wpcomsh: add /wp/v2/streaming-export REST endpoint#47838
Draft
wpcomsh: add /wp/v2/streaming-export REST endpoint#47838
Conversation
Contributor
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
Contributor
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 🔴 Action required: Please include detailed testing steps, explaining how to test your change, like so: 🔴 Action required: We would recommend that you add a section to the PR description to specify whether this PR includes any changes to data or privacy, like so: Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! Jetpack plugin: No scheduled milestone found for this plugin. If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. Wpcomsh plugin:
If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. |
github-actions
bot
added
the
[Status] Needs Author Reply
Code Coverage SummaryCoverage changed in 2 files.
2 files are newly checked for coverage.
Full summary · PHP report · JS report Coverage check overridden by
Covered by non-unit tests
|
adamziel
changed the title
github-actions
bot
added
[Status] In Progress
[Plugin] Jetpack
adamziel
force-pushed
the
adamziel/wpcomsh-pr-1927
branch
2 times, most recently
from
5546260 to
37efb90
Compare
adamziel
added
the
Covered by non-unit tests
Adds a feature plugin that responds to `?site-export-api` in the URL. When a valid WordPress.com OAuth Bearer token is provided, it returns a JSON authorization confirmation. This is the authentication handshake for an upcoming site export API integration. Reproduces Automattic/wpcomsh#1927 in the Jetpack monorepo.
…EST route Instead of intercepting ?site-export-api requests and manually validating OAuth tokens against the WPCOM /me endpoint, register a proper WordPress REST API route at /wp/v2/streaming-export. Authorization uses is_super_admin() so only network administrators (mapped from the WPCOM connected user) can access the endpoint.
The /wp/v2/streaming-export REST route now only registers when the "streaming-export" Jetpack module is active. Admins can toggle it from wp-admin → Jetpack → Modules. Off by default.
The /wp/v2/streaming-export route now serves the full streaming export API from the streaming-exporter package. Super admins can use it to run preflight checks, index files, fetch files, index databases, and stream SQL chunks – everything a migration client needs to pull a complete site copy.
Replace the hand-rolled endpoint dispatch with the library's own _site_export_handle_api_request(), which handles config parsing, cursor decoding, error handling, and endpoint routing. The wpcomsh integration supplies a custom authenticate callback (is_super_admin) so requests through the WPCOM REST API proxy work without HMAC. The ?site-export-api query parameter triggers the export handler on parse_request, gated behind the streaming-export Jetpack module. The rotate-secret REST route remains for secret management.
- Pin streaming-site-migration to ^0.1.19 (CI rejects dev-trunk) - Add production-include lines in .gitattributes for all transitive wp-php-toolkit/* dependencies - Fix Jetpack changelog type: "added" is not valid, use "other" - Add JSON_FORCE_OBJECT flag to wp_send_json() call (PHPCS requirement)
The streaming-importer package bundles its own WP_Error and other WordPress class stubs for standalone usage. When Phan sees both these stubs and the canonical wordpress-stubs, it reports 216 PhanRedefinedClassReference errors. Excluding the files from analysis fixes the conflict.
…porter packages Instead of depending on the monolith wp-php-toolkit/streaming-site-migration package (hosted on a personal fork), depend directly on the released wp-php-toolkit/streaming-exporter and wp-php-toolkit/streaming-importer packages from packagist. The request-handling and HMAC auth logic from streaming-site-migration's wordpress-plugin/lib.php is inlined into site-export-api.php so the monolith is no longer needed.
Verifies that the ?site-export-api handler and the rotate-secret REST route only activate when the streaming-export Jetpack module is enabled. Also covers permission enforcement (super-admin only) and secret rotation/storage.
PHPCS: sanitize $_SERVER reads with wp_unslash/sanitize_text_field, add phpcs:disable for $_FILES nonce verification (auth is via HMAC), replace short ternary, add @throws tag, fix single-line array. Tests: reset REST server between tests so route registration works correctly, skip module-inactive tests on WP.com where modules are always active, guard against missing array keys.
PHPCS: add missing @throws InvalidArgumentException tag. Tests: skip route-dependent tests when Jetpack class is not loaded (WP Cloud test site doesn't load the Jetpack megaclass).
Add Jetpack.Functions.JsonEncodeFlags.Missing and WordPress.PHP.IniSet.Risky to phpcs:ignore comments. These json_encode calls are in error/exception handlers where adding flags would change the error response format, and ini_set is needed to prevent HTML error output from corrupting JSON responses.
The Gridicon bulk import resolves to a module namespace object in Vitest, causing "Element type is invalid" in the annotation popover close button. Switch to the individual icon import that the rest of the monorepo uses. Remove the stale SiteExportApiTest.php phan baseline entry — the underlying issues were already fixed in earlier commits.
… functions Cover secret management, HMAC verification, header helpers, permission callbacks, and the rotate-secret callback. Mark the three exit()-calling functions with @codeCoverageIgnore since they cannot be unit-tested without process isolation.
Add assertNotNull() before assertStringContainsString() in HMAC verification tests since _site_export_verify_hmac() returns ?string and phan requires a non-nullable argument.
…nches Add test for content hash mismatch detection in HMAC verification. Mark the $_FILES upload branch and getallheaders() inner loop with codeCoverageIgnore since they require real PHP upload state and HTTP headers respectively, neither of which can be simulated in unit tests.
Replace the inlined HMAC verification code with the new Site_Export_HMAC_Server class that ships in streaming-exporter v0.1.23. This removes ~100 lines of duplicated auth logic (verify_hmac, get_header) and the corresponding test helpers, replacing them with direct calls to the package's verify() method.
Replace the ~170 lines of inlined request handling (error handlers, config parsing, cursor decoding, budget creation, endpoint switch) with Site_Export_HTTP_Server::handle_request() from streaming-exporter v0.1.24. The wpcomsh integration now only handles the concerns specific to the WordPress environment: CORS headers, HMAC authentication, SECRET_KEY bridging, and loading the exporter runtime.
Separate the $server assignment from the $headers group with a blank line so PHPCS doesn't try to align them with the longer $headers['X-Auth-Timestamp'] key.
Remove the Access-Control-Allow-Credentials header since HMAC auth uses custom headers, not cookies, and a wildcard origin with credentials is invalid per the Fetch spec. Also update the "no secret configured" error message to point to the actual rotate-secret REST endpoint instead of a non-existent admin page.
adamziel
force-pushed
the
adamziel/wpcomsh-pr-1927
branch
from
68aae0f to
fce8203
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
/wp/v2/streaming-exportREST API endpoint to wpcomsh. This is the Jetpack monorepo counterpart of wpcomsh#1927.Instead of intercepting query parameters and manually validating OAuth tokens, this registers a standard WordPress REST route. Authorization uses
is_super_admin(), so only network administrators (mapped from the WPCOM connected user by Jetpack's connection layer) can access the endpoint.The endpoint returns
{"authorization": "successful"}on success and a 403 otherwise.The branch now also bumps
wp-php-toolkit/streaming-exporterandwp-php-toolkit/streaming-importertov0.1.34so the wpcomsh endpoint picks up the Atomic duplicate-path fix in the exporter. That release suppresses duplicate/wordpressfollow-up roots and recursive/srv/htdocs/srv/htdocs/...re-entry paths at the source.Test plan
/wp-json/wp/v2/streaming-export/via the WPCOM REST API proxy as a connected super admin — should return 200