Only apply auth filter to core WP REST API requests

This should make the plugin compatible with other plugins that serve "public" info on REST-like endpoints, like Activitypub.

Only apply auth filter to core WP REST API requests
74b048f4 · ale · 1062fd8f · 74b048f4
Commit 74b048f4 authored 2 years ago by ale
--- a/ai-authenticate-rest-api.php
+++ b/ai-authenticate-rest-api.php
@@ -10,11 +10,12 @@
 * License URI: http://opensource.org/licenses/MIT
 */
-function ai_authenticate_rest_api_is_well_known_request() {
+function ai_authenticate_rest_api_is_wp_rest_api_request() {
+    // Identify "core" WP REST API requests, by their URL prefix.
    return strncmp(
        $_SERVER['REQUEST_URI'],
-        '/.well-known/',
+        '/wp/v2/',
-        strlen('/.well-known/')) == 0;
+        strlen('/wp/v2/')) == 0;
 }
 add_filter('rest_authentication_errors', function($result) {
@@ -25,9 +26,10 @@ add_filter('rest_authentication_errors', function($result) {
    }
    // No authentication has been performed yet.
-    // Return an error if user is not logged in.
+    // Return an error if user is not logged in, but only if we
+    // think the request is for the main WP REST API.
    if (!is_user_logged_in() &&
-        !ai_authenticate_rest_api_is_well_known_request()) {
+        ai_authenticate_rest_api_is_wp_rest_api_request()) {
        return new WP_Error(
            'rest_not_logged_in',
            __('You are not currently logged in.'),