REST API: Add Store Subscriber Email as ID in Cookie

admin/class-convertkit-admin-refresh-resources.php

@@ -40,7 +40,22 @@ public function register_routes() {
 			'/resources/refresh/(?P<resource>[a-zA-Z0-9-_]+)',
 			array(
 				'methods'             => WP_REST_Server::CREATABLE,
+				'args'                => array(
+					// Resource: Validate resource is included in the request, a valid resource
+					// and sanitize the resource.
+					'resource' => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_string( $param ) && in_array( $param, array( 'forms', 'landing_pages', 'tags', 'posts', 'products', 'restrict_content' ), true );
+
+						},
+						'sanitize_callback' => 'sanitize_text_field',
+					),
+				),
 				'callback'            => array( $this, 'refresh_resources' ),
+
+				// Only refresh resources for users who can edit posts.
 				'permission_callback' => function () {
 					return current_user_can( 'edit_posts' );
 				},

includes/class-convertkit-gutenberg.php

@@ -82,6 +82,7 @@ public function register_routes() {
 					return rest_ensure_response( convertkit_get_blocks() );
 				},
 
+				// Only refresh resources for users who can edit posts.
 				'permission_callback' => function () {
 					return current_user_can( 'edit_posts' );
 				},

includes/class-convertkit-output-restrict-content.php

@@ -131,6 +131,52 @@ public function register_routes() {
 			'/restrict-content/subscriber-authentication',
 			array(
 				'methods'             => WP_REST_Server::CREATABLE,
+				'args'                => array(
+					// Email: Validate email is included in the request, is a valid email address
+					// and sanitize the email address.
+					'convertkit_email'         => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_string( $param ) && is_email( $param );
+
+						},
+						'sanitize_callback' => 'sanitize_email',
+					),
+
+					// Post ID: Validate post ID is included in the request and is an integer.
+					'convertkit_post_id'       => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_numeric( $param );
+
+						},
+						'sanitize_callback' => 'absint',
+					),
+
+					// Resource Type: Validate resource type is included in the request and is a string.
+					'convertkit_resource_type' => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_string( $param );
+
+						},
+						'sanitize_callback' => 'sanitize_text_field',
+					),
+
+					// Resource ID: Validate resource ID is included in the request and is an integer.
+					'convertkit_resource_id'   => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_numeric( $param );
+
+						},
+						'sanitize_callback' => 'absint',
+					),
+				),
 				'callback'            => function ( $request ) {
 
 					// Initialize classes that will be used.
@@ -181,6 +227,8 @@ public function register_routes() {
 						)
 					);
 				},
+
+				// No authentication required, as this is on the frontend site.
 				'permission_callback' => '__return_true',
 			)
 		);
@@ -191,6 +239,40 @@ public function register_routes() {
 			'/restrict-content/subscriber-verification',
 			array(
 				'methods'             => WP_REST_Server::CREATABLE,
+				'args'                => array(
+					// Post ID: Validate post ID is an integer if included in the request.
+					'convertkit_post_id' => array(
+						'required'          => false,
+						'validate_callback' => function ( $param ) {
+
+							return is_numeric( $param );
+
+						},
+						'sanitize_callback' => 'absint',
+					),
+
+					// Token: Validate token is included in the request and is a string.
+					'token'              => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_string( $param );
+
+						},
+						'sanitize_callback' => 'sanitize_text_field',
+					),
+
+					// Subscriber Code: Validate subscriber code is included in the request and is a string.
+					'subscriber_code'    => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_string( $param );
+
+						},
+						'sanitize_callback' => 'sanitize_text_field',
+					),
+				),
 				'callback'            => function ( $request ) {
 
 					// Initialize classes that will be used.
@@ -234,6 +316,8 @@ public function register_routes() {
 						)
 					);
 				},
+
+				// No authentication required, as this is on the frontend site.
 				'permission_callback' => '__return_true',
 			)
 		);

includes/class-convertkit-output.php

@@ -67,6 +67,7 @@ class ConvertKit_Output {
 	 */
 	public function __construct() {
 
+		add_action( 'rest_api_init', array( $this, 'register_routes' ) );
 		add_action( 'init', array( $this, 'get_subscriber_id_from_request' ) );
 		add_action( 'wp', array( $this, 'maybe_tag_subscriber' ) );
 		add_action( 'template_redirect', array( $this, 'output_form' ) );
@@ -80,6 +81,62 @@ public function __construct() {
 
 	}
 
+	/**
+	 * Register REST API routes.
+	 *
+	 * @since   3.1.7
+	 */
+	public function register_routes() {
+
+		// Register route to store the Kit subscriber's email's ID in a cookie.
+		register_rest_route(
+			'kit/v1',
+			'/subscriber/store-email-as-id-in-cookie',
+			array(
+				'methods'             => WP_REST_Server::CREATABLE,
+				'args'                => array(
+					// Email: Validate email is included in the request, a valid email address
+					// and sanitize the email address.
+					'email' => array(
+						'required'          => true,
+						'validate_callback' => function ( $param ) {
+
+							return is_string( $param ) && is_email( $param );
+
+						},
+						'sanitize_callback' => 'sanitize_email',
+					),
+				),
+				'callback'            => function ( $request ) {
+
+					// Get email address.
+					$email = $request->get_param( 'email' );
+
+					// Get subscriber ID.
+					$subscriber    = new ConvertKit_Subscriber();
+					$subscriber_id = $subscriber->validate_and_store_subscriber_email( $email );
+
+					// Bail if an error occured i.e. API hasn't been configured.
+					if ( is_wp_error( $subscriber_id ) ) {
+						return rest_ensure_response( $subscriber_id );
+					}
+
+					// Return the subscriber ID.
+					return rest_ensure_response(
+						array(
+							'id' => $subscriber_id,
+						)
+					);
+
+				},
+
+				// No authentication required, as this is on the frontend site.
+				'permission_callback' => '__return_true',
+			)
+		);
+
+	}
+
 	/**
 	 * Tags the subscriber, if:
 	 * - a subscriber ID exists in the cookie or URL,
@@ -756,9 +813,9 @@ public function enqueue_scripts() {
 			'convertkit-js',
 			'convertkit',
 			array(
-				'ajaxurl'       => admin_url( 'admin-ajax.php' ),
+				'ajaxurl'       => rest_url( 'kit/v1/subscriber/store-email-as-id-in-cookie' ),
 				'debug'         => $settings->debug_enabled(),
-				'nonce'         => wp_create_nonce( 'convertkit' ),
+				'nonce'         => wp_create_nonce( 'wp_rest' ),
 				'subscriber_id' => $this->subscriber_id,
 			)
 		);

includes/class-wp-convertkit.php

@@ -178,7 +178,6 @@ private function initialize_global() {
 
 		$this->classes['admin_notices']                               = new ConvertKit_Admin_Notices();
 		$this->classes['admin_refresh_resources']                     = new ConvertKit_Admin_Refresh_Resources();
-		$this->classes['ajax']                                        = new ConvertKit_AJAX();
 		$this->classes['blocks_convertkit_broadcasts']                = new ConvertKit_Block_Broadcasts();
 		$this->classes['blocks_convertkit_content']                   = new ConvertKit_Block_Content();
 		$this->classes['blocks_convertkit_formtrigger']               = new ConvertKit_Block_Form_Trigger();

resources/frontend/js/convertkit.js

@@ -29,10 +29,9 @@ function convertStoreSubscriberEmailAsIDInCookie(emailAddress) {
 		method: 'POST',
 		headers: {
 			'Content-Type': 'application/x-www-form-urlencoded',
+			'X-WP-Nonce': convertkit.nonce,
 		},
 		body: new URLSearchParams({
-			action: 'convertkit_store_subscriber_email_as_id_in_cookie',
-			convertkit_nonce: convertkit.nonce,
 			email: emailAddress,
 		}),
 	})
@@ -50,7 +49,7 @@ function convertStoreSubscriberEmailAsIDInCookie(emailAddress) {
 
 			// Emit custom event with subscriber ID.
 			convertKitEmitCustomEvent('convertkit_user_subscribed', {
-				id: result.data.id,
+				id: result.id,
 				email: emailAddress,
 			});
 		})