{\rtf1\ansi\ansicpg1252\cocoartf2822
\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
{\colortbl;\red255\green255\blue255;}
{\*\expandedcolortbl;;}
\margl1440\margr1440\vieww16540\viewh19840\viewkind0
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0

\f0\fs24 \cf0 <?php\
/**\
 * Plugin Name: RestoreSTL Bridge (WordPress \uc0\u8594  Backend)\
 * Description: Signs WMHW lead envelopes and forwards them to the backend. Exposes /wp-json/restorestl/v1/lead\
 * Author: RestoreSTL\
 * Version: 1.0.0\
 */\
\
if ( ! defined('ABSPATH') ) \{ exit; \}\
\
/** -----------------------------------------------------------------\
 *  CONFIG \'96 set these two and you\'92re done.\
 *  You can keep them here, or later move to Kinsta ENV and read via getenv().\
 *  ----------------------------------------------------------------- */\
const RST_BACKEND_URL   = 'YOUR_CLOUD_RUN_URL';   // e.g. https://restorestl-agent-backend-327709678368.us-central1.run.app\
const RST_WEBHOOK_SECRET = 'YOUR_WEBHOOK_SECRET'; // from GCP secret WEBHOOK_SHARED_SECRET\
\
/** Small helpers */\
function rst_first_nonempty(...$vals) \{\
    foreach ($vals as $v) \{ if ($v !== null && $v !== '') return $v; \}\
    return null;\
\}\
function rst_backend_url() \{\
    return rst_first_nonempty(\
        getenv('RESTORESTL_BACKEND_URL'),\
        defined('RST_BACKEND_URL') ? RST_BACKEND_URL : null\
    );\
\}\
function rst_webhook_secret() \{\
    return rst_first_nonempty(\
        getenv('RESTORESTL_WEBHOOK_SECRET'),\
        defined('RST_WEBHOOK_SECRET') ? RST_WEBHOOK_SECRET : null\
    );\
\}\
\
/** Register routes */\
add_action('rest_api_init', function () \{\
\
    register_rest_route('restorestl/v1', '/ping', [\
        'methods'  => 'GET',\
        'permission_callback' => '__return_true',\
        'callback' => function() \{\
            return new WP_REST_Response([ 'ok' => true, 'service' => 'wp-bridge' ], 200);\
        \}\
    ]);\
\
    register_rest_route('restorestl/v1', '/lead', [\
        'methods'  => 'POST',\
        'permission_callback' => '__return_true',\
        'callback' => function( WP_REST_Request $req ) \{\
\
            $backend = rst_backend_url();\
            $secret  = rst_webhook_secret();\
\
            if (empty($backend) || empty($secret)) \{\
                return new WP_REST_Response([\
                    'ok' => false,\
                    'error' => 'bridge_not_configured',\
                    'detail' => 'Backend URL or HMAC secret missing'\
                ], 500);\
            \}\
\
            $raw = $req->get_body();\
            if (!is_string($raw) || $raw === '') \{\
                return new WP_REST_Response([ 'ok' => false, 'error' => 'empty_body' ], 400);\
            \}\
\
            $json = json_decode($raw, true);\
            if (!is_array($json)) \{\
                return new WP_REST_Response([ 'ok' => false, 'error' => 'invalid_json' ], 400);\
            \}\
\
            // Enrich envelope a tiny bit\
            if (empty($json['source'])) \{\
                $json['source'] = 'wordpress';\
            \}\
\
            $payload = wp_json_encode($json, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);\
            $sig = hash_hmac('sha256', $payload, $secret);\
\
            $cid = isset($json['correlation_id']) ? $json['correlation_id'] : null;\
\
            $url = rtrim($backend, '/').'/lead_envelopes';\
            $headers = [\
                'Content-Type'         => 'application/json',\
                'X-RST-HMAC'           => $sig,\
                'X-RST-Source'         => 'wordpress',\
                'X-RST-Correlation-Id' => $cid ?: ''\
            ];\
\
            $res = wp_remote_post($url, [\
                'timeout' => 15,\
                'headers' => $headers,\
                'body'    => $payload,\
            ]);\
\
            if ( is_wp_error($res) ) \{\
                return new WP_REST_Response([\
                    'ok' => false,\
                    'error' => 'backend_unreachable',\
                    'detail' => $res->get_error_message()\
                ], 502);\
            \}\
\
            $code = wp_remote_retrieve_response_code($res);\
            $body = wp_remote_retrieve_body($res);\
            $out  = is_string($body) && $body !== '' ? json_decode($body, true) : null;\
\
            // Normalize response surface\
            if (is_array($out)) \{\
                $out['hmac'] = true; // we signed it here\
                return new WP_REST_Response($out, ($code >= 200 && $code < 300) ? 200 : $code);\
            \}\
\
            return new WP_REST_Response([\
                'ok' => ($code >= 200 && $code < 300),\
                'status' => $code,\
                'raw' => $body,\
                'hmac' => true,\
            ], ($code >= 200 && $code < 300) ? 200 : $code);\
        \}\
    ]);\
\
\});}