 'sslverify' => apply_filters( 'https_local_ssl_verify', true ), |
| 139 | 'body' => $this->_body_data, |
| 140 | 'headers' => array( |
| 141 | 'cookie' => implode( '; ', $cookies ), |
| 142 | ), |
| 143 | ); |
| 144 | |
| 145 | $url = admin_url( 'admin-post.php' ); |
| 146 | |
| 147 | wp_remote_post( $url, $request_args ); |
| 148 | } |
| 149 | } |
| 150 | |
| 151 | /** |
| 152 | * Verify the postback is valid, then fire any scheduled events. |
| 153 | * |
| 154 | * @uses $_POST['_nonce'] |
| 155 | * @uses is_user_logged_in() |
| 156 | * @uses add_filter() |
| 157 | * @uses wp_die() |
| 158 | */ |
| 159 | public function handle_postback() { |
| 160 | if ( isset( $_POST['_nonce'] ) && $this->verify_async_nonce( $_POST['_nonce'] ) ) { |
| 161 | if ( ! is_user_logged_in() ) { |
| 162 | $this->action = "nopriv_$this->action"; |
| 163 | } |
| 164 | $this->run_action(); |
| 165 | } |
| 166 | |
| 167 | add_filter( 'wp_die_handler', function() { die(); } ); |
| 168 | wp_die(); |
| 169 | } |
| 170 | |
| 171 | /** |
| 172 | * Create a random, one time use token. |
| 173 | * |
| 174 | * Based entirely on wp_create_nonce() but does not tie the nonce to the |
| 175 | * current logged-in user. |
| 176 | * |
| 177 | * @uses wp_nonce_tick() |
| 178 | * @uses wp_hash() |
| 179 | * |
| 180 | * @return string The one-time use token |
| 181 | */ |
| 182 | protected function create_async_nonce() { |
| 183 | $action = $this->get_nonce_action(); |
| 184 | $i = wp_nonce_tick(); |
| 185 | |
| 186 | return substr( wp_hash( $i . $action . get_class( $this ), 'nonce' ), - 12, 10 ); |
| 187 | } |
| 188 | |
| 189 | /** |
| 190 | * Verify that the correct nonce was used within the time limit. |
| 191 | * |
| 192 | * @uses wp_nonce_tick() |
| 193 | * @uses wp_hash() |
| 194 | * |
| 195 | * @param string $nonce Nonce to be verified |
| 196 | * |
| 197 | * @return bool Whether the nonce check passed or failed |
| 198 | */ |
| 199 | protected function verify_async_nonce( $nonce ) { |
| 200 | $action = $this->get_nonce_action(); |
| 201 | $i = wp_nonce_tick(); |
| 202 | |
| 203 | // Nonce generated 0-12 hours ago |
| 204 | if ( substr( wp_hash( $i . $action . get_class( $this ), 'nonce' ), - 12, 10 ) == $nonce ) { |
| 205 | return 1; |
| 206 | } |
| 207 | |
| 208 | // Nonce generated 12-24 hours ago |
| 209 | if ( substr( wp_hash( ( $i - 1 ) . $action . get_class( $this ), 'nonce' ), - 12, 10 ) == $nonce ) { |
| 210 | return 2; |
| 211 | } |
| 212 | |
| 213 | // Invalid nonce |
| 214 | return false; |
| 215 | } |
| 216 | |
| 217 | /** |
| 218 | * Get a nonce action based on the $action property of the class |
| 219 | * |
| 220 | * @return string The nonce action for the current instance |
| 221 | */ |
| 222 | protected function get_nonce_action() { |
| 223 | $action = $this->action; |
| 224 | if ( substr( $action, 0, 7 ) === 'nopriv_' ) { |
| 225 | $action = substr( $action, 7 ); |
| 226 | } |
| 227 | $action = "wp_async_$action"; |
| 228 | return $action; |
| 229 | } |
| 230 | |
| 231 | /** |
| 232 | * Prepare any data to be passed to the asynchronous postback |
| 233 | * |
| 234 | * The array this function receives will be a numerically keyed array from |
| 235 | * func_get_args(). It is expected that you will return an associative array |
| 236 | * so that the $_POST values used in the asynchronous call will make sense. |
| 237 | * |
| 238 | * The array you send back may or may not have anything to do with the data |
| 239 | * passed into this method. It all depends on the implementation details and |
| 240 | * what data is needed in the asynchronous postback. |
| 241 | * |
| 242 | * Do not set values for 'action' or '_nonce', as those will get overwritten |
| 243 | * later in launch(). |
| 244 | * |
| 245 | * @throws Exception If the postback should not occur for any reason |
| 246 | * |
| 247 | * @param array $data The raw data received by the launch method |
| 248 | * |
| 249 | * @return array The prepared data |
| 250 | */ |
| 251 | abstract protected function prepare_data( $data ); |
| 252 | |
| 253 | /** |
| 254 | * Run the do_action function for the asynchronous postback. |
| 255 | * |
| 256 | * This method needs to fetch and sanitize any and all data from the $_POST |
| 257 | * superglobal and provide them to the do_action call. |
| 258 | * |
| 259 | * The action should be constructed as "wp_async_task_$this->action" |
| 260 | */ |
| 261 | abstract protected function run_action(); |
| 262 | |
| 263 | } |
| 264 | |
| 265 | } |
| 266 | |