Merge pull request #1 from RebelMouseTeam/feat/proxy-mode

bodbdigr · web-flow · commit b74db55550ec · 2026-03-04T12:30:32.000+01:00
Add proxy mode for WordPress plugin
diff --git a/assets/js/admin.js b/assets/js/admin.js
@@ -15,6 +15,7 @@
       nonce: rebelboost.nonce,
       api_key: $('#rebelboost_api_key').val(),
       host: $('#rebelboost_host').val() || '',
+      mode: $('input[name="rebelboost_mode"]:checked').val() || 'integration',
     })
       .done(function (response) {
         if (response.success) {
diff --git a/includes/class-api-client.php b/includes/class-api-client.php
@@ -25,7 +25,14 @@ public function reload() {
 	 *
 	 * @return true|WP_Error
 	 */
-	public function test_connection() {
+	/**
+	 * Test the connection by attempting a purge on a non-existent path.
+	 *
+	 * @param bool $proxy_mode When true, accept 400 as valid (host may not
+	 *                         have a purge config yet, but the key was not rejected).
+	 * @return true|WP_Error
+	 */
+	public function test_connection( $proxy_mode = false ) {
 		if ( empty( $this->api_key ) ) {
 			return new WP_Error( 'rebelboost_not_configured', __( 'API key is required.', 'rebelboost' ) );
 		}
@@ -46,6 +53,12 @@ public function test_connection() {
 			return true;
 		}
 
+		// In proxy mode the host may not have a purge config yet,
+		// so 400 is expected. The key was accepted (not 401/403).
+		if ( $proxy_mode && 400 === $code ) {
+			return true;
+		}
+
 		return new WP_Error(
 			'rebelboost_unexpected_response',
 			sprintf(
diff --git a/includes/class-cli.php b/includes/class-cli.php
@@ -95,6 +95,9 @@ public function status() {
 			return;
 		}
 
+		$mode = get_option( 'rebelboost_mode', 'integration' );
+
+		WP_CLI::log( "Mode:     {$mode}" );
 		WP_CLI::log( "Host:     {$host}" );
 		WP_CLI::log( 'API Key:  ' . substr( $api_key, 0, 8 ) . str_repeat( '*', max( 0, strlen( $api_key ) - 8 ) ) );
 
@@ -107,6 +110,38 @@ public function status() {
 		WP_CLI::success( 'RebelBoost is configured.' );
 	}
 
+	/**
+	 * Show or set the plugin operating mode.
+	 *
+	 * ## OPTIONS
+	 *
+	 * [<mode>]
+	 * : Set mode to 'integration' or 'proxy'. Omit to show current mode.
+	 *
+	 * ## EXAMPLES
+	 *
+	 *     wp rebelboost mode
+	 *     wp rebelboost mode proxy
+	 *     wp rebelboost mode integration
+	 *
+	 * @subcommand mode
+	 */
+	public function mode( $args ) {
+		if ( empty( $args[0] ) ) {
+			$current = get_option( 'rebelboost_mode', 'integration' );
+			WP_CLI::log( "Current mode: {$current}" );
+			return;
+		}
+
+		$new_mode = $args[0];
+		if ( ! in_array( $new_mode, array( 'integration', 'proxy' ), true ) ) {
+			WP_CLI::error( "Invalid mode: {$new_mode}. Use 'integration' or 'proxy'." );
+		}
+
+		update_option( 'rebelboost_mode', $new_mode );
+		WP_CLI::success( "Mode set to: {$new_mode}" );
+	}
+
 	/**
 	 * Test the connection to RebelBoost.
 	 *
diff --git a/includes/class-proxy-mode.php b/includes/class-proxy-mode.php
@@ -0,0 +1,131 @@
+<?php
+
+defined( 'ABSPATH' ) || exit;
+
+/**
+ * Proxy mode — serves optimized pages via the RebelBoost service.
+ *
+ * For regular browser requests, this class fetches the page from the
+ * RebelBoost proxy (which applies optimizations like image compression,
+ * lazy loading, script deferral, etc.) and serves the optimized response.
+ *
+ * When the RebelBoost service fetches back from WordPress (origin fetch),
+ * we detect this via a secret header token and let WordPress serve normally
+ * to avoid an infinite loop.
+ */
+class RebelBoost_Proxy_Mode {
+
+	private $site_host;
+	private $base_url;
+
+	/**
+	 * Secret token used to identify origin fetches from the plugin's own
+	 * proxy requests vs. the RebelBoost service fetching from origin.
+	 * Derived from the API key so it's unique per site but not guessable.
+	 */
+	private $loop_token;
+
+	public function __construct() {
+		$this->site_host  = wp_parse_url( site_url(), PHP_URL_HOST );
+		$override         = get_option( 'rebelboost_host', '' );
+		$this->base_url   = ! empty( $override ) ? untrailingslashit( $override ) : 'https://ingressv2.rebelboost.com';
+		$this->loop_token = substr( md5( 'rebelboost_proxy_' . get_option( 'rebelboost_api_key', '' ) ), 0, 16 );
+	}
+
+	public function register_hooks() {
+		if ( ! $this->is_active() ) {
+			return;
+		}
+
+		// If this request was made by our own proxy (loopback from RebelBoost
+		// service fetching the origin), let WordPress serve normally.
+		if ( $this->is_loopback() ) {
+			return;
+		}
+
+		// For regular browser requests, proxy through RebelBoost.
+		add_action( 'template_redirect', array( $this, 'serve_optimized' ), 0 );
+	}
+
+	public function is_active() {
+		return 'proxy' === get_option( 'rebelboost_mode', 'integration' )
+			&& RebelBoost::is_connected()
+			&& ! is_admin()
+			&& ! wp_doing_ajax()
+			&& ! wp_doing_cron()
+			&& ! ( defined( 'REST_REQUEST' ) && REST_REQUEST );
+	}
+
+	/**
+	 * Detect if this is an origin fetch triggered by our own proxy request.
+	 *
+	 * The RebelBoost service forwards all request headers to the origin.
+	 * We add a custom header (X-Rebelboost-Loop-Token) when proxying,
+	 * which gets forwarded back to us on the origin fetch.
+	 */
+	private function is_loopback() {
+		$token = isset( $_SERVER['HTTP_X_REBELBOOST_LOOP_TOKEN'] )
+			? $_SERVER['HTTP_X_REBELBOOST_LOOP_TOKEN']
+			: '';
+		return $token === $this->loop_token;
+	}
+
+	/**
+	 * Fetch the optimized page from the RebelBoost service and serve it.
+	 */
+	public function serve_optimized() {
+		$request_uri = isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '/';
+		$url         = $this->base_url . $request_uri;
+
+		$headers = array(
+			'Host'                      => $this->site_host,
+			'X-Forwarded-Host'          => $this->site_host,
+			'X-Forwarded-For'           => isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : '',
+			'X-Rebelboost-Loop-Token'   => $this->loop_token,
+			'Accept'                    => isset( $_SERVER['HTTP_ACCEPT'] ) ? $_SERVER['HTTP_ACCEPT'] : '*/*',
+			'Accept-Encoding'           => 'identity',
+			'User-Agent'                => isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : '',
+		);
+
+		// Forward cookies for authenticated/personalized content.
+		if ( ! empty( $_SERVER['HTTP_COOKIE'] ) ) {
+			$headers['Cookie'] = $_SERVER['HTTP_COOKIE'];
+		}
+
+		$response = wp_remote_get( $url, array(
+			'headers'     => $headers,
+			'timeout'     => 15,
+			'redirection' => 0,
+			'decompress'  => true,
+		) );
+
+		if ( is_wp_error( $response ) ) {
+			// If the proxy is unreachable, fall back to normal WordPress output.
+			return;
+		}
+
+		$status = wp_remote_retrieve_response_code( $response );
+		$body   = wp_remote_retrieve_body( $response );
+
+		// Forward relevant response headers.
+		$passthrough_headers = array(
+			'content-type',
+			'cache-control',
+			'x-rebelboost-cache',
+			'x-rebelboost-optimized',
+			'vary',
+			'link',
+		);
+
+		foreach ( $passthrough_headers as $name ) {
+			$value = wp_remote_retrieve_header( $response, $name );
+			if ( ! empty( $value ) ) {
+				header( $name . ': ' . $value );
+			}
+		}
+
+		http_response_code( $status );
+		echo $body; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+		exit;
+	}
+}
diff --git a/includes/class-rebelboost.php b/includes/class-rebelboost.php
@@ -11,6 +11,7 @@ class RebelBoost {
 	private $surrogate_keys;
 	private $settings;
 	private $admin;
+	private $proxy_mode;
 
 	public static function get_instance() {
 		if ( null === self::$instance ) {
@@ -31,6 +32,7 @@ private function load_dependencies() {
 		require_once REBELBOOST_PLUGIN_DIR . 'includes/class-surrogate-keys.php';
 		require_once REBELBOOST_PLUGIN_DIR . 'includes/class-settings.php';
 		require_once REBELBOOST_PLUGIN_DIR . 'includes/class-admin.php';
+		require_once REBELBOOST_PLUGIN_DIR . 'includes/class-proxy-mode.php';
 
 		if ( defined( 'WP_CLI' ) && WP_CLI ) {
 			require_once REBELBOOST_PLUGIN_DIR . 'includes/class-cli.php';
@@ -41,13 +43,15 @@ private function load_dependencies() {
 		$this->surrogate_keys     = new RebelBoost_Surrogate_Keys();
 		$this->settings           = new RebelBoost_Settings( $this->api_client );
 		$this->admin              = new RebelBoost_Admin( $this->api_client );
+		$this->proxy_mode         = new RebelBoost_Proxy_Mode();
 	}
 
 	private function register_hooks() {
 		$this->cache_invalidation->register_hooks();
 		$this->surrogate_keys->register_hooks();
 		$this->settings->register_hooks();
 		$this->admin->register_hooks();
+		$this->proxy_mode->register_hooks();
 
 		if ( defined( 'WP_CLI' ) && WP_CLI ) {
 			RebelBoost_CLI::register( $this->api_client );
@@ -75,6 +79,7 @@ public static function activate() {
 			'rebelboost_purge_on_comment' => '1',
 			'rebelboost_surrogate_keys'   => '1',
 			'rebelboost_category_header'  => 'X-RM-Categories',
+			'rebelboost_mode'             => 'integration',
 		);
 
 		foreach ( $defaults as $key => $value ) {
diff --git a/includes/class-settings.php b/includes/class-settings.php
@@ -27,6 +27,21 @@ public function add_menu_page() {
 	}
 
 	public function register_settings() {
+		// Plugin mode section.
+		add_settings_section(
+			'rebelboost_mode_section',
+			__( 'Plugin Mode', 'rebelboost' ),
+			array( $this, 'render_mode_section' ),
+			'rebelboost'
+		);
+
+		add_settings_field( 'rebelboost_mode', __( 'Operating Mode', 'rebelboost' ), array( $this, 'render_mode_field' ), 'rebelboost', 'rebelboost_mode_section' );
+
+		register_setting( 'rebelboost_settings', 'rebelboost_mode', array(
+			'type'              => 'string',
+			'sanitize_callback' => array( $this, 'sanitize_mode' ),
+		) );
+
 		// Connection section.
 		add_settings_section(
 			'rebelboost_connection',
@@ -109,6 +124,7 @@ public function render_settings_page() {
 
 			<hr>
 
+			<?php if ( 'proxy' !== get_option( 'rebelboost_mode', 'integration' ) ) : ?>
 			<h2><?php esc_html_e( 'DNS Setup Guide', 'rebelboost' ); ?></h2>
 			<div class="rebelboost-dns-guide">
 				<p><?php esc_html_e( 'To enable RebelBoost optimization, point your domain to the RebelBoost proxy:', 'rebelboost' ); ?></p>
@@ -119,6 +135,10 @@ public function render_settings_page() {
 					<li><?php esc_html_e( 'Verify the connection using the "Test Connection" button above.', 'rebelboost' ); ?></li>
 				</ol>
 			</div>
+			<?php else : ?>
+			<h2><?php esc_html_e( 'Proxy Mode Active', 'rebelboost' ); ?></h2>
+			<p><?php esc_html_e( 'RebelBoost is operating in proxy mode. Asset URLs are being rewritten to route through the RebelBoost CDN. No DNS or CDN changes are required.', 'rebelboost' ); ?></p>
+			<?php endif; ?>
 
 			<hr>
 
@@ -221,6 +241,32 @@ public function render_category_header_field() {
 
 	// Sanitizers.
 
+	public function render_mode_section() {
+		echo '<p>' . esc_html__( 'Choose how RebelBoost connects to your site.', 'rebelboost' ) . '</p>';
+	}
+
+	public function render_mode_field() {
+		$current = get_option( 'rebelboost_mode', 'integration' );
+		?>
+		<fieldset>
+			<label style="display:block; margin-bottom:8px;">
+				<input type="radio" name="rebelboost_mode" value="integration" <?php checked( $current, 'integration' ); ?>>
+				<strong><?php esc_html_e( 'Integration', 'rebelboost' ); ?></strong>
+				&mdash; <?php esc_html_e( 'Works with your existing CDN. Handles cache invalidation and surrogate keys. Requires CDN/DNS pointing to RebelBoost.', 'rebelboost' ); ?>
+			</label>
+			<label style="display:block;">
+				<input type="radio" name="rebelboost_mode" value="proxy" <?php checked( $current, 'proxy' ); ?>>
+				<strong><?php esc_html_e( 'Proxy', 'rebelboost' ); ?></strong>
+				&mdash; <?php esc_html_e( 'Routes assets through RebelBoost via WordPress output rewriting. No DNS or CDN changes needed.', 'rebelboost' ); ?>
+			</label>
+		</fieldset>
+		<?php
+	}
+
+	public function sanitize_mode( $value ) {
+		return in_array( $value, array( 'integration', 'proxy' ), true ) ? $value : 'integration';
+	}
+
 	public function sanitize_host( $value ) {
 		$value = trim( $value );
 		if ( empty( $value ) ) {
@@ -250,11 +296,36 @@ public function ajax_test_connection() {
 		if ( ! empty( $_POST['host'] ) ) {
 			update_option( 'rebelboost_host', $this->sanitize_host( wp_unslash( $_POST['host'] ) ) );
 		}
+		if ( isset( $_POST['mode'] ) ) {
+			update_option( 'rebelboost_mode', $this->sanitize_mode( wp_unslash( $_POST['mode'] ) ) );
+		}
 
 		$this->api_client->reload();
 
-		// Register the origin first so the host has an origin config
-		// before we attempt a purge-based connection test.
+		$mode = get_option( 'rebelboost_mode', 'integration' );
+
+		if ( 'proxy' === $mode ) {
+			// In proxy mode, verify the API key first.
+			$result = $this->api_client->test_connection( true );
+
+			if ( true !== $result ) {
+				wp_send_json_error( array( 'message' => $result->get_error_message() ) );
+				return;
+			}
+
+			// Still register the origin so the service knows where to
+			// fetch content from — but don't fail if it errors (the host
+			// may not have a full CDN config yet in proxy mode).
+			$this->api_client->register_origin();
+
+			wp_send_json_success( array(
+				'message' => __( 'Connected! Proxy mode active — asset URLs will be rewritten.', 'rebelboost' ),
+			) );
+			return;
+		}
+
+		// Integration mode: register the origin first so the host has an
+		// origin config before we attempt a purge-based connection test.
 		$origin_result = $this->api_client->register_origin();
 		if ( true !== $origin_result ) {
 			wp_send_json_error( array( 'message' => $origin_result->get_error_message() ) );
