From 74b048f44e298bc6f07413a6e7f8282a31617f99 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 19 Nov 2022 16:14:02 +0000
Subject: [PATCH] Only apply auth filter to core WP REST API requests

This should make the plugin compatible with other plugins that serve
"public" info on REST-like endpoints, like Activitypub.
---
 ai-authenticate-rest-api.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/ai-authenticate-rest-api.php b/ai-authenticate-rest-api.php
index aa76d2c..50bf040 100644
--- a/ai-authenticate-rest-api.php
+++ b/ai-authenticate-rest-api.php
@@ -10,11 +10,12 @@
  * License URI: http://opensource.org/licenses/MIT
  */
 
-function ai_authenticate_rest_api_is_well_known_request() {
+function ai_authenticate_rest_api_is_wp_rest_api_request() {
+    // Identify "core" WP REST API requests, by their URL prefix.
     return strncmp(
         $_SERVER['REQUEST_URI'],
-        '/.well-known/',
-        strlen('/.well-known/')) == 0;
+        '/wp/v2/',
+        strlen('/wp/v2/')) == 0;
 }
 
 add_filter('rest_authentication_errors', function($result) {
@@ -25,9 +26,10 @@ add_filter('rest_authentication_errors', function($result) {
     }
  
     // No authentication has been performed yet.
-    // Return an error if user is not logged in.
+    // Return an error if user is not logged in, but only if we
+    // think the request is for the main WP REST API.
     if (!is_user_logged_in() &&
-        !ai_authenticate_rest_api_is_well_known_request()) {
+        ai_authenticate_rest_api_is_wp_rest_api_request()) {
         return new WP_Error(
             'rest_not_logged_in',
             __('You are not currently logged in.'),
-- 
GitLab