Lance Cleveland

Adding WordPress REST API Security To Basic CRUD Operations

Work has been underway adding REST API functionality to the Store Locator Plus plugin.   Most people are familiar with the basic concept of using REST to fetch data from a remote server.   We use this every day when surfing the web using the basic premise of an HTTP GET protocol.   In short this is the simplest form of a REST “read” operation.   Go here, get this thing and show it to me.

REST APIs get more exciting when  you talk about adding basic create/update/delete operations proving the full CRUD functionality via the REST protocol.    The issue with using REST for these operations , especially via the WordPress REST API , is that you are now exposing your data via  service that anyone with even a touch of technical prowess can now create, update, or delete data elements from your site.     In the case of our locator plugin, we don’t want any random person to send a simple HTTP request to our server and delete a location.

The WordPress REST API provides a simple mechanism for adding security to these types of requests.   It uses the built-in WordPress user authentication and roles-and-capabilities to ensure a user has permission to alter the specific object, in our case location data, before handling the REST request.   To employ this security you will need two things;  A plugin that manages authentication requests  and the addition of a permission_callback parameter to your register_rest_route() call within your plugin/theme class that is managing your REST API.

The first part, adding a plugin, is easily handled by fetching one of the git repositories listed at the WordPress REST API documentation site.   You can choose either Basic Authentication (very weak security) or oAuth (much better option).   Using Basic Authentication is great for development and is what I use when testing RESTful services via phpStorm 2016 with its built-in RESTful service applet.

The second part, adding a permission_callback parameter, is done in the coding of your plugin or them that is managing your REST requests.   This can be handled using a simple anonymous function that returns the results of the WordPress current_user_can() function.     In Store Locator Plus we check to make sure the the user, authenticated with one of the above plugins as part of the source of the REST request, has the capability  of ‘manage_slp_user’ assigned.   By default this is assigned to all admin users when Store Locator Plus is installed.   The register_rest_route call looks like this:

This setup will check that the REST request has passed authentication and that the user identified with the request has the manage_slp_user capability before executing the add_location method in our REST API class.

Adding security on your POST/PUT/PATCH REST requests is as simple as that.

There are a lot of other tricks built into the WordPress REST API. Keep track of this blog to watch for more articles on WordPress development as I share what I’ve learned each week.

Billboard: ESPN Asked to Pay More Than $15 Million Annually to License Ambient Stadium Music

I wonder how, exactly, BMI determines what was played so they can fairly compensate the right creatives behind that music.

The answer is: they have no clue. They will apply their archaic generalized formula and make a wild guess then pay the most popular songwriters and composers. They’ll keep 12% for themselves and a good chunk in reserve , in a bank account where the keep the interest, in case they guessed wrong.

The PROs are a sham. Sad that music creatives don’t demand better.

ESPN Asked to Pay More Than $15 Million Annually to License Ambient Stadium Music
Billboard

In response to ESPN’s demand that a New York federal court determine a reasonable license fee for the performance of songs on its cable sports networks, licensing agency BMI is noting the “vast amounts of music played loudly and prominently in stadiums and arenas,” ambient noise that is often picked up by the broadcaster’s microphones and heard by its viewers. Read the full story

Shared from Apple News

Billboard: Kanye West Reveals He’s Team Streaming: ‘No More CDs For Me’

Kanye West Reveals He’s Team Streaming: ‘No More CDs For Me’
Billboard

Kanye West CDs are about to become a thing of the past. The Chicago rapper/designer/entertaining tweeter took to his timeline on Monday (March 7) to discuss his stance on physical music releases. “I was thinking about not making CDs ever again… Only streaming,” he said before referencing the cover art of his 2013 effort Yeezus. “the Yeezus album packaging was an open casket to CDs r.i.p.” Read the full story

Shared from Apple News

Billboard: Samsung, Google and Spotify Have Considered Buying Tidal: Report

Samsung, Google and Spotify Have Considered Buying Tidal: Report
Billboard

“Samsung is re-engaging; they are working on something really big, and they’re keeping it very quiet in case it leaks,” reports the Post. Read the full story

Shared from Apple News

iPhone Versus Android : Christmas 2015 Update

I just replaced my Samsung Galaxy S5 with a new iPhone 6S Plus.    This was not an easy transition.   I started out in the smart phone world literally on day 1.    We had a contract to write an app for the very first iPhone and we stood in line to purchase a pair of them on the first day they were available.    Within 18 months Android was out and after fighting with that gen 1 iPhone more than I liked it was time to check out the competition.   I never looked back even when iPhones improved faster than Androids.    Even when Androids didn’t work with ANYTHING and nearly EVERYTHING, including my toaster oven, “talked to” and iPhone.
 
But things have changed.   My past two go-arounds with the top-of-the-line Android models have been nearly as frustrating as that first iPhone many years ago.  First with an HTC model whose power ports just stopped connecting unless you moved the usb cable “just right”, like playing a new form of Jenga…. ooops moved that a little too far and CRASH down came the entire tower of tech.   Then with the latest Galaxy S5 that would literally just do a factory reset in the middle of streaming a Slacker station on a walk down the beach.     After the 5th factory reset in 12 months with a brand-new phone that tested “nothing wrong” with a perfect battery, I’d had enough.
Not only was my phone forcing me to spend a solid 4 hours re-installing all my apps and security settings, it would take less than a month to run out of memory.  If I was taking hundreds of photos and videos I could understand, but it was always the apps.  Not a lot of apps, but every one was HUGE.  Maybe It was the unprecedented amount of pre-installed apps you cannot install without rooting the phone (and voiding the warranty ) and keystroke log files that they keep to send back to everyone that wants to buy your data.  Privacy be damned.
To finally push me over the edge, yet another update came out for my car that was “only for iPhone”.   Starbucks continues to have iPhone-only free music and apps.    My stereo has advanced features only for iPhone.   My TV is “best with Apple TV compatible devices”.   My thermostat.  My security system.  Everything has MORE features and the most recent tech ONLY if you are on iPhone.   Even the smart door locks I looked at are NEVER available on Android first and even if they support Android it is always a half-assed version of the “real product” built for iPhone.
One last factory reset and a looming 4 hours of loss productivity pushed me over the edge.
In just 24 hours, here are my first impressions of the iPhone experience on the latest 6S Plus versus the year-old Android Samsung Galaxy S5.

iPhone killing it over Android

Battery life.   Bigger brighter screen with more resolution.   More sensors built in.  A gazillion megapixel camera.  A faster CPU.   And it STILL gets at least 5x the real-world usage time of the Galaxy S5.   After a day of use where I used the phone AT LEAST as much as any day in the past week with the Android and I still have 80% batter life.   My S5 would have been on the charger TWICE since noon.
Screen resolution.  A full 1920×1080 makes a HUGE different in legibility.   Also, Apple has always just had screens that “pop”.  They are easier to read no matter what the resolution is compared to an Android.  Not sure what tech magic this is but it makes a big difference to my eye.
Camera resolution.   I’m not sure the official spec but I now the video shoots true 4k at 30fps and full HD but the still images.  Wow.  This thing blows away the S5.  It has to be at least 3x the resolution if not more.
Ease-of-setup.   They literally activated the sim card and ported the account.  Nearly EVERYTHING was imported properly in terms of contacts, email, etc.    The few apps I had to re-install for security reasons worked perfectly.  EXCEPT a couple of Google-specific apps.  Go figure.    Funny thing is restoring an Android backup to the SAME PHONE after any one of the 5 factory resets was a 4-hour operation.    To go to a whole new phone OS took all of 15 minutes.
Performance.  This phone is WAY faster.   Literally the first words out of the Verizon rep when picking up the S5 was “your phone is so laggy”.  Yup.   Does that within 2 days of being setup.    Even after a factory reset and comparing them side-by-side the iPhone blows away the S5 in terms of app switching, downloads, app installs, and … well… just about everything.  Hell, the S5 takes 4-5 seconds to start up the camera app and snap the photo  (the new faster Google Camera app is so buggy it hangs 80% of the time but in the 20% of the time it works still takes 3 seconds to start).   The iPhone 6S Plus…  it is instantaneous.   The 6S is so fast in bringing up the camera tt is even faster than my actual pocket camera that has to open the lens cover (about 1 second or less). And in case 1/1000th of a second isn’t fast enough this camera uses some vodoo black magic to capture a second or two of photos BEFORE you clicked the take-photo button. What!?!?
Intangible “feel”.   Don’t get me wrong, the Galaxy S5 feels solid.   However the feel of quality when holding the phone is just “better”.  More solid.   It is hard to quantify by the 6S Plus feels like a solid piece of milled aluminum and the S5 feels like a piece of solid milled aluminum with some plastic tacked on that should really be there.   
The Other Stuff.  The “just touch me” fingerprint scanner blows away the S5 “swipe me and I might recognize it but likely won’t” scanner.   There are FAR MORE quality accessories both from Apple and 3rd parties for the iPhones 6S; which is amazing as it has been out for 60 days versus 18 months.   Compatibility with 3rd party devices; again EVERYTHING works with and usually works-better-with the iPhone which is NOT true of the leading Android Galaxy S5.  No extra pre-installed crap like the dozen-plus bloated apps Samsung forces you to have (and can never delete BTW, without voiding the warranty) so that Samsung can lower their price into your hands.
 

Android beats iPhone

The Back Button.   Seriously, why doesn’t Apple steal this idea.   It saves SOOOO much time over having to scroll to the top of an app just to back up.    I didn’t realize it but that is a HUGE time saver.
Integration with Google services.  We all know this is on purpose and it all at the hands of Google.    However getting all of my primary business connectivity via email, hangouts and every-other-app is the ONLY thing that was not a “oh, it just configures itself” on the iPhone.  On android it is kind of a pain especially if you have 2-factor authentication but on iPhone it seems to NEVER work until literally the 4th setup attempt (I swear Google has a counter that has to be reached before it will work).
App-to-app integration.   Some third party apps, like LastPass for example, work far better with other apps on Android.  On Apple they have put everything  under such tight controls that apps from different vendors don’t tend to like to talk to each other.
Speaker Quality.   The external speaker, the one you use to watch videos or to to a “speaker call” is absolutely ridiculous on the iPhone.  And I mean ridiculous in the “what fucktard came up with this” type of ridiculous not in a “that party was RIDICULOUS” as in an epic sort of way.     That iPhone speaker is placed perfectly so that if you don’t contort your hand into some fucked-up “I’m the direct offspring of quasimodo” sort of grip you will effectively mute the sound entirely.    Yeah, I get it, the sound is great if you lie it down on a desk.  But for those of you that actually HOLD your phone… it is completely freakin’ useless.  How did Apple miss this mark so badly?

Which Is Better?

So which do I like better at the moment? Well, not having a ubiquitous back-button is really annoying. It is amazing how many screen presses that saves you. Also the speaker placement on a $900 phone should NOT be in a place that completely MUTES the phone if you don’t hold it just right. Really? Yup, really.
 
That said, the most important things to me are battery life, camera and video quality, not having to delete all my photos just to update an app, and a phone that leverages ALL the features of my tech life (car, home security, home sound systems, and all my gadgets). Despite the ridiculous speaker placement and lack of a back button, the iPhone is already killing it in the 4 primary things I am looking for.
Luckily there are nearly one-bazillion third party accessories out there for the iPhone 6S Plus just 30 days after launch that I can certainly find a stand that lets me watch videos AND hear them at the same time without having to hold the phone.
Now if this thing doesn’t factory reset within the first 60 days I think I’ve found a new favorite tech toy.
%d bloggers like this: