get_header('X-WP-Nonce'); if (!wp_verify_nonce($nonce, 'wp_rest')) { return false; } // Verify origin $origin = $request->get_header('origin'); if (!$this->verify_origin($origin)) { return false; } return true; } private function verify_origin($origin) { // Get the site URL $site_url = parse_url(get_site_url(), PHP_URL_HOST); $origin_host = parse_url($origin, PHP_URL_HOST); // Check if origin matches site URL or is a subdomain return $origin_host === $site_url || strpos($origin_host, '.' . $site_url) !== false; } public function encrypt_sensitive_data($data) { if (empty($data)) { return ''; } $encryption_key = $this->get_encryption_key(); $iv = openssl_random_pseudo_bytes(16); $encrypted = openssl_encrypt( $data, 'AES-256-CBC', $encryption_key, 0, $iv ); return base64_encode($iv . $encrypted); } public function decrypt_sensitive_data($encrypted_data) { if (empty($encrypted_data)) { return ''; } $encryption_key = $this->get_encryption_key(); $data = base64_decode($encrypted_data); $iv = substr($data, 0, 16); $encrypted = substr($data, 16); return openssl_decrypt( $encrypted, 'AES-256-CBC', $encryption_key, 0, $iv ); } private function get_encryption_key() { $key = get_option('eveai_chat_encryption_key'); if (!$key) { $key = bin2hex(random_bytes(32)); update_option('eveai_chat_encryption_key', $key); } return $key; } /** * Generates a local temporary token for additional security */ public function generate_local_token($tenant_id, $domain) { $data = array( 'tenant_id' => $tenant_id, 'domain' => $domain, 'timestamp' => time(), 'site_url' => get_site_url() ); return $this->encrypt_sensitive_data(json_encode($data)); } /** * Verifies if the domain is allowed for the given tenant */ public function verify_tenant_domain($tenant_id, $domain) { // This could be enhanced with a database check of allowed domains per tenant $allowed_domains = array( parse_url(get_site_url(), PHP_URL_HOST), 'localhost', // Add other allowed domains as needed ); $domain_host = parse_url($domain, PHP_URL_HOST); return in_array($domain_host, $allowed_domains); } /** * Enhanced origin verification */ public function verify_origin($origin) { if (empty($origin)) { return false; } // Get the allowed origins $site_url = parse_url(get_site_url(), PHP_URL_HOST); $allowed_origins = array( $site_url, 'www.' . $site_url, 'localhost', // Add any additional allowed origins ); $origin_host = parse_url($origin, PHP_URL_HOST); // Check if origin matches allowed origins or is a subdomain foreach ($allowed_origins as $allowed_origin) { if ($origin_host === $allowed_origin || strpos($origin_host, '.' . $allowed_origin) !== false) { return true; } } return false; } }