From ce6da47bab645492811bb4bd5402ee2509246b64 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:23:42 +0000 Subject: [PATCH 01/11] Initial plan From 1719412039b1baa62e6c381f68e64915c5660e0d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:27:04 +0000 Subject: [PATCH 02/11] Add Facebook webhook integration for live video detection Co-authored-by: jkrrv <1238391+jkrrv@users.noreply.github.com> --- shimmer.php | 3 + shimmer/FACEBOOK_WEBHOOK.md | 77 ++++++++++++++ shimmer/FacebookWebhook.php | 205 ++++++++++++++++++++++++++++++++++++ 3 files changed, 285 insertions(+) create mode 100644 shimmer/FACEBOOK_WEBHOOK.md create mode 100644 shimmer/FacebookWebhook.php diff --git a/shimmer.php b/shimmer.php index 14ff761..3a70733 100644 --- a/shimmer.php +++ b/shimmer.php @@ -12,9 +12,11 @@ */ use tp\Shimmer\SessionMatters; +use tp\Shimmer\FacebookWebhook; use tp\TouchPointWP\TouchPointWP; require_once __DIR__ . "/shimmer/SessionMatters.php"; +require_once __DIR__ . "/shimmer/FacebookWebhook.php"; function tenth_involvementClasses() { @@ -400,6 +402,7 @@ function tenth_formatTimeString($string, $t = null): string add_filter('tp_adjust_time_string', 'tenth_formatTimeString'); SessionMatters::load(); +FacebookWebhook::load(); /** diff --git a/shimmer/FACEBOOK_WEBHOOK.md b/shimmer/FACEBOOK_WEBHOOK.md new file mode 100644 index 0000000..0dffa27 --- /dev/null +++ b/shimmer/FACEBOOK_WEBHOOK.md @@ -0,0 +1,77 @@ +# Facebook Webhook Configuration + +This plugin now includes Facebook webhook functionality to detect when the Facebook page `/tenth` has a new live video. + +## Setup Instructions + +### 1. Facebook App Configuration + +1. Go to [Facebook Developers](https://developers.facebook.com/) +2. Create a new app or use an existing one +3. Add the "Webhooks" product to your app +4. In your app settings, note down: + - App Secret (found in Settings > Basic) + - Create a Verify Token (a random string you create) + +### 2. WordPress Configuration + +Add the following constants to your `wp-config.php` file: + +```php +// Facebook App Configuration +define('FACEBOOK_APP_SECRET', 'your_app_secret_here'); +define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token_here'); +``` + +### 3. Webhook Subscription Setup + +1. In your Facebook App dashboard, go to Webhooks +2. Click "Add Callback URL" +3. Enter your webhook URL: `https://your-site.com/wp-json/shimmer/v1/facebook-webhook` +4. Enter the Verify Token (the same one you defined in wp-config.php) +5. Click "Verify and Save" + +### 4. Subscribe to Page Events + +1. In the Webhooks section, find your Page subscription +2. Click "Add Subscriptions" +3. Select the `live_videos` field +4. Save the subscription + +### 5. Grant Permissions + +1. Your Facebook App needs permission to access the page +2. Go to your Facebook Page settings +3. Add your app with appropriate permissions + +## How It Works + +When a live video is started on the Facebook page `/tenth`: + +1. Facebook sends a POST request to the webhook endpoint +2. The request is verified using the app secret +3. The webhook payload is parsed to extract the video ID +4. The `FacebookWebhook::handleLiveVideo($videoId)` method is called with the video ID + +## Customization + +The stub method `FacebookWebhook::handleLiveVideo($videoId)` currently just logs the video ID. You can customize this method in `/shimmer/FacebookWebhook.php` to: + +- Create a WordPress post +- Send notifications +- Update custom fields +- Trigger other actions + +## Testing + +To test the webhook: + +1. Use Facebook's webhook testing tool in the App dashboard +2. Send a test event for `live_videos` +3. Check your WordPress error logs for the message: "Facebook Live Video Detected - Video ID: {id}" + +## Security + +- All webhook requests are verified using HMAC signature validation +- The verify token prevents unauthorized webhook subscriptions +- Both GET (verification) and POST (notifications) endpoints are properly secured diff --git a/shimmer/FacebookWebhook.php b/shimmer/FacebookWebhook.php new file mode 100644 index 0000000..e147cab --- /dev/null +++ b/shimmer/FacebookWebhook.php @@ -0,0 +1,205 @@ + 'GET', + 'callback' => [self::class, 'handleWebhookVerification'], + 'permission_callback' => '__return_true', // Facebook needs to access this + ], + [ + 'methods' => 'POST', + 'callback' => [self::class, 'handleWebhookNotification'], + 'permission_callback' => '__return_true', // Facebook needs to access this + ], + ]); + } + + /** + * Handle webhook verification requests from Facebook (GET) + * + * Facebook sends a GET request with hub.mode, hub.verify_token, and hub.challenge + * to verify the webhook endpoint during subscription setup. + * + * @param \WP_REST_Request $request + * @return \WP_REST_Response + */ + public static function handleWebhookVerification(\WP_REST_Request $request): \WP_REST_Response + { + $mode = $request->get_param('hub_mode'); + $token = $request->get_param('hub_verify_token'); + $challenge = $request->get_param('hub_challenge'); + + // Verify that the mode and token match + if ($mode === 'subscribe' && $token === self::getVerifyToken()) { + // Respond with the challenge token to complete verification + return new \WP_REST_Response($challenge, 200, ['Content-Type' => 'text/plain']); + } + + return new \WP_REST_Response('Forbidden', 403); + } + + /** + * Handle incoming webhook notifications from Facebook (POST) + * + * @param \WP_REST_Request $request + * @return \WP_REST_Response + */ + public static function handleWebhookNotification(\WP_REST_Request $request): \WP_REST_Response + { + // Verify the request signature + if (!self::verifySignature($request)) { + return new \WP_REST_Response('Forbidden', 403); + } + + $body = $request->get_json_params(); + + // Process each entry in the webhook payload + if (isset($body['entry']) && is_array($body['entry'])) { + foreach ($body['entry'] as $entry) { + self::processEntry($entry); + } + } + + // Always return 200 OK to acknowledge receipt + return new \WP_REST_Response('EVENT_RECEIVED', 200); + } + + /** + * Verify the signature of the webhook request + * + * @param \WP_REST_Request $request + * @return bool + */ + private static function verifySignature(\WP_REST_Request $request): bool + { + $signature = $request->get_header('X-Hub-Signature-256'); + + if (!$signature) { + // Fallback to older signature header + $signature = $request->get_header('X-Hub-Signature'); + if (!$signature) { + return false; + } + $hashAlgorithm = 'sha1'; + } else { + $hashAlgorithm = 'sha256'; + } + + $appSecret = self::getAppSecret(); + if (!$appSecret) { + error_log('Facebook webhook: App secret not configured'); + return false; + } + + $body = $request->get_body(); + $expectedSignature = $hashAlgorithm . '=' . hash_hmac($hashAlgorithm, $body, $appSecret); + + return hash_equals($expectedSignature, $signature); + } + + /** + * Process a webhook entry to detect live video events + * + * @param array $entry + */ + private static function processEntry(array $entry): void + { + if (!isset($entry['changes']) || !is_array($entry['changes'])) { + return; + } + + foreach ($entry['changes'] as $change) { + if (isset($change['field']) && $change['field'] === 'live_videos') { + self::processLiveVideoChange($change); + } + } + } + + /** + * Process a live video change notification + * + * @param array $change + */ + private static function processLiveVideoChange(array $change): void + { + if (!isset($change['value'])) { + return; + } + + $value = $change['value']; + + // Check if this is a live video going live + if (isset($value['status']) && $value['status'] === 'live') { + $videoId = $value['id'] ?? null; + + if ($videoId) { + self::handleLiveVideo($videoId); + } + } + } + + /** + * Stub method to handle when a live video is detected + * + * This is the method that will be called with the video ID when + * the /tenth Facebook page starts a live video. + * + * @param string $videoId The Facebook video ID + */ + public static function handleLiveVideo(string $videoId): void + { + // TODO: Implement actual handling logic + // This is a stub method that receives the video ID + // You can add your custom logic here to process the live video + + error_log("Facebook Live Video Detected - Video ID: {$videoId}"); + + // Example: You could create a WordPress post, send notifications, etc. + // For now, this is just a placeholder that logs the video ID + } + + /** + * Get the Facebook app verify token from configuration + * + * @return string|null + */ + private static function getVerifyToken(): ?string + { + return defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN') ? FACEBOOK_WEBHOOK_VERIFY_TOKEN : null; + } + + /** + * Get the Facebook app secret from configuration + * + * @return string|null + */ + private static function getAppSecret(): ?string + { + return defined('FACEBOOK_APP_SECRET') ? FACEBOOK_APP_SECRET : null; + } +} From f679a8fa971f2e71295555eb6dd015b6a5e7b53e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:28:28 +0000 Subject: [PATCH 03/11] Add test and example files for Facebook webhook Co-authored-by: jkrrv <1238391+jkrrv@users.noreply.github.com> --- shimmer/FacebookWebhookTest.php | 157 +++++++++++++++++++++++++++ shimmer/facebook-webhook-example.php | 88 +++++++++++++++ 2 files changed, 245 insertions(+) create mode 100644 shimmer/FacebookWebhookTest.php create mode 100644 shimmer/facebook-webhook-example.php diff --git a/shimmer/FacebookWebhookTest.php b/shimmer/FacebookWebhookTest.php new file mode 100644 index 0000000..b62461b --- /dev/null +++ b/shimmer/FacebookWebhookTest.php @@ -0,0 +1,157 @@ +get_routes(); + return isset($routes['/shimmer/v1/facebook-webhook']); + } + + /** + * Test webhook verification with correct token + */ + public static function testVerificationSuccess(): array + { + $request = new \WP_REST_Request('GET', '/shimmer/v1/facebook-webhook'); + $request->set_param('hub_mode', 'subscribe'); + $request->set_param('hub_verify_token', FACEBOOK_WEBHOOK_VERIFY_TOKEN ?? 'test_token'); + $request->set_param('hub_challenge', 'test_challenge_123'); + + $response = rest_do_request($request); + + return [ + 'status' => $response->get_status(), + 'data' => $response->get_data(), + 'expected_status' => 200, + 'expected_data' => 'test_challenge_123' + ]; + } + + /** + * Test webhook verification with incorrect token + */ + public static function testVerificationFailure(): array + { + $request = new \WP_REST_Request('GET', '/shimmer/v1/facebook-webhook'); + $request->set_param('hub_mode', 'subscribe'); + $request->set_param('hub_verify_token', 'wrong_token'); + $request->set_param('hub_challenge', 'test_challenge_123'); + + $response = rest_do_request($request); + + return [ + 'status' => $response->get_status(), + 'data' => $response->get_data(), + 'expected_status' => 403 + ]; + } + + /** + * Create a mock webhook payload for testing + */ + public static function createMockLiveVideoPayload(string $videoId = 'test_video_123'): array + { + return [ + 'object' => 'page', + 'entry' => [ + [ + 'id' => '123456789', + 'time' => time(), + 'changes' => [ + [ + 'field' => 'live_videos', + 'value' => [ + 'id' => $videoId, + 'status' => 'live', + 'stream_url' => 'rtmps://example.com/stream', + ] + ] + ] + ] + ] + ]; + } + + /** + * Test signature verification + */ + public static function testSignatureVerification(): bool + { + $appSecret = FACEBOOK_APP_SECRET ?? 'test_secret'; + $payload = json_encode(self::createMockLiveVideoPayload()); + + $signature = 'sha256=' . hash_hmac('sha256', $payload, $appSecret); + + // In a real test, you would create a request with this signature + // and verify it's accepted + return !empty($signature); + } + + /** + * Example of what the handleLiveVideo method receives + */ + public static function exampleHandleLiveVideo(): string + { + $videoId = 'test_video_123'; + + // This would be called by the webhook handler when a live video is detected + // \tp\Shimmer\FacebookWebhook::handleLiveVideo($videoId); + + return "Video ID received: {$videoId}"; + } + + /** + * Run all tests + */ + public static function runAll(): array + { + $results = []; + + $results['endpoint_registered'] = self::testEndpointRegistered(); + + if (defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN')) { + $results['verification_success'] = self::testVerificationSuccess(); + $results['verification_failure'] = self::testVerificationFailure(); + } + + if (defined('FACEBOOK_APP_SECRET')) { + $results['signature_check'] = self::testSignatureVerification(); + } + + $results['example_payload'] = self::createMockLiveVideoPayload(); + $results['example_handler'] = self::exampleHandleLiveVideo(); + + return $results; + } +} + +/** + * Example usage (would be called from WordPress admin or a test script): + * + * $results = \tp\Shimmer\Tests\FacebookWebhookTest::runAll(); + * print_r($results); + */ diff --git a/shimmer/facebook-webhook-example.php b/shimmer/facebook-webhook-example.php new file mode 100644 index 0000000..6923841 --- /dev/null +++ b/shimmer/facebook-webhook-example.php @@ -0,0 +1,88 @@ + 'page', + 'entry' => [ + [ + 'id' => '123456789', // Page ID + 'time' => 1699824264, + 'changes' => [ + [ + 'field' => 'live_videos', + 'value' => [ + 'id' => '987654321', // Video ID + 'status' => 'live', + 'title' => 'Sunday Morning Service', + 'description' => 'Live worship service', + 'stream_url' => 'rtmps://live-api-s.facebook.com/...', + 'secure_stream_url' => 'rtmps://live-api-s.facebook.com/...', + 'dash_ingest_url' => 'https://live-api-s.facebook.com/...', + 'dash_ingest_secure_url' => 'https://live-api-s.facebook.com/...', + ] + ] + ] + ] + ] +]; + +echo json_encode($examplePayload, JSON_PRETTY_PRINT) . "\n\n"; + +echo "3. WEBHOOK PROCESSING\n"; +echo " - Plugin validates the request signature using HMAC\n"; +echo " - Extracts the video ID from the payload\n"; +echo " - Calls: FacebookWebhook::handleLiveVideo('987654321')\n\n"; + +echo "4. CUSTOM HANDLING (in handleLiveVideo method)\n"; +echo " Currently the stub method just logs:\n"; +echo " 'Facebook Live Video Detected - Video ID: 987654321'\n\n"; +echo " You can customize this to:\n"; +echo " - Create a WordPress post\n"; +echo " - Send email notifications\n"; +echo " - Update custom fields\n"; +echo " - Trigger other integrations\n"; +echo " - Start recording/archiving\n"; +echo " - Update digital signage\n"; +echo " - Etc.\n\n"; + +echo "5. RESPONSE TO FACEBOOK\n"; +echo " - Plugin returns: 200 OK with 'EVENT_RECEIVED'\n"; +echo " - Facebook marks the event as delivered\n\n"; + +echo "=== Configuration Required ===\n"; +echo "In wp-config.php:\n"; +echo "define('FACEBOOK_APP_SECRET', 'your_app_secret');\n"; +echo "define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token');\n\n"; + +echo "=== Facebook App Setup ===\n"; +echo "1. Create Facebook App at developers.facebook.com\n"; +echo "2. Add Webhooks product\n"; +echo "3. Configure callback URL: https://your-site.com/wp-json/shimmer/v1/facebook-webhook\n"; +echo "4. Subscribe to page events\n"; +echo "5. Select 'live_videos' field\n"; +echo "6. Grant app access to the /tenth page\n\n"; + +echo "=== Webhook URL ===\n"; +echo "https://your-wordpress-site.com/wp-json/shimmer/v1/facebook-webhook\n\n"; From 4e24039e8decc1cfe202204e6d1eecd9a3c4fc82 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:29:51 +0000 Subject: [PATCH 04/11] Add implementation summary documentation Co-authored-by: jkrrv <1238391+jkrrv@users.noreply.github.com> --- IMPLEMENTATION_SUMMARY.md | 116 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 IMPLEMENTATION_SUMMARY.md diff --git a/IMPLEMENTATION_SUMMARY.md b/IMPLEMENTATION_SUMMARY.md new file mode 100644 index 0000000..6fcdcee --- /dev/null +++ b/IMPLEMENTATION_SUMMARY.md @@ -0,0 +1,116 @@ +# Facebook Webhook Implementation Summary + +## Overview +This implementation adds Facebook webhook functionality to the Shimmer WordPress plugin to detect when the Facebook page `/tenth` has a new live video online. + +## Files Added/Modified + +### New Files +1. **shimmer/FacebookWebhook.php** - Main webhook handler class +2. **shimmer/FACEBOOK_WEBHOOK.md** - Setup and configuration documentation +3. **shimmer/FacebookWebhookTest.php** - Test utilities for verification +4. **shimmer/facebook-webhook-example.php** - Example demonstrating webhook flow + +### Modified Files +1. **shimmer.php** - Added 3 lines to load and initialize FacebookWebhook class + +## Requirements Met + +✅ **Requirement 1**: Use webhook API to detect when Facebook page /tenth has new live video +- Implemented via REST API endpoint at `/wp-json/shimmer/v1/facebook-webhook` +- Subscribes to `live_videos` field events +- Processes webhook notifications when status changes to 'live' + +✅ **Requirement 2**: Get video ID and provide it to stub method +- Extracts video ID from webhook payload +- Calls `FacebookWebhook::handleLiveVideo($videoId)` with the video ID +- Stub method currently logs the video ID (ready for customization) + +✅ **Requirement 3**: Smoothly handle all auth +- Implements webhook verification (GET endpoint) for Facebook app setup +- Uses HMAC-SHA256 signature verification for all webhook notifications +- Supports fallback to SHA1 for older implementations +- Uses `hash_equals()` for timing-attack-safe comparison +- Credentials stored as WordPress constants (not in code) + +## Technical Implementation + +### Webhook Verification (GET) +When Facebook sets up the webhook subscription: +1. Facebook sends GET request with `hub.mode`, `hub.verify_token`, and `hub.challenge` +2. Plugin verifies the token matches `FACEBOOK_WEBHOOK_VERIFY_TOKEN` +3. Returns the challenge to confirm subscription + +### Webhook Notifications (POST) +When a live video starts on /tenth: +1. Facebook sends POST request with signed payload +2. Plugin verifies HMAC signature using `FACEBOOK_APP_SECRET` +3. Parses payload to extract video information +4. Calls `handleLiveVideo($videoId)` when status is 'live' +5. Returns 200 OK to acknowledge receipt + +### Security Features +- ✅ HMAC signature verification (SHA256 or SHA1) +- ✅ Timing-safe string comparison (`hash_equals()`) +- ✅ Verify token validation +- ✅ No hardcoded credentials +- ✅ Proper error handling +- ✅ No SQL injection vulnerabilities +- ✅ No XSS vulnerabilities +- ✅ Public endpoint only accessible via proper authentication + +## Configuration + +Add to `wp-config.php`: +```php +define('FACEBOOK_APP_SECRET', 'your_app_secret_here'); +define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token_here'); +``` + +## Webhook URL +``` +https://your-wordpress-site.com/wp-json/shimmer/v1/facebook-webhook +``` + +## Next Steps for Users + +1. Create Facebook App at developers.facebook.com +2. Add Webhooks product to the app +3. Configure the callback URL with the webhook endpoint +4. Subscribe to Page events, specifically the `live_videos` field +5. Grant the app access to the /tenth Facebook page +6. Customize `handleLiveVideo()` method for specific business logic + +## Code Quality + +- ✅ PHP syntax validated +- ✅ Follows WordPress REST API conventions +- ✅ Proper namespacing (`tp\Shimmer\FacebookWebhook`) +- ✅ Comprehensive documentation +- ✅ Test utilities included +- ✅ Security best practices applied +- ✅ Minimal changes to existing code +- ✅ All functionality in new files + +## Testing + +Test utilities provided in `FacebookWebhookTest.php`: +- Endpoint registration verification +- Successful webhook verification test +- Failed webhook verification test +- Signature generation example +- Mock payload creation + +Example script in `facebook-webhook-example.php` demonstrates the complete flow. + +## Extensibility + +The `handleLiveVideo($videoId)` stub method can be customized to: +- Create WordPress posts +- Send email/SMS notifications +- Update custom fields +- Trigger recording/archiving +- Update digital signage +- Integrate with other systems + +Current implementation just logs the video ID for verification. From 4596f4ddd7c631083f0c13c902874a818e17e918 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:33:13 +0000 Subject: [PATCH 05/11] Use WordPress settings for Facebook credentials instead of constants Co-authored-by: jkrrv <1238391+jkrrv@users.noreply.github.com> --- IMPLEMENTATION_SUMMARY.md | 11 +- shimmer/FACEBOOK_WEBHOOK.md | 22 +++- shimmer/FacebookWebhook.php | 175 ++++++++++++++++++++++++++- shimmer/FacebookWebhookTest.php | 30 ++++- shimmer/facebook-webhook-example.php | 11 +- 5 files changed, 231 insertions(+), 18 deletions(-) diff --git a/IMPLEMENTATION_SUMMARY.md b/IMPLEMENTATION_SUMMARY.md index 6fcdcee..dc11d9d 100644 --- a/IMPLEMENTATION_SUMMARY.md +++ b/IMPLEMENTATION_SUMMARY.md @@ -61,12 +61,21 @@ When a live video starts on /tenth: ## Configuration -Add to `wp-config.php`: +**Method 1: WordPress Settings Page (Recommended)** +1. Go to WordPress Admin > Settings > Facebook Webhook +2. Enter your Facebook App Secret +3. Enter your Webhook Verify Token +4. Click "Save Settings" + +**Method 2: wp-config.php (Alternative)** +Add to `wp-config.php` (for backward compatibility): ```php define('FACEBOOK_APP_SECRET', 'your_app_secret_here'); define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token_here'); ``` +Note: Settings page values take precedence over constants. + ## Webhook URL ``` https://your-wordpress-site.com/wp-json/shimmer/v1/facebook-webhook diff --git a/shimmer/FACEBOOK_WEBHOOK.md b/shimmer/FACEBOOK_WEBHOOK.md index 0dffa27..c674115 100644 --- a/shimmer/FACEBOOK_WEBHOOK.md +++ b/shimmer/FACEBOOK_WEBHOOK.md @@ -9,26 +9,35 @@ This plugin now includes Facebook webhook functionality to detect when the Faceb 1. Go to [Facebook Developers](https://developers.facebook.com/) 2. Create a new app or use an existing one 3. Add the "Webhooks" product to your app -4. In your app settings, note down: - - App Secret (found in Settings > Basic) - - Create a Verify Token (a random string you create) +4. In your app settings (Settings > Basic), note down your App Secret ### 2. WordPress Configuration -Add the following constants to your `wp-config.php` file: +**Method 1: Using WordPress Settings (Recommended)** + +1. In WordPress admin, go to **Settings > Facebook Webhook** +2. Enter your Facebook App Secret +3. Create and enter a custom Verify Token (any random string you create - remember it for step 3) +4. Click "Save Settings" + +**Method 2: Using wp-config.php (Alternative)** + +For backward compatibility, you can still define these as constants in `wp-config.php`: ```php -// Facebook App Configuration +// Facebook App Configuration (optional - settings page is preferred) define('FACEBOOK_APP_SECRET', 'your_app_secret_here'); define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token_here'); ``` +Note: Settings page values take precedence over constants. + ### 3. Webhook Subscription Setup 1. In your Facebook App dashboard, go to Webhooks 2. Click "Add Callback URL" 3. Enter your webhook URL: `https://your-site.com/wp-json/shimmer/v1/facebook-webhook` -4. Enter the Verify Token (the same one you defined in wp-config.php) +4. Enter the Verify Token (the same one you entered in WordPress settings) 5. Click "Verify and Save" ### 4. Subscribe to Page Events @@ -75,3 +84,4 @@ To test the webhook: - All webhook requests are verified using HMAC signature validation - The verify token prevents unauthorized webhook subscriptions - Both GET (verification) and POST (notifications) endpoints are properly secured +- Credentials are stored securely in WordPress options table diff --git a/shimmer/FacebookWebhook.php b/shimmer/FacebookWebhook.php index e147cab..4c49a6d 100644 --- a/shimmer/FacebookWebhook.php +++ b/shimmer/FacebookWebhook.php @@ -18,6 +18,7 @@ class FacebookWebhook { public static function load(): void { add_action('rest_api_init', [self::class, 'registerWebhookEndpoint']); + self::registerSettings(); } /** @@ -184,22 +185,188 @@ public static function handleLiveVideo(string $videoId): void } /** - * Get the Facebook app verify token from configuration + * Get the Facebook app verify token from WordPress settings + * Falls back to constant if setting not found (for backward compatibility) * * @return string|null */ private static function getVerifyToken(): ?string { - return defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN') ? FACEBOOK_WEBHOOK_VERIFY_TOKEN : null; + $token = get_option('shimmer_facebook_verify_token'); + if (empty($token) && defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN')) { + $token = FACEBOOK_WEBHOOK_VERIFY_TOKEN; + } + return !empty($token) ? $token : null; } /** - * Get the Facebook app secret from configuration + * Get the Facebook app secret from WordPress settings + * Falls back to constant if setting not found (for backward compatibility) * * @return string|null */ private static function getAppSecret(): ?string { - return defined('FACEBOOK_APP_SECRET') ? FACEBOOK_APP_SECRET : null; + $secret = get_option('shimmer_facebook_app_secret'); + if (empty($secret) && defined('FACEBOOK_APP_SECRET')) { + $secret = FACEBOOK_APP_SECRET; + } + return !empty($secret) ? $secret : null; + } + + /** + * Register settings page in WordPress admin + */ + public static function registerSettings(): void + { + add_action('admin_menu', [self::class, 'addSettingsPage']); + add_action('admin_init', [self::class, 'registerSettingsFields']); + } + + /** + * Add settings page to WordPress admin menu + */ + public static function addSettingsPage(): void + { + add_options_page( + 'Facebook Webhook Settings', + 'Facebook Webhook', + 'manage_options', + 'shimmer-facebook-webhook', + [self::class, 'renderSettingsPage'] + ); + } + + /** + * Register settings fields + */ + public static function registerSettingsFields(): void + { + register_setting('shimmer_facebook_webhook', 'shimmer_facebook_app_secret', [ + 'type' => 'string', + 'sanitize_callback' => 'sanitize_text_field', + 'default' => '', + ]); + + register_setting('shimmer_facebook_webhook', 'shimmer_facebook_verify_token', [ + 'type' => 'string', + 'sanitize_callback' => 'sanitize_text_field', + 'default' => '', + ]); + + add_settings_section( + 'shimmer_facebook_webhook_section', + 'Facebook App Credentials', + [self::class, 'renderSettingsSection'], + 'shimmer-facebook-webhook' + ); + + add_settings_field( + 'shimmer_facebook_app_secret', + 'Facebook App Secret', + [self::class, 'renderAppSecretField'], + 'shimmer-facebook-webhook', + 'shimmer_facebook_webhook_section' + ); + + add_settings_field( + 'shimmer_facebook_verify_token', + 'Webhook Verify Token', + [self::class, 'renderVerifyTokenField'], + 'shimmer-facebook-webhook', + 'shimmer_facebook_webhook_section' + ); + } + + /** + * Render settings section description + */ + public static function renderSettingsSection(): void + { + echo '

Configure your Facebook App credentials for webhook integration. These settings are required to receive live video notifications from the /tenth Facebook page.

'; + } + + /** + * Render app secret field + */ + public static function renderAppSecretField(): void + { + $value = get_option('shimmer_facebook_app_secret', ''); + echo ''; + echo '

Enter your Facebook App Secret (found in Facebook App Settings > Basic)

'; + } + + /** + * Render verify token field + */ + public static function renderVerifyTokenField(): void + { + $value = get_option('shimmer_facebook_verify_token', ''); + echo ''; + echo '

Enter a custom verify token (you create this, and use the same value when configuring the webhook in Facebook)

'; + } + + /** + * Render settings page + */ + public static function renderSettingsPage(): void + { + if (!current_user_can('manage_options')) { + return; + } + + // Show success message if settings were updated + if (isset($_GET['settings-updated'])) { + add_settings_error( + 'shimmer_facebook_webhook_messages', + 'shimmer_facebook_webhook_message', + 'Settings Saved', + 'updated' + ); + } + + settings_errors('shimmer_facebook_webhook_messages'); + + $webhookUrl = rest_url('shimmer/v1/facebook-webhook'); + ?> +
+

+ +
+ +
+ +
+ +

Webhook Information

+ + + + + +
Webhook URL + +

Use this URL when configuring your Facebook webhook

+
+ +

Setup Instructions

+
    +
  1. Create a Facebook App at developers.facebook.com
    2. +
  2. In your Facebook App, go to Settings > Basic and copy your App Secret
    3. +
  3. Paste the App Secret in the field above
    4. +
  4. Create a custom Verify Token (any random string) and enter it above
    5. +
  5. Save these settings
    6. +
  6. In your Facebook App, add the "Webhooks" product
    7. +
  7. Click "Add Callback URL" and enter the Webhook URL shown above
    8. +
  8. Enter the same Verify Token you created in step 4
    9. +
  9. Click "Verify and Save"
    10. +
  10. Subscribe to the live_videos field for your page
    11. +
+
+ set_param('hub_mode', 'subscribe'); - $request->set_param('hub_verify_token', FACEBOOK_WEBHOOK_VERIFY_TOKEN ?? 'test_token'); + + // Get token from WordPress settings or fallback to constant + $token = get_option('shimmer_facebook_verify_token'); + if (empty($token) && defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN')) { + $token = FACEBOOK_WEBHOOK_VERIFY_TOKEN; + } + if (empty($token)) { + $token = 'test_token'; + } + + $request->set_param('hub_verify_token', $token); $request->set_param('hub_challenge', 'test_challenge_123'); $response = rest_do_request($request); @@ -101,7 +111,15 @@ public static function createMockLiveVideoPayload(string $videoId = 'test_video_ */ public static function testSignatureVerification(): bool { - $appSecret = FACEBOOK_APP_SECRET ?? 'test_secret'; + // Get app secret from WordPress settings or fallback to constant + $appSecret = get_option('shimmer_facebook_app_secret'); + if (empty($appSecret) && defined('FACEBOOK_APP_SECRET')) { + $appSecret = FACEBOOK_APP_SECRET; + } + if (empty($appSecret)) { + $appSecret = 'test_secret'; + } + $payload = json_encode(self::createMockLiveVideoPayload()); $signature = 'sha256=' . hash_hmac('sha256', $payload, $appSecret); @@ -133,12 +151,16 @@ public static function runAll(): array $results['endpoint_registered'] = self::testEndpointRegistered(); - if (defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN')) { + // Check if credentials are configured (either in settings or constants) + $hasVerifyToken = !empty(get_option('shimmer_facebook_verify_token')) || defined('FACEBOOK_WEBHOOK_VERIFY_TOKEN'); + $hasAppSecret = !empty(get_option('shimmer_facebook_app_secret')) || defined('FACEBOOK_APP_SECRET'); + + if ($hasVerifyToken) { $results['verification_success'] = self::testVerificationSuccess(); $results['verification_failure'] = self::testVerificationFailure(); } - if (defined('FACEBOOK_APP_SECRET')) { + if ($hasAppSecret) { $results['signature_check'] = self::testSignatureVerification(); } diff --git a/shimmer/facebook-webhook-example.php b/shimmer/facebook-webhook-example.php index 6923841..339a4bd 100644 --- a/shimmer/facebook-webhook-example.php +++ b/shimmer/facebook-webhook-example.php @@ -72,9 +72,14 @@ echo " - Facebook marks the event as delivered\n\n"; echo "=== Configuration Required ===\n"; -echo "In wp-config.php:\n"; -echo "define('FACEBOOK_APP_SECRET', 'your_app_secret');\n"; -echo "define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token');\n\n"; +echo "Method 1 (Recommended): WordPress Admin\n"; +echo " - Go to Settings > Facebook Webhook\n"; +echo " - Enter your Facebook App Secret\n"; +echo " - Enter your Webhook Verify Token\n"; +echo " - Click 'Save Settings'\n\n"; +echo "Method 2 (Alternative): wp-config.php\n"; +echo " define('FACEBOOK_APP_SECRET', 'your_app_secret');\n"; +echo " define('FACEBOOK_WEBHOOK_VERIFY_TOKEN', 'your_verify_token');\n\n"; echo "=== Facebook App Setup ===\n"; echo "1. Create Facebook App at developers.facebook.com\n"; From 21d04b9a5134dad267b6c2c3d1046dcb64e2b541 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:34:13 +0000 Subject: [PATCH 06/11] Add settings page layout documentation Co-authored-by: jkrrv <1238391+jkrrv@users.noreply.github.com> --- shimmer/SETTINGS_PAGE_LAYOUT.md | 92 +++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 shimmer/SETTINGS_PAGE_LAYOUT.md diff --git a/shimmer/SETTINGS_PAGE_LAYOUT.md b/shimmer/SETTINGS_PAGE_LAYOUT.md new file mode 100644 index 0000000..b46b746 --- /dev/null +++ b/shimmer/SETTINGS_PAGE_LAYOUT.md @@ -0,0 +1,92 @@ +# WordPress Settings Page - Facebook Webhook + +## Location +WordPress Admin → Settings → Facebook Webhook + +## Settings Page Layout + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Facebook Webhook Settings │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ Configure your Facebook App credentials for webhook │ +│ integration. These settings are required to receive live video │ +│ notifications from the /tenth Facebook page. │ +│ │ +│ ┌────────────────────────────────────────────────────────────┐ │ +│ │ Facebook App Credentials │ │ +│ ├────────────────────────────────────────────────────────────┤ │ +│ │ │ │ +│ │ Facebook App Secret │ │ +│ │ [••••••••••••••••••••••••••••••] │ │ +│ │ Enter your Facebook App Secret (found in Facebook App │ │ +│ │ Settings > Basic) │ │ +│ │ │ │ +│ │ Webhook Verify Token │ │ +│ │ [________________________________] │ │ +│ │ Enter a custom verify token (you create this, and use │ │ +│ │ the same value when configuring the webhook in Facebook) │ │ +│ │ │ │ +│ └────────────────────────────────────────────────────────────┘ │ +│ │ +│ [ Save Settings ] │ +│ │ +├─────────────────────────────────────────────────────────────────┤ +│ Webhook Information │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ Webhook URL: │ +│ https://your-site.com/wp-json/shimmer/v1/facebook-webhook │ +│ Use this URL when configuring your Facebook webhook │ +│ │ +├─────────────────────────────────────────────────────────────────┤ +│ Setup Instructions │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ 1. Create a Facebook App at developers.facebook.com │ +│ 2. In your Facebook App, go to Settings > Basic and copy │ +│ your App Secret │ +│ 3. Paste the App Secret in the field above │ +│ 4. Create a custom Verify Token (any random string) and │ +│ enter it above │ +│ 5. Save these settings │ +│ 6. In your Facebook App, add the "Webhooks" product │ +│ 7. Click "Add Callback URL" and enter the Webhook URL │ +│ shown above │ +│ 8. Enter the same Verify Token you created in step 4 │ +│ 9. Click "Verify and Save" │ +│ 10. Subscribe to the live_videos field for your page │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +## Features + +### Security +- **App Secret Field**: Password type input (masked) +- **Verify Token Field**: Text input (visible for copying) +- Values stored in WordPress options table +- Sanitized on save using `sanitize_text_field()` + +### User Experience +- Clear instructions integrated into the settings page +- Webhook URL displayed for easy copying +- Step-by-step setup guide +- Success message shown after saving + +### Access Control +- Only users with `manage_options` capability can access +- Typically administrators only + +### Backward Compatibility +- Constants in wp-config.php still work +- Settings page values take precedence +- Gradual migration path for existing users + +## Usage + +After saving settings, the webhook will automatically: +1. Accept verification requests from Facebook +2. Process live video notifications +3. Call the `handleLiveVideo()` stub method with video IDs From 978b2ab1a12f824a9cb72beb5f880a5202ca2a55 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 12 Nov 2025 19:53:20 +0000 Subject: [PATCH 07/11] Add video title to stub method, move settings to universal class, and add i18n Co-authored-by: jkrrv <1238391+jkrrv@users.noreply.github.com> --- IMPLEMENTATION_SUMMARY.md | 15 +- shimmer.php | 3 + shimmer/FACEBOOK_WEBHOOK.md | 15 +- shimmer/FacebookWebhook.php | 248 +++++++++------------------ shimmer/FacebookWebhookTest.php | 5 +- shimmer/SETTINGS_PAGE_LAYOUT.md | 55 +++--- shimmer/ShimmerSettings.php | 179 +++++++++++++++++++ shimmer/facebook-webhook-example.php | 9 +- 8 files changed, 311 insertions(+), 218 deletions(-) create mode 100644 shimmer/ShimmerSettings.php diff --git a/IMPLEMENTATION_SUMMARY.md b/IMPLEMENTATION_SUMMARY.md index dc11d9d..021c402 100644 --- a/IMPLEMENTATION_SUMMARY.md +++ b/IMPLEMENTATION_SUMMARY.md @@ -62,10 +62,11 @@ When a live video starts on /tenth: ## Configuration **Method 1: WordPress Settings Page (Recommended)** -1. Go to WordPress Admin > Settings > Facebook Webhook -2. Enter your Facebook App Secret -3. Enter your Webhook Verify Token -4. Click "Save Settings" +1. Go to WordPress Admin > Settings > Shimmer +2. Find the Facebook Webhook section +3. Enter your Facebook App Secret +4. Enter your Webhook Verify Token +5. Click "Save Settings" **Method 2: wp-config.php (Alternative)** Add to `wp-config.php` (for backward compatibility): @@ -88,7 +89,7 @@ https://your-wordpress-site.com/wp-json/shimmer/v1/facebook-webhook 3. Configure the callback URL with the webhook endpoint 4. Subscribe to Page events, specifically the `live_videos` field 5. Grant the app access to the /tenth Facebook page -6. Customize `handleLiveVideo()` method for specific business logic +6. Customize `handleLiveVideo($videoId, $videoTitle)` method for specific business logic ## Code Quality @@ -114,7 +115,7 @@ Example script in `facebook-webhook-example.php` demonstrates the complete flow. ## Extensibility -The `handleLiveVideo($videoId)` stub method can be customized to: +The `handleLiveVideo($videoId, $videoTitle)` stub method can be customized to: - Create WordPress posts - Send email/SMS notifications - Update custom fields @@ -122,4 +123,4 @@ The `handleLiveVideo($videoId)` stub method can be customized to: - Update digital signage - Integrate with other systems -Current implementation just logs the video ID for verification. +Current implementation just logs the video ID and title for verification. diff --git a/shimmer.php b/shimmer.php index 3a70733..b4db1d3 100644 --- a/shimmer.php +++ b/shimmer.php @@ -12,10 +12,12 @@ */ use tp\Shimmer\SessionMatters; +use tp\Shimmer\ShimmerSettings; use tp\Shimmer\FacebookWebhook; use tp\TouchPointWP\TouchPointWP; require_once __DIR__ . "/shimmer/SessionMatters.php"; +require_once __DIR__ . "/shimmer/ShimmerSettings.php"; require_once __DIR__ . "/shimmer/FacebookWebhook.php"; function tenth_involvementClasses() @@ -402,6 +404,7 @@ function tenth_formatTimeString($string, $t = null): string add_filter('tp_adjust_time_string', 'tenth_formatTimeString'); SessionMatters::load(); +ShimmerSettings::load(); FacebookWebhook::load(); diff --git a/shimmer/FACEBOOK_WEBHOOK.md b/shimmer/FACEBOOK_WEBHOOK.md index c674115..774a2d1 100644 --- a/shimmer/FACEBOOK_WEBHOOK.md +++ b/shimmer/FACEBOOK_WEBHOOK.md @@ -15,10 +15,11 @@ This plugin now includes Facebook webhook functionality to detect when the Faceb **Method 1: Using WordPress Settings (Recommended)** -1. In WordPress admin, go to **Settings > Facebook Webhook** -2. Enter your Facebook App Secret -3. Create and enter a custom Verify Token (any random string you create - remember it for step 3) -4. Click "Save Settings" +1. In WordPress admin, go to **Settings > Shimmer** +2. Find the **Facebook Webhook** section +3. Enter your Facebook App Secret +4. Create and enter a custom Verify Token (any random string you create - remember it for step 3) +5. Click "Save Settings" **Method 2: Using wp-config.php (Alternative)** @@ -59,12 +60,12 @@ When a live video is started on the Facebook page `/tenth`: 1. Facebook sends a POST request to the webhook endpoint 2. The request is verified using the app secret -3. The webhook payload is parsed to extract the video ID -4. The `FacebookWebhook::handleLiveVideo($videoId)` method is called with the video ID +3. The webhook payload is parsed to extract the video ID and title +4. The `FacebookWebhook::handleLiveVideo($videoId, $videoTitle)` method is called with the video ID and title ## Customization -The stub method `FacebookWebhook::handleLiveVideo($videoId)` currently just logs the video ID. You can customize this method in `/shimmer/FacebookWebhook.php` to: +The stub method `FacebookWebhook::handleLiveVideo($videoId, $videoTitle)` currently just logs the video ID and title. You can customize this method in `/shimmer/FacebookWebhook.php` to: - Create a WordPress post - Send notifications diff --git a/shimmer/FacebookWebhook.php b/shimmer/FacebookWebhook.php index 4c49a6d..93093ed 100644 --- a/shimmer/FacebookWebhook.php +++ b/shimmer/FacebookWebhook.php @@ -18,7 +18,79 @@ class FacebookWebhook { public static function load(): void { add_action('rest_api_init', [self::class, 'registerWebhookEndpoint']); - self::registerSettings(); + add_action('admin_init', [self::class, 'registerSettings'], 5); + } + + /** + * Register settings with ShimmerSettings + */ + public static function registerSettings(): void + { + // Register Facebook webhook section + ShimmerSettings::registerSection( + 'shimmer_facebook_webhook_section', + __('Facebook Webhook', 'shimmer'), + [self::class, 'renderSettingsSection'] + ); + + // Register Facebook App Secret field + ShimmerSettings::registerField( + 'shimmer_facebook_app_secret', + 'shimmer_facebook_webhook_section', + __('Facebook App Secret', 'shimmer'), + 'password', + [ + 'description' => __('Enter your Facebook App Secret (found in Facebook App Settings > Basic)', 'shimmer'), + 'default' => '', + ] + ); + + // Register Webhook Verify Token field + ShimmerSettings::registerField( + 'shimmer_facebook_verify_token', + 'shimmer_facebook_webhook_section', + __('Webhook Verify Token', 'shimmer'), + 'text', + [ + 'description' => __('Enter a custom verify token (you create this, and use the same value when configuring the webhook in Facebook)', 'shimmer'), + 'default' => '', + ] + ); + } + + /** + * Render settings section description + */ + public static function renderSettingsSection(): void + { + $webhookUrl = rest_url('shimmer/v1/facebook-webhook'); + ?> +

+ + + + + + +
+ +

+
+ +

+
    +
    2. +
  2. Basic and copy your App Secret', 'shimmer'); ?>
    3. +
    4. +
    5. +
    6. +
    7. +
    8. +
    9. +
    10. +
  10. live_videos')); ?>
    11. +
+ 'string', - 'sanitize_callback' => 'sanitize_text_field', - 'default' => '', - ]); - - register_setting('shimmer_facebook_webhook', 'shimmer_facebook_verify_token', [ - 'type' => 'string', - 'sanitize_callback' => 'sanitize_text_field', - 'default' => '', - ]); - - add_settings_section( - 'shimmer_facebook_webhook_section', - 'Facebook App Credentials', - [self::class, 'renderSettingsSection'], - 'shimmer-facebook-webhook' - ); - - add_settings_field( - 'shimmer_facebook_app_secret', - 'Facebook App Secret', - [self::class, 'renderAppSecretField'], - 'shimmer-facebook-webhook', - 'shimmer_facebook_webhook_section' - ); - - add_settings_field( - 'shimmer_facebook_verify_token', - 'Webhook Verify Token', - [self::class, 'renderVerifyTokenField'], - 'shimmer-facebook-webhook', - 'shimmer_facebook_webhook_section' - ); - } - - /** - * Render settings section description - */ - public static function renderSettingsSection(): void - { - echo '

Configure your Facebook App credentials for webhook integration. These settings are required to receive live video notifications from the /tenth Facebook page.

'; - } - - /** - * Render app secret field - */ - public static function renderAppSecretField(): void - { - $value = get_option('shimmer_facebook_app_secret', ''); - echo ''; - echo '

Enter your Facebook App Secret (found in Facebook App Settings > Basic)

'; - } - - /** - * Render verify token field - */ - public static function renderVerifyTokenField(): void - { - $value = get_option('shimmer_facebook_verify_token', ''); - echo ''; - echo '

Enter a custom verify token (you create this, and use the same value when configuring the webhook in Facebook)

'; - } - - /** - * Render settings page - */ - public static function renderSettingsPage(): void - { - if (!current_user_can('manage_options')) { - return; - } - - // Show success message if settings were updated - if (isset($_GET['settings-updated'])) { - add_settings_error( - 'shimmer_facebook_webhook_messages', - 'shimmer_facebook_webhook_message', - 'Settings Saved', - 'updated' - ); - } - - settings_errors('shimmer_facebook_webhook_messages'); - - $webhookUrl = rest_url('shimmer/v1/facebook-webhook'); - ?> -
-

- -
- -
- -
- -

Webhook Information

- - - - - -
Webhook URL - -

Use this URL when configuring your Facebook webhook

-
- -

Setup Instructions

-
    -
  1. Create a Facebook App at developers.facebook.com
    2. -
  2. In your Facebook App, go to Settings > Basic and copy your App Secret
    3. -
  3. Paste the App Secret in the field above
    4. -
  4. Create a custom Verify Token (any random string) and enter it above
    5. -
  5. Save these settings
    6. -
  6. In your Facebook App, add the "Webhooks" product
    7. -
  7. Click "Add Callback URL" and enter the Webhook URL shown above
    8. -
  8. Enter the same Verify Token you created in step 4
    9. -
  9. Click "Verify and Save"
    10. -
  10. Subscribe to the live_videos field for your page
    11. -
-
- Basic and │ │ +│ │ copy your App Secret │ │ +│ │ 3. Paste the App Secret in the field below │ │ +│ │ ... (more instructions) │ │ +│ │ │ │ │ │ Facebook App Secret │ │ │ │ [••••••••••••••••••••••••••••••] │ │ │ │ Enter your Facebook App Secret (found in Facebook App │ │ @@ -32,32 +43,6 @@ WordPress Admin → Settings → Facebook Webhook │ │ │ [ Save Settings ] │ │ │ -├─────────────────────────────────────────────────────────────────┤ -│ Webhook Information │ -├─────────────────────────────────────────────────────────────────┤ -│ │ -│ Webhook URL: │ -│ https://your-site.com/wp-json/shimmer/v1/facebook-webhook │ -│ Use this URL when configuring your Facebook webhook │ -│ │ -├─────────────────────────────────────────────────────────────────┤ -│ Setup Instructions │ -├─────────────────────────────────────────────────────────────────┤ -│ │ -│ 1. Create a Facebook App at developers.facebook.com │ -│ 2. In your Facebook App, go to Settings > Basic and copy │ -│ your App Secret │ -│ 3. Paste the App Secret in the field above │ -│ 4. Create a custom Verify Token (any random string) and │ -│ enter it above │ -│ 5. Save these settings │ -│ 6. In your Facebook App, add the "Webhooks" product │ -│ 7. Click "Add Callback URL" and enter the Webhook URL │ -│ shown above │ -│ 8. Enter the same Verify Token you created in step 4 │ -│ 9. Click "Verify and Save" │ -│ 10. Subscribe to the live_videos field for your page │ -│ │ └─────────────────────────────────────────────────────────────────┘ ``` @@ -89,4 +74,4 @@ WordPress Admin → Settings → Facebook Webhook After saving settings, the webhook will automatically: 1. Accept verification requests from Facebook 2. Process live video notifications -3. Call the `handleLiveVideo()` stub method with video IDs +3. Call the `handleLiveVideo($videoId, $videoTitle)` stub method with video IDs and titles diff --git a/shimmer/ShimmerSettings.php b/shimmer/ShimmerSettings.php new file mode 100644 index 0000000..702cf1b --- /dev/null +++ b/shimmer/ShimmerSettings.php @@ -0,0 +1,179 @@ + $title, + 'callback' => $callback + ]; + } + + /** + * Register a settings field + * + * @param string $id Field ID (also used as option name) + * @param string $sectionId Section ID this field belongs to + * @param string $title Field title + * @param string $type Field type (text, password, textarea, checkbox) + * @param array $args Additional arguments (description, default, sanitize_callback, etc.) + */ + public static function registerField(string $id, string $sectionId, string $title, string $type = 'text', array $args = []): void + { + self::$fields[$id] = [ + 'section' => $sectionId, + 'title' => $title, + 'type' => $type, + 'args' => $args + ]; + } + + /** + * Add settings page to WordPress admin menu + */ + public static function addSettingsPage(): void + { + add_options_page( + __('Shimmer Settings', 'shimmer'), + __('Shimmer', 'shimmer'), + 'manage_options', + 'shimmer-settings', + [self::class, 'renderSettingsPage'] + ); + } + + /** + * Register all settings with WordPress + */ + public static function registerSettings(): void + { + // Register each field as a WordPress setting + foreach (self::$fields as $fieldId => $field) { + $args = $field['args']; + register_setting('shimmer_settings', $fieldId, [ + 'type' => 'string', + 'sanitize_callback' => $args['sanitize_callback'] ?? 'sanitize_text_field', + 'default' => $args['default'] ?? '', + ]); + } + + // Register sections + foreach (self::$sections as $sectionId => $section) { + add_settings_section( + $sectionId, + $section['title'], + $section['callback'], + 'shimmer-settings' + ); + } + + // Register fields + foreach (self::$fields as $fieldId => $field) { + add_settings_field( + $fieldId, + $field['title'], + [self::class, 'renderField'], + 'shimmer-settings', + $field['section'], + ['field_id' => $fieldId, 'field' => $field] + ); + } + } + + /** + * Render a settings field + * + * @param array $args Field arguments + */ + public static function renderField(array $args): void + { + $fieldId = $args['field_id']; + $field = $args['field']; + $value = get_option($fieldId, $field['args']['default'] ?? ''); + $description = $field['args']['description'] ?? ''; + + switch ($field['type']) { + case 'password': + echo ''; + break; + case 'textarea': + echo ''; + break; + case 'checkbox': + $checked = checked($value, '1', false); + echo ''; + break; + case 'text': + default: + echo ''; + break; + } + + if ($description) { + echo '

' . esc_html($description) . '

'; + } + } + + /** + * Render the settings page + */ + public static function renderSettingsPage(): void + { + if (!current_user_can('manage_options')) { + return; + } + + // Show success message if settings were updated + if (isset($_GET['settings-updated'])) { + add_settings_error( + 'shimmer_settings_messages', + 'shimmer_settings_message', + __('Settings Saved', 'shimmer'), + 'updated' + ); + } + + settings_errors('shimmer_settings_messages'); + ?> +
+

+ +
+ +
+
+ Facebook Webhook\n"; +echo " - Go to Settings > Shimmer\n"; +echo " - Find the Facebook Webhook section\n"; echo " - Enter your Facebook App Secret\n"; echo " - Enter your Webhook Verify Token\n"; echo " - Click 'Save Settings'\n\n"; From 290f68a659cfec11a180205b1ee5f1ed107c79eb Mon Sep 17 00:00:00 2001 From: "James K." Date: Thu, 11 Dec 2025 23:33:28 -0500 Subject: [PATCH 08/11] Updating facebook webhook to actually work --- .gitignore | 1 + shimmer/FacebookWebhook.php | 86 ++++++++++++++++++------------------- 2 files changed, 44 insertions(+), 43 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f5ef163 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/shimmer/facebook-webhook-log.json diff --git a/shimmer/FacebookWebhook.php b/shimmer/FacebookWebhook.php index 93093ed..2a5235b 100644 --- a/shimmer/FacebookWebhook.php +++ b/shimmer/FacebookWebhook.php @@ -2,6 +2,9 @@ namespace tp\Shimmer; +use WP_REST_Request; +use WP_REST_Response; + /** * FacebookWebhook handles Facebook webhook integration for live video notifications * @@ -118,39 +121,44 @@ public static function registerWebhookEndpoint(): void * Facebook sends a GET request with hub.mode, hub.verify_token, and hub.challenge * to verify the webhook endpoint during subscription setup. * - * @param \WP_REST_Request $request - * @return \WP_REST_Response + * @param WP_REST_Request $request + * @return WP_REST_Response */ - public static function handleWebhookVerification(\WP_REST_Request $request): \WP_REST_Response + public static function handleWebhookVerification(WP_REST_Request $request): WP_REST_Response { $mode = $request->get_param('hub_mode'); - $token = $request->get_param('hub_verify_token'); + $token = urldecode($request->get_param('hub_verify_token')); $challenge = $request->get_param('hub_challenge'); // Verify that the mode and token match if ($mode === 'subscribe' && $token === self::getVerifyToken()) { - // Respond with the challenge token to complete verification - return new \WP_REST_Response($challenge, 200, ['Content-Type' => 'text/plain']); + // Respond with the challenge token to complete verification. WP_REST_Response forces JSON, so we output directly. + header('Content-Type: text/html'); + echo $challenge; + exit; } - return new \WP_REST_Response('Forbidden', 403); + return new WP_REST_Response('Forbidden', 403); } /** * Handle incoming webhook notifications from Facebook (POST) * - * @param \WP_REST_Request $request - * @return \WP_REST_Response + * @param WP_REST_Request $request + * @return WP_REST_Response */ - public static function handleWebhookNotification(\WP_REST_Request $request): \WP_REST_Response + public static function handleWebhookNotification(WP_REST_Request $request): WP_REST_Response { // Verify the request signature - if (!self::verifySignature($request)) { - return new \WP_REST_Response('Forbidden', 403); - } +// if (!self::verifySignature($request)) { // TODO test and restore +// return new WP_REST_Response('Forbidden', 403); +// } $body = $request->get_json_params(); + // write the request body to a file TODO remove when done testing + file_put_contents(__DIR__ . '/facebook-webhook-log.json', json_encode($body, JSON_PRETTY_PRINT)); + // Process each entry in the webhook payload if (isset($body['entry']) && is_array($body['entry'])) { foreach ($body['entry'] as $entry) { @@ -159,16 +167,16 @@ public static function handleWebhookNotification(\WP_REST_Request $request): \WP } // Always return 200 OK to acknowledge receipt - return new \WP_REST_Response('EVENT_RECEIVED', 200); + return new WP_REST_Response('EVENT_RECEIVED', 200); } /** * Verify the signature of the webhook request * - * @param \WP_REST_Request $request + * @param WP_REST_Request $request * @return bool */ - private static function verifySignature(\WP_REST_Request $request): bool + private static function verifySignature(WP_REST_Request $request): bool { $signature = $request->get_header('X-Hub-Signature-256'); @@ -206,9 +214,10 @@ private static function processEntry(array $entry): void return; } + $ts = $entry['time'] ?? time(); foreach ($entry['changes'] as $change) { if (isset($change['field']) && $change['field'] === 'live_videos') { - self::processLiveVideoChange($change); + self::processLiveVideoChange($change, $ts); } } } @@ -218,7 +227,7 @@ private static function processEntry(array $entry): void * * @param array $change */ - private static function processLiveVideoChange(array $change): void + private static function processLiveVideoChange(array $change, $ts): void { if (!isset($change['value'])) { return; @@ -226,40 +235,31 @@ private static function processLiveVideoChange(array $change): void $value = $change['value']; - // Check if this is a live video going live - if (isset($value['status']) && $value['status'] === 'live') { - $videoId = $value['id'] ?? null; - $videoTitle = $value['title'] ?? $value['description'] ?? ''; - - if ($videoId) { - self::handleLiveVideo($videoId, $videoTitle); - } + if (isset($value['status'])) { + echo self::handleLiveVideo($value['id'], $value['status']); } } /** * Stub method to handle when a live video is detected - * + * * This is the method that will be called with the video ID and title when - * the /tenth Facebook page starts a live video. - * + * the /tenth Facebook page has an update regarding videos. + * * @param string $videoId The Facebook video ID - * @param string $videoTitle The video title/name (may be empty if not provided) + * @param string $statusStr The status string provided by Facebook */ - public static function handleLiveVideo(string $videoId, string $videoTitle = ''): void + public static function handleLiveVideo(string $videoId, string $statusStr = ''): string { - // TODO: Implement actual handling logic - // This is a stub method that receives the video ID and title - // You can add your custom logic here to process the live video - - $logMessage = "Facebook Live Video Detected - Video ID: {$videoId}"; - if (!empty($videoTitle)) { - $logMessage .= ", Title: {$videoTitle}"; - } - error_log($logMessage); - - // Example: You could create a WordPress post, send notifications, etc. - // For now, this is just a placeholder that logs the video ID and title + $s = wp_remote_post('https://west.tenth.org/live/facebookHandler.php', [ + 'body' => json_encode([ + 'status' => $statusStr, + 'fbVideoId' => $videoId + ]), + 'data_format' => 'body' + ]); + + return $s['body']; } /** From 80e939856f49081dbd9f35c6827ba4e094d61899 Mon Sep 17 00:00:00 2001 From: "James K." Date: Wed, 31 Dec 2025 20:55:48 -0500 Subject: [PATCH 09/11] unpublish goligher --- shimmer.php | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/shimmer.php b/shimmer.php index b4db1d3..d03698f 100644 --- a/shimmer.php +++ b/shimmer.php @@ -486,7 +486,7 @@ function exultant_override_menu($args) { //**************************** -function tenth_unpublishGoligherWynne($query) { +function tenth_unlistGoligherWynne($query) { if ( is_admin() || !$query->is_main_query() ) { return; } @@ -523,4 +523,27 @@ function tenth_unpublishGoligherWynne($query) { $query->set( 'tax_query', array_merge([ 'relation' => 'AND' ], $taxQuery, $restrictedTerms)); } -add_action( 'pre_get_posts', 'tenth_unpublishGoligherWynne' ); +add_action( 'pre_get_posts', 'tenth_unlistGoligherWynne'); + + +function tenth_unpublishGoligher() { + if (!is_singular()) { return; } + + if (current_user_can('administrator')) { return; } + + $post_id = get_queried_object_id(); + $taxonomies = get_object_taxonomies(get_post_type($post_id)); + + foreach ($taxonomies as $tax) { + if (has_term(7967, $tax, $post_id)) { + global $wp_query; + $wp_query->set_404(); + status_header(404); + nocache_headers(); + include get_query_template('404'); + exit; + } + } +} + +add_action('template_redirect', 'tenth_unpublishGoligher'); \ No newline at end of file From fbc9cd4099cac9af09f50970e60182762a94a8fe Mon Sep 17 00:00:00 2001 From: "James K." Date: Wed, 31 Dec 2025 21:00:50 -0500 Subject: [PATCH 10/11] unpublish goligher --- shimmer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shimmer.php b/shimmer.php index d03698f..bda3a51 100644 --- a/shimmer.php +++ b/shimmer.php @@ -546,4 +546,4 @@ function tenth_unpublishGoligher() { } } -add_action('template_redirect', 'tenth_unpublishGoligher'); \ No newline at end of file +add_action('template_redirect', 'tenth_unpublishGoligher', 0); \ No newline at end of file From 529a9ac88290f1184b07798cd083e42aed6b7c92 Mon Sep 17 00:00:00 2001 From: "James K." Date: Wed, 31 Dec 2025 21:23:29 -0500 Subject: [PATCH 11/11] Remove goligher from sitemap --- shimmer.php | 45 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/shimmer.php b/shimmer.php index bda3a51..758c3c1 100644 --- a/shimmer.php +++ b/shimmer.php @@ -4,7 +4,7 @@ Plugin Name: Shimmer Plugin URI: https://github.com/TenthPres/Shimmer Description: A series of basic functions to fill gaps in WordPress functionality. Shims. -Version: 1.0.5 +Version: 1.0.6 Author: James Kurtz Author URI: https://github.com/jkrrv License: MIT @@ -528,7 +528,6 @@ function tenth_unlistGoligherWynne($query) { function tenth_unpublishGoligher() { if (!is_singular()) { return; } - if (current_user_can('administrator')) { return; } $post_id = get_queried_object_id(); @@ -546,4 +545,44 @@ function tenth_unpublishGoligher() { } } -add_action('template_redirect', 'tenth_unpublishGoligher', 0); \ No newline at end of file +add_action('template_redirect', 'tenth_unpublishGoligher', 0); + + +/** + * Exclude posts with term 7967 from post-type sitemaps. + */ +function tenth_removeGoligherFromSitemaps($args, $post_type) { + // Collect all taxonomies registered for this post type + $taxonomies = get_object_taxonomies($post_type); + if (empty($taxonomies)) { + return $args; // no taxonomies -- nothing to exclude + } + + // Build a tax_query that requires the post NOT to have term 7967 in ANY taxonomy. + $tax_query = ['relation' => 'AND']; + + foreach ($taxonomies as $tax) { + $tax_query[] = [ + 'taxonomy' => $tax, + 'field' => 'term_id', + 'terms' => [7967], + 'operator' => 'NOT IN', + 'include_children' => false, + ]; + } + + // Merge with existing tax_query if present + if (!empty($args['tax_query'])) { + // Ensure relation AND at top + if (!isset($args['tax_query']['relation'])) { + $args['tax_query']['relation'] = 'AND'; + } + $args['tax_query'] = array_merge($args['tax_query'], $tax_query); + } else { + $args['tax_query'] = $tax_query; + } + + return $args; +} + +add_filter('wp_sitemaps_posts_query_args', 'tenth_removeGoligherFromSitemaps', 10, 2);