kilbot
commented
8 years ago An oAuth layer may be too much work for a 1.0 release, but it should be kept in mind for the API architecture.
Open kilbot opened 8 years ago
kilbot
commented
8 years ago An oAuth layer may be too much work for a 1.0 release, but it should be kept in mind for the API architecture.
REST API
Extend WP_REST_Controller to create endpoints for the license manager, eg:
register_rest_route( 'wc-slm/v1', '/licenses/(?P<id>\d+)', ...CREATE- (admin/woocommerce only) create new license key with user id, order id etcREAD- show license info, admin sees all, users see their own with filters for order id etcUPDATE- (admin/woocommerce only) edit license info, upgrades etcDELETE- (admin/woocommerce only) remove licenseregister_rest_route( 'wc-slm/v1', '/licenses/(?P<id>\d+)/activation/', ...CREATE- activate licenseREAD- license statusUPDATE- update domainDELETE- remove activationregister_rest_route( 'wc-slm/v1', '/licenses/(?P<id>\d+)/software/(?P<id>\d+)/', ...CREATE- (admin/woocommerce only) add software to licenseREAD- software info with expiring download linkUPDATE- (admin/woocommerce only) update software infoDELETE- (admin/woocommerce only) remove software from licenseNote: The infrastructure for the WP REST API is coming soon to WordPress core, in the meantime the WP REST API plugin will be required.
oAuth 2.0
Most SLM plugins do not have an authentication layer. If you have access to a valid license key it is usually fairly trivial to spoof requests to the license manager. Adding oAuth 2.0 is a 'belt and suspenders' approach for securing software license requests.
The above graphic is taken from the StrongLoop API Gateway, it shows the auth layer separate from the license manager, in the case of WC SLM this would be on the same server. The auth layer would eventually be handled by WordPress core but in the meantime we could roll our own based on WP OAuth Server or directly using a PHP oAuth library.
The StrongLoop API Gateway shows an interesting example of how an authentication and caching service could be made in Node.js for Pro (ie: high volume) users who want to improve performance.
License data storage
Create a custom post type for software licenses. Each license is a WP_Post attached to a user id. The slug can be used for the license key (with uniqueness test). The status field can be used for license status, eg: active, inactive, expired, trial etc. Comments can be used to log license events. Post meta can be used for everything else, eg: expiry date.
Software storage
The software can be stored on the server as a WooCommerce digital download.
Simple PHP library for end users
A single file library is required for end users to drop into their plugin or theme. The library should expose simple methods for interacting with the license server, eg: activation/deactivation. It will also need to hook into the WordPress Plugin API to handle software updates.
Integrations
Integration with WooCommerce Subscriptions is required.
Migration
Easy migration from WooCommerce API Manager is required.