Automattic\WooCommerce\Internal\MCP\Transport

WooCommerceRestTransport::validate_request │ public │ WC 1.0

Validate the MCP request using standalone authentication.

Метод класса: WooCommerceRestTransport{}

Возвращает

true|false|\WP_Error. True if allowed, WP_Error if not.

Использование

$WooCommerceRestTransport = new WooCommerceRestTransport();
$WooCommerceRestTransport->validate_request( $request );

$request(WP_REST_Request) (обязательный)

The REST request object.

Код WooCommerceRestTransport::validate_request() WooCommerceRestTransport::validate request ^{WC 10.3.4}

public function validate_request( \WP_REST_Request $request ) {
	// Require TLS by default; allow explicit opt-in for non-SSL (e.g., local dev).
	/**
	 * Filter to allow insecure transport for MCP requests.
	 *
	 * @since 10.3.0
	 * @param bool             $allowed Whether to allow insecure transport.
	 * @param \WP_REST_Request $request The REST request object.
	 */
	if ( ! is_ssl() && ! apply_filters( 'woocommerce_mcp_allow_insecure_transport', false, $request ) ) {
		return new \WP_Error(
			'insecure_transport',
			__( 'HTTPS is required for MCP requests.', 'woocommerce' ),
			array( 'status' => 403 )
		);
	}

	// Get X-MCP-API-Key header.
	$api_key = $request->get_header( 'X-MCP-API-Key' );

	if ( empty( $api_key ) ) {
		return new \WP_Error(
			'missing_api_key',
			__( 'X-MCP-API-Key header required. Format: consumer_key:consumer_secret', 'woocommerce' ),
			array( 'status' => 401 )
		);
	}

	if ( strpos( $api_key, ':' ) === false ) {
		return new \WP_Error(
			'invalid_api_key',
			__( 'X-MCP-API-Key must be in format consumer_key:consumer_secret', 'woocommerce' ),
			array( 'status' => 401 )
		);
	}

	list( $consumer_key, $consumer_secret ) = explode( ':', $api_key, 2 );

	// Use our standalone authentication method.
	$result = $this->authenticate( $consumer_key, $consumer_secret );

	if ( is_wp_error( $result ) ) {
		return $result;
	}

	return true;
}