magdev/wc-licensed-product
1
Fork 0
Code Issues Pull Requests Actions Releases 4 Activity

Align REST API with client documentation (v0.5.4)

Browse Source 
Fixed HTTP status codes for API responses:
- /validate now returns 404 for license_not_found (was 403)
- Added status code mapping: 404 not found, 500 server errors, 403 others

Added configurable rate limiting:
- WC_LICENSE_RATE_LIMIT constant for requests per window
- WC_LICENSE_RATE_WINDOW constant for window duration in seconds

Fixed license_key validation:
- Now enforces minimum 8 characters across all endpoints

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Marco Grätsch
2026-01-26 17:00:52 +01:00
parent bee9854c18
commit 5d5bb7e595
4 changed files with 111 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
CLAUDE.md
View File

@@ -1378,3 +1378,31 @@ Major feature release adding support for WooCommerce variable products. Customer
- Order meta `_licensed_product_domains` now includes optional `variation_id` field
- License generation uses variation settings when `variation_id` is present in order item
- Backward compatible: existing simple licensed products continue to work unchanged
### 2026-01-26 - Version 0.5.4 - API Compliance
**Overview:**
Bug fix release aligning server implementation with client documentation at `magdev/wc-licensed-product-client`.
**Fixed:**
- `/validate` endpoint now returns HTTP 404 for `license_not_found` error (was returning 403)
- License key validation now enforces minimum 8 characters across all API endpoints
**Implemented:**
- Configurable rate limiting via `WC_LICENSE_RATE_LIMIT` constant (default: 30 requests)
- Configurable rate window via `WC_LICENSE_RATE_WINDOW` constant (default: 60 seconds)
- HTTP status code mapping: 404 for not found, 500 for server errors, 403 for all other errors
**Modified files:**
- `src/Api/RestApiController.php` - Added configurable rate limiting, fixed HTTP status codes, added license_key validation
**Technical notes:**
- Rate limiting now uses `getRateLimit()` and `getRateWindow()` methods instead of constants
- New `getStatusCodeForResult()` method maps error codes to HTTP status codes
- License key validation callback added to all three endpoints (validate, status, activate)
- Uses PHP 8 match expression for status code mapping