Add: Connectors screen and API #75833
+1,514
−1
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,323 @@ | ||
| <?php | ||
| /** | ||
| * Default connectors backend logic. | ||
| * | ||
| * @package gutenberg | ||
| */ | ||
|
|
||
| /** | ||
| * Masks an API key, showing only the last 4 characters. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $key The API key to mask. | ||
| * @return string The masked key, e.g. "••••••••••••fj39". | ||
| */ | ||
| function _gutenberg_mask_api_key( string $key ): string { | ||
| if ( strlen( $key ) <= 4 ) { | ||
| return $key; | ||
| } | ||
| return str_repeat( "\u{2022}", min( strlen( $key ) - 4, 16 ) ) . substr( $key, -4 ); | ||
| } | ||
|
|
||
| /** | ||
| * Checks whether an API key is valid for a given provider. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $key The API key to check. | ||
| * @param string $provider_id The WP AI client provider ID. | ||
| * @return bool|null True if valid, false if invalid, null if unable to determine. | ||
| */ | ||
| function _gutenberg_is_api_key_valid( string $key, string $provider_id ): ?bool { | ||
| try { | ||
| $registry = \WordPress\AiClient\AiClient::defaultRegistry(); | ||
|
|
||
| if ( ! $registry->hasProvider( $provider_id ) ) { | ||
| return null; | ||
| } | ||
|
|
||
| $registry->setProviderRequestAuthentication( | ||
| $provider_id, | ||
| new \WordPress\AiClient\Providers\Http\DTO\ApiKeyRequestAuthentication( $key ) | ||
| ); | ||
|
|
||
| return $registry->isProviderConfigured( $provider_id ); | ||
| } catch ( \Error $e ) { | ||
| return null; | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Sets the API key authentication for a provider on the WP AI Client registry. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $key The API key. | ||
| * @param string $provider_id The WP AI client provider ID. | ||
| */ | ||
| function _gutenberg_set_provider_api_key( string $key, string $provider_id ): void { | ||
| try { | ||
| $registry = \WordPress\AiClient\AiClient::defaultRegistry(); | ||
|
|
||
| if ( ! $registry->hasProvider( $provider_id ) ) { | ||
| return; | ||
| } | ||
|
|
||
| $registry->setProviderRequestAuthentication( | ||
| $provider_id, | ||
| new \WordPress\AiClient\Providers\Http\DTO\ApiKeyRequestAuthentication( $key ) | ||
| ); | ||
| } catch ( \Error $e ) { | ||
| // WP AI Client not available. | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Retrieves the real (unmasked) value of a connector API key. | ||
| * | ||
| * Temporarily removes the masking filter, reads the option, then re-adds it. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $option_name The option name for the API key. | ||
| * @param callable $mask_callback The mask filter function. | ||
| * @return string The real API key value. | ||
| */ | ||
| function _gutenberg_get_real_api_key( string $option_name, callable $mask_callback ): string { | ||
| remove_filter( "option_{$option_name}", $mask_callback ); | ||
| $value = get_option( $option_name, '' ); | ||
| add_filter( "option_{$option_name}", $mask_callback ); | ||
|
Comment on lines
+88
to
+90
Contributor
There was a problem hiding this comment. Masking is nice, but should we also encrypt out API keys before we store them in them the database? Seems like a bigger problem than before when giving AI access to your database is one of the bigger practical use cases for agentic site work. Also confirming - |
||
| return $value; | ||
| } | ||
|
|
||
| // --- Gemini (Google) --- | ||
|
|
||
| /** | ||
| * Masks the Gemini API key on read. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $value The raw option value. | ||
| * @return string Masked key or empty string. | ||
| */ | ||
| function _gutenberg_mask_gemini_api_key( string $value ): string { | ||
|
Contributor
There was a problem hiding this comment. These are all private anyway, why even bother? I say we ditch the boilerplate and just call |
||
| if ( '' === $value ) { | ||
| return $value; | ||
| } | ||
| return _gutenberg_mask_api_key( $value ); | ||
| } | ||
|
|
||
| /** | ||
| * Sanitizes and validates the Gemini API key before saving. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $value The new value. | ||
| * @return string The sanitized value, or empty string if the key is not valid. | ||
| */ | ||
| function _gutenberg_sanitize_gemini_api_key( string $value ): string { | ||
| $value = sanitize_text_field( $value ); | ||
| if ( '' === $value ) { | ||
| return $value; | ||
| } | ||
| $valid = _gutenberg_is_api_key_valid( $value, 'google' ); | ||
| return true === $valid ? $value : ''; | ||
| } | ||
|
|
||
| // --- OpenAI --- | ||
|
|
||
| /** | ||
| * Masks the OpenAI API key on read. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $value The raw option value. | ||
| * @return string Masked key or empty string. | ||
| */ | ||
| function _gutenberg_mask_openai_api_key( string $value ): string { | ||
| if ( '' === $value ) { | ||
| return $value; | ||
| } | ||
| return _gutenberg_mask_api_key( $value ); | ||
| } | ||
|
|
||
| /** | ||
| * Sanitizes and validates the OpenAI API key before saving. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $value The new value. | ||
| * @return string The sanitized value, or empty string if the key is not valid. | ||
| */ | ||
| function _gutenberg_sanitize_openai_api_key( string $value ): string { | ||
| $value = sanitize_text_field( $value ); | ||
| if ( '' === $value ) { | ||
| return $value; | ||
| } | ||
| $valid = _gutenberg_is_api_key_valid( $value, 'openai' ); | ||
| return true === $valid ? $value : ''; | ||
| } | ||
|
|
||
| // --- Anthropic --- | ||
|
|
||
| /** | ||
| * Masks the Anthropic API key on read. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $value The raw option value. | ||
| * @return string Masked key or empty string. | ||
| */ | ||
| function _gutenberg_mask_anthropic_api_key( string $value ): string { | ||
| if ( '' === $value ) { | ||
| return $value; | ||
| } | ||
| return _gutenberg_mask_api_key( $value ); | ||
| } | ||
|
|
||
| /** | ||
| * Sanitizes and validates the Anthropic API key before saving. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param string $value The new value. | ||
| * @return string The sanitized value, or empty string if the key is not valid. | ||
| */ | ||
| function _gutenberg_sanitize_anthropic_api_key( string $value ): string { | ||
| $value = sanitize_text_field( $value ); | ||
| if ( '' === $value ) { | ||
| return $value; | ||
| } | ||
| $valid = _gutenberg_is_api_key_valid( $value, 'anthropic' ); | ||
| return true === $valid ? $value : ''; | ||
| } | ||
|
|
||
| // --- Connector definitions --- | ||
|
|
||
| /** | ||
| * Gets the provider connectors. | ||
| * | ||
| * @access private | ||
| * | ||
| * @return array<string, array{ provider: string, mask: callable, sanitize: callable }> Connectors. | ||
| */ | ||
| function _gutenberg_get_connectors(): array { | ||
| return array( | ||
| 'connectors_gemini_api_key' => array( | ||
| 'provider' => 'google', | ||
| 'mask' => '_gutenberg_mask_gemini_api_key', | ||
| 'sanitize' => '_gutenberg_sanitize_gemini_api_key', | ||
| ), | ||
| 'connectors_openai_api_key' => array( | ||
| 'provider' => 'openai', | ||
| 'mask' => '_gutenberg_mask_openai_api_key', | ||
| 'sanitize' => '_gutenberg_sanitize_openai_api_key', | ||
| ), | ||
| 'connectors_anthropic_api_key' => array( | ||
| 'provider' => 'anthropic', | ||
| 'mask' => '_gutenberg_mask_anthropic_api_key', | ||
| 'sanitize' => '_gutenberg_sanitize_anthropic_api_key', | ||
| ), | ||
| ); | ||
| } | ||
|
|
||
| // --- REST API filtering --- | ||
|
|
||
| /** | ||
| * Validates connector API keys in the REST response when explicitly requested. | ||
| * | ||
| * Runs on `rest_post_dispatch` for `/wp/v2/settings` requests that include | ||
| * connector fields via `_fields`. For each requested connector field, reads | ||
| * the real (unmasked) key, validates it against the provider, and replaces | ||
| * the response value with 'invalid_key' if validation fails. | ||
| * | ||
| * @access private | ||
| * | ||
| * @param WP_REST_Response $response The response object. | ||
| * @param WP_REST_Server $server The server instance. | ||
| * @param WP_REST_Request $request The request object. | ||
| * @return WP_REST_Response The potentially modified response. | ||
| */ | ||
| function _gutenberg_validate_connector_keys_in_rest( WP_REST_Response $response, WP_REST_Server $server, WP_REST_Request $request ): WP_REST_Response { | ||
| if ( '/wp/v2/settings' !== $request->get_route() ) { | ||
| return $response; | ||
| } | ||
|
|
||
| $fields = $request->get_param( '_fields' ); | ||
| if ( ! $fields ) { | ||
| return $response; | ||
| } | ||
|
|
||
| $requested = array_map( 'trim', explode( ',', $fields ) ); | ||
| $data = $response->get_data(); | ||
| $connectors = _gutenberg_get_connectors(); | ||
|
|
||
| foreach ( $connectors as $option_name => $config ) { | ||
| if ( ! in_array( $option_name, $requested, true ) ) { | ||
| continue; | ||
| } | ||
| $real_key = _gutenberg_get_real_api_key( $option_name, $config['mask'] ); | ||
| if ( '' === $real_key ) { | ||
| continue; | ||
| } | ||
| if ( true !== _gutenberg_is_api_key_valid( $real_key, $config['provider'] ) ) { | ||
| $data[ $option_name ] = 'invalid_key'; | ||
| } | ||
| } | ||
|
|
||
| $response->set_data( $data ); | ||
| return $response; | ||
| } | ||
| add_filter( 'rest_post_dispatch', '_gutenberg_validate_connector_keys_in_rest', 10, 3 ); | ||
|
|
||
| // --- Registration --- | ||
|
|
||
| /** | ||
| * Registers the default connector settings, mask filters, and validation filters. | ||
| * | ||
| * @access private | ||
| */ | ||
| function _gutenberg_register_default_connector_settings(): void { | ||
| if ( ! class_exists( '\WordPress\AiClient\AiClient' ) ) { | ||
| return; | ||
| } | ||
|
|
||
| $connectors = _gutenberg_get_connectors(); | ||
|
|
||
| foreach ( $connectors as $option_name => $config ) { | ||
| register_setting( | ||
| 'connectors', | ||
| $option_name, | ||
| array( | ||
| 'type' => 'string', | ||
| 'default' => '', | ||
| 'show_in_rest' => true, | ||
| 'sanitize_callback' => $config['sanitize'], | ||
| ) | ||
| ); | ||
| add_filter( "option_{$option_name}", $config['mask'] ); | ||
|
Member
There was a problem hiding this comment. There is at least one hole I'm aware of for this method of masking the API key: the key is still visible when you go to 
(My actual key has been redacted in this screenshot.)
Member
There was a problem hiding this comment. It sounds like these API key options should always be masked by default, but the filter is instead temporarily removed when passing to the AI provider class when auth is being configured.
Member
There was a problem hiding this comment. Well, we need a proper security audit here, because we try to mirror how Claude and OpenAI manage API keys. However, we also noticed that Google allows displaying the stored API key for Gemini, so maybe it's fine to skip that masking.
Contributor
There was a problem hiding this comment. Small nuance to consider: just because you can use an API Key on one site (or are authorized to connect a new one) doesn't mean you can use that key off site in your own tooling. (related https://github.com/WordPress/gutenberg/pull/75833/files#r2855648259 ) |
||
| } | ||
| } | ||
| add_action( 'init', '_gutenberg_register_default_connector_settings' ); | ||
|
|
||
| /** | ||
| * Passes the default connector API keys to the WP AI client. | ||
| * | ||
| * @access private | ||
| */ | ||
| function _gutenberg_pass_default_connector_keys_to_ai_client(): void { | ||
| if ( ! class_exists( '\WordPress\AiClient\AiClient' ) ) { | ||
| return; | ||
| } | ||
|
|
||
| $connectors = _gutenberg_get_connectors(); | ||
|
|
||
| foreach ( $connectors as $option_name => $config ) { | ||
| $api_key = _gutenberg_get_real_api_key( $option_name, $config['mask'] ); | ||
| if ( ! empty( $api_key ) ) { | ||
| _gutenberg_set_provider_api_key( $api_key, $config['provider'] ); | ||
| } | ||
| } | ||
| } | ||
| add_action( 'init', '_gutenberg_pass_default_connector_keys_to_ai_client' ); | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| <?php | ||
| /** | ||
| * Bootstraps the Connectors page in wp-admin. | ||
| * | ||
| * @package gutenberg | ||
| */ | ||
|
|
||
| add_action( 'admin_menu', '_gutenberg_connectors_add_settings_menu_item' ); | ||
|
|
||
| /** | ||
| * Registers the Connectors menu item under Settings. | ||
| * | ||
| * @access private | ||
| */ | ||
| function _gutenberg_connectors_add_settings_menu_item(): void { | ||
| add_submenu_page( | ||
| 'options-general.php', | ||
| __( 'Connectors', 'gutenberg' ), | ||
| __( 'Connectors', 'gutenberg' ), | ||
| 'manage_options', | ||
| 'connectors-wp-admin', | ||
| 'gutenberg_connectors_wp_admin_render_page', | ||
| 1 | ||
| ); | ||
| } | ||
|
|
||
| require __DIR__ . '/default-connectors.php'; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.