Add site health check to detect blocked REST API and short-circuit optimization when Inaccessible #1762
Conversation
b1ink0
changed the title
There was a problem hiding this comment.
Should there be a plugin activation hook added as well which does add_option() for the new option and then also kicks off (or schedules) a REST API check? Ideally there would be a warning shown immediately after activating the plugin (e.g. on the plugins list table screen) whether the REST API is working so that the user doesn't have to discover it later via Site Health.
There was a problem hiding this comment.
Maybe put site-health in the root directory instead of inside includes since there are no other directories in there?
There was a problem hiding this comment.
I thought in future if we added something like admin dashboard for managing URL metrics or any other admin dashboard related thing then it would be better to add that feature in includes/admin. But we can just refactor things later when we need it so moving site-health to root makes sence.
There was a problem hiding this comment.
Yeah, let's put it in the root for now since all other directories are there.
if we added something like admin dashboard for managing URL metrics or any other admin dashboard related thing
Aside: I did put together a rough utility plugin for this: https://github.com/westonruter/od-admin-ui
| '<p>%s</p>', | ||
| esc_html__( 'The Optimization Detective endpoint could not be reached. This might mean the REST API is disabled or blocked.', 'optimization-detective' ) | ||
| ); | ||
| update_option( |
There was a problem hiding this comment.
This is the first PR that adds an option to to Optimization Detective. We'll need to make sure that the relevant delete_option() calls get added to the plugin's uninstall.php.
| // Disable detection if the REST API is disabled. | ||
| $od_rest_api_info = get_option( 'od_rest_api_info' ); | ||
| if ( is_array( $od_rest_api_info ) && isset( $od_rest_api_info['available'] ) ) { | ||
| $needs_detection = (bool) $od_rest_api_info['available']; | ||
| } | ||
|
|
There was a problem hiding this comment.
Actually, this check wouldn't make sense here. It should rather be done in od_maybe_add_template_output_buffer_filter() to short-circuit if the REST API it is not available.
| update_option( | ||
| 'od_rest_api_info', | ||
| array( | ||
| 'status' => 'error', |
There was a problem hiding this comment.
Should the $error->get_message() and maybe $error->get_code() be stored here?
| update_option( | ||
| 'od_rest_api_info', | ||
| array( | ||
| 'status' => 'forbidden', |
There was a problem hiding this comment.
Instead of storing the string, what about storing the $status_code instead?
| 'available' => false, | ||
| ) | ||
| ); | ||
| } |
There was a problem hiding this comment.
The else condition should be added as an error result as well. Here especially the $status_code could be used.
| && count( $expected_params ) === count( array_intersect( $data['data']['params'], $expected_params ) ) | ||
| ) { | ||
| // The REST API endpoint is available. | ||
| update_option( |
There was a problem hiding this comment.
Instead of having update_option() appearing in multiple places, each condition could populate an $info variable which is then sent into update_option() once at the end of the function.
westonruter
added
[Type] Enhancement
b1ink0
changed the title
| wp_schedule_event( time(), 'hourly', 'od_rest_api_health_check_event' ); | ||
| } | ||
| } | ||
| add_action( 'wp', 'od_schedule_rest_api_health_check' ); |
There was a problem hiding this comment.
Is this a best practice? Should it rather go in admin_init to avoid frontend writes? I'm not sure what others do here.
There was a problem hiding this comment.
I think scheduling on plugin activation hook will be better than admin_init.
There was a problem hiding this comment.
The problem is that the plugin activation hook doesn't work when network-activating a plugin in multisite.
There was a problem hiding this comment.
In looking at WP_Site_Health, it goes ahead and schedules an event even for frontend requests, since it calls its maybe_create_scheduled_event method in the constructor. And the instance is loaded in wp-settings.php. Nevertheless, since a database write is involved, it is preferable if event scheduling happens via an admin request and not unauthenticated frontend requests.
| */ | ||
| function od_schedule_rest_api_health_check(): void { | ||
| if ( ! (bool) wp_next_scheduled( 'od_rest_api_health_check_event' ) ) { | ||
| wp_schedule_event( time(), 'hourly', 'od_rest_api_health_check_event' ); |
There was a problem hiding this comment.
I think hourly is too much. Maybe weekly would make sense.
There was a problem hiding this comment.
I currently have it set to run weekly, but that might be too infrequent. If a configuration change disables the REST API, it could take an entire week for user to detect the issue. I believe running it daily would be a better choice.
There was a problem hiding this comment.
I think weekly is fine. It's not likely that a user would be changing the availability of the REST API. If we check at the moment that a plugin is activated, and then check weekly thereafter, then this should be good. Note that Site Health's own checks run on a weekly basis via the wp_site_health_scheduled_check action.
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
|
||
| register_activation_hook( | ||
| __FILE__, | ||
| static function () use ( $bootstrap ): void { | ||
| /* | ||
| * The activation hook is called before the init action, so the plugin is not loaded yet. This | ||
| * means that the plugin must be bootstrapped here to run the activation logic. | ||
| */ | ||
| $bootstrap(); | ||
| od_rest_api_health_check_plugin_activation(); | ||
| } | ||
| ); |
There was a problem hiding this comment.
See note below about how the activation hook does not run when network-activating a plugin. I think this should switch to use admin_init. For example, add this to hooks.php:
add_action( 'admin_init', 'od_rest_api_health_check_plugin_activation' );| add_filter( 'site_status_tests', 'od_optimization_detective_add_rest_api_test' ); | ||
|
|
||
| // Hook for the scheduled REST API health check. | ||
| add_action( 'od_rest_api_health_check_event', 'od_run_scheduled_rest_api_health_check' ); | ||
| add_action( 'after_plugin_row_meta', 'od_rest_api_health_check_admin_notice', 30 ); |
There was a problem hiding this comment.
What about moving these to a section in the plugin's existing hooks.php?
| /** | ||
| * Adds the Optimization Detective REST API check to site health tests. | ||
| * | ||
| * @since n.e.x.t | ||
| * | ||
| * @param array{direct: array<string, array{label: string, test: string}>} $tests Site Health Tests. | ||
| * @return array{direct: array<string, array{label: string, test: string}>} Amended tests. | ||
| */ | ||
| function od_optimization_detective_add_rest_api_test( array $tests ): array { | ||
| $tests['direct']['optimization_detective_rest_api'] = array( | ||
| 'label' => __( 'Optimization Detective REST API Endpoint Availability', 'optimization-detective' ), | ||
| 'test' => 'od_optimization_detective_rest_api_test', | ||
| ); | ||
|
|
||
| return $tests; | ||
| } |
There was a problem hiding this comment.
I think this could be moved to a /site-health.php file.
There was a problem hiding this comment.
Since there is only one Site Health test, what about eliminating the load.php file and moving this file to /site-health.php?
| @@ -127,5 +139,8 @@ class_alias( OD_URL_Metric_Group_Collection::class, 'OD_URL_Metrics_Group_Collec | |||
|
|
|||
| // Add hooks for the above requires. | |||
| require_once __DIR__ . '/hooks.php'; | |||
|
|
|||
| // Load site health checks. | |||
| require_once __DIR__ . '/site-health/load.php'; | |||
There was a problem hiding this comment.
As noted below, I think the directory can be removed in favor of just a simpler site-health.php for now:
| require_once __DIR__ . '/site-health/load.php'; | |
| require_once __DIR__ . '/site-health.php'; |
There was a problem hiding this comment.
I think this file can be removed in favor of moving the /site-health/rest-api/helper.php file below up to /site-health.php.
| */ | ||
| function od_schedule_rest_api_health_check(): void { | ||
| if ( ! (bool) wp_next_scheduled( 'od_rest_api_health_check_event' ) ) { | ||
| wp_schedule_event( time(), 'weekly', 'od_rest_api_health_check_event' ); |
There was a problem hiding this comment.
Do we really need to check this weekly? That seems excessive as it is very unlikely to change. How about checking when the plugin is activated and when users visit the Site Health screen?
| if ( ! (bool) get_option( 'od_rest_api_info' ) ) { | ||
| add_option( 'od_rest_api_info', array() ); | ||
| } | ||
| od_schedule_rest_api_health_check(); |
There was a problem hiding this comment.
just run check directly, caching results?
Summary
Fixes #1731
Relevant technical choices
/optimization-detective/v1/url-metrics:storeREST API endpoint. The process will short-circuit if the endpoint is inaccessible.Scenarios:
When the health check passes
When the REST API endpoint returns a forbidden error
When the REST API endpoint returns an unauthorized error
When other errors are encountered
