Tag: integration

Super Simple OpenAI PHP Class

I’ve been playing around with hooking up ChatGPT/Dall-E to WordPress and WP-CLI. To do this, I whipped up a super simple class to make this easier:

<?php
class OpenAI_API {
	public const API_KEY = 'hunter2';  // Get your own darn key!

	/**
	 * Generates an image based on the provided prompt using the OpenAI API.
	 *
	 * @param string $prompt The text prompt to generate the image from. Default is an empty string.
	 * @return string The response body from the OpenAI API, or a JSON-encoded error message if the request fails.
	 */
	public static function generate_image( string $prompt = '' ): string {
		$data = array(
			'model'   => 'dall-e-3',
			'prompt'  => trim( $prompt ),
			'quality' => 'hd',
			'n'       => 1,
			'size'    => '1024x1024',
		);

		$args = array(
			'body'        => wp_json_encode( $data ),
			'headers'     => array(
				'Content-Type'  => 'application/json',
				'Authorization' => 'Bearer ' . OpenAI_API::API_KEY,
			),
			'method'      => 'POST',
			'data_format' => 'body',
		);

		$response = wp_remote_post( 'https://api.openai.com/v1/images/generations', $args );

		if ( is_wp_error( $response ) ) {
			return wp_json_encode( $response );
		} else {
			$body = wp_remote_retrieve_body( $response );
			return $body;
		}
	}

	/**
	 * Creates a chat completion using the OpenAI GPT-3.5-turbo model.
	 *
	 * @param string $prompt The user prompt to be sent to the OpenAI API.
	 * @param string $system_prompt Optional. The system prompt to be sent to the OpenAI API. Defaults to a predefined prompt.
	 * 
	 * @return string The response body from the OpenAI API, or a JSON-encoded error message if the request fails.
	 */
	public static function create_chat_completion( string $prompt = '', string $system_prompt = '' ): string {
		if ( empty( $system_prompt ) ) {
			$system_prompt = 'You are a virtual assistant designed to provide general support across a wide range of topics. Answer concisely and directly, focusing on essential information only. Maintain a friendly and approachable tone, adjusting response length based on the complexity of the question.';
		}

		// The data to send in the request body
		$data = array(
			'model'    => 'gpt-3.5-turbo',
			'messages' => array(
				array(
					'role'    => 'system',
					'content' => trim( $system_prompt ),
				),
				array(
					'role'    => 'user',
					'content' => trim( $prompt ),
				),
			),
		);

		$args = array(
			'body'        => wp_json_encode( $data ),
			'headers'     => array(
				'Content-Type'  => 'application/json',
				'Authorization' => 'Bearer ' . OpenAI_API::API_KEY,
			),
			'method'      => 'POST',
			'data_format' => 'body',
			'timeout'     => 15,
		);

		// Perform the POST request
		$response = wp_remote_post( 'https://api.openai.com/v1/chat/completions', $args );

		// Error handling
		if ( is_wp_error( $response ) ) {
			return wp_json_encode( $response );
		} else {
			if ( wp_remote_retrieve_response_code( $response ) !== 200 ) {
				return wp_json_encode( array( 'error' => 'API returned non-200 status code', 'response' => wp_remote_retrieve_body( $response ) ) );
			}

			// Assuming the request was successful, you can access the response body as follows:
			$body = wp_remote_retrieve_body( $response );
			return $body;
		}
	}
}Code language: PHP (php)

I can generate images and get back text from the LLM. Here’s some examples ChatGPT made to show how you can use these:

Example 1: Generating an Image

This example generates an image of a “cozy cabin in the snowy woods at sunset” using the generate_image method and displays it in an <img> tag.

<?php
$image_url = OpenAI_API::generate_image("A cozy cabin in the snowy woods at sunset");

if ( ! empty( $image_url ) ) {
    echo '<img src="' . esc_url( $image_url ) . '" alt="Cozy cabin in winter">';
} else {
    echo 'Image generation failed.';
}
?>Code language: PHP (php)

Example 2: Simple Chat Completion

This example sends a question to the create_chat_completion method and prints the response directly.

<?php
$response = OpenAI_API::create_chat_completion("How does photosynthesis work?");
echo $response;
?>Code language: PHP (php)

Example 3: Chat Completion with Custom System Prompt

This example sets a custom system prompt for a specific tone, here focusing on culinary advice, and asks a relevant question.

<?php
$system_prompt = "You are a culinary expert. Please provide advice on healthy meal planning.";
$response = OpenAI_API::create_chat_completion("What are some good meals for weight loss?", $system_prompt);
echo $response;
?>Code language: PHP (php)

Here are some key limitations of this simple API implementation and why these are crucial considerations for production:

Lack of Robust Error Handling:
- This API implementation has basic error handling that only checks if an error occurred during the request. It doesn’t provide specific error messages for different types of failures (like rate limits, invalid API keys, or network issues).
- Importance: In production, detailed error handling allows for clearer diagnostics and faster troubleshooting when issues arise.
No Caching:
- The current API makes a fresh request for each call, even if the response might be identical to a recent query.
- Importance: Caching can reduce API usage costs, improve response times, and reduce server load, particularly for commonly repeated queries.
No API Rate Limiting:
- This implementation doesn’t limit the number of requests sent within a certain time frame.
- Importance: Rate limiting prevents hitting API request quotas and helps avoid unexpected costs or blocked access if API limits are exceeded.
No Logging for Debugging:
- There’s no logging in place for tracking request errors or failed attempts.
- Importance: Logs provide an audit trail that helps diagnose issues over time, which is crucial for maintaining a stable application in production.
Lack of Security for API Key Management:
- The API key is currently hard coded into the class.
- Importance: In production, it’s best to use environment variables or a secure key management system to protect sensitive information and prevent accidental exposure of the API key.
No Response Parsing or Validation:
- The code assumes that the API response format is always correct, without validation.
- Importance: Inconsistent or unexpected responses can cause failures. Validation ensures the app handles different cases gracefully.

Why Not Use in Production?

Due to these limitations, this API should be considered a prototype or learning tool rather than a production-ready solution. Adding robust error handling, caching, rate limiting, and logging would make it more resilient, secure, and efficient for a production environment.

Alright, so listen to the LLM and don’t do anything stupid with this, like I am doing.

October 28, 2024

How To Restrict User to Self Posts in WordPress

I recently had to work with a third-party integration that used the WordPress REST API to interact with a website. We use this tool internally to move data around from other integrations, and finally into WordPress.

One of the things that I was worried about was the fact that this plugin would then have full access to the website, which is a private site. We only wanted to use it to post and then update WordPress posts, but there was always the concern that if the third party were to be hacked, then someone could read all of our posts on the private site through the REST API.

My solution was to hook into user_has_cap so that the user that was set up for the plugin to integrate with, through an application password, would only have access to read and edit its own posts. A bonus is that we wanted to be able to change the author of a post so that it would show up as specific users or project owners. That meant the authorized plugin user would also need access to these posts after the author was changed–so to get past that I scoured each post revision, and if the plugin user was the author of a revision it was also allowed access.

Finally, to make sure no other published posts were readable, I hooked into posts_results to set any post that didn’t meat the above criteria were marked as private. Below is a cleaned up version of that as an example if anyone else needs this type of functionality–feel free to use it as a starting point:

<?php
/**
 * Restricts post capabilities for a specific user.
 *
 * @param bool[]   $allcaps The current user capabilities.
 * @param string[] $caps    The requested capabilities.
 * @param array    $args {
 *     Arguments that accompany the requested capability check.
 *
 *     @type string    $0 Requested capability.
 *     @type int       $1 Concerned user ID.
 *     @type mixed  ...$2 Optional second and further parameters, typically object ID.
 * }
 * @param WP_User  $user    The user object.
 *
 * @return bool[] The modified user capabilities.
 */
function emrikol_restrict_post_capabilities( array $allcaps, array $caps, array $args, WP_User $user ): array {
	$post_id = isset( $args[2] ) ? absint( $args[2] ) : false;

	if ( false === $post_id || ! get_post( $post_id ) ) {
		return $allcaps;
	}

	if ( 'restricted' === get_user_meta( $user->ID, 'emrikol_restricted_post_capabilities', true ) ) {
		$allowed_caps  = array( 'read', 'read_private_posts', 'read_post', 'edit_post', 'delete_post', 'edit_others_posts', 'delete_others_posts' );
		$requested_cap = isset( $caps[0] ) ? $caps[0] : '';

		if ( in_array( $requested_cap, $allowed_caps, true ) ) {
			if ( emrikol_user_is_author_or_revision_author( $user->ID, $post_id ) ) {
				$allcaps[ $requested_cap ] = true;
			} else {
				$allcaps[ $requested_cap ] = false;
			}
		}
	}

	return $allcaps;
}
add_filter( 'user_has_cap', 'emrikol_restrict_post_capabilities', 10, 4 );

/**
 * Restricts the public posts results based on the query.
 *
 * @param WP_Post[] $posts  The array of posts returned by the query.
 * @param WP_Query  $query  The WP_Query instance (passed by reference).
 *
 * @return array           The filtered array of posts.
 */
function emrikol_restrict_public_posts_results( array $posts, WP_Query $query ): array {
	if ( ! is_admin() && $query->is_main_query() ) {
		$current_user = wp_get_current_user();

		if ( 'restricted' === get_user_meta( $user->ID, 'emrikol_restricted_post_capabilities', true ) ) {
			foreach ( $posts as $key => $post ) {
				if ( ! emrikol_user_is_author_or_revision_author( $current_user->ID, $post->ID ) ) {
					$posts[ $key ]->post_status = 'private';
				}
			}
		}
	}

	return $posts;
}
add_filter( 'posts_results', 'emrikol_restrict_public_posts_results', 10, 2 );

/**
 * Checks if the user is the author of the post or the author of a revision.
 *
 * @param int $user_id The ID of the user.
 * @param int $post_id The ID of the post.
 *
 * @return bool True if the user is the author or revision author, false otherwise.
 */
function emrikol_user_is_author_or_revision_author( int $user_id, int $post_id ): bool {
	$post_author_id = (int) get_post_field( 'post_author', $post_id );

	if ( $user_id === $post_author_id ) {
		return true;
	}

	$revisions = wp_get_post_revisions( $post_id );

	foreach ( $revisions as $revision ) {
		if ( $user_id === $revision->post_author ) {
			return true;
		}
	}

	return false;
}
Code language: PHP (php)

July 26, 2024

iOS Reminders to Habitica To Do’s via IFTTT
After digging around for a while trying to see how I could link up iOS’s Reminders with Habitica‘s To Do’s to help keep me organized, I finally found an easy way through IFTTT.

This works easily because Habitica offers a wonderful API💥

Specifically we’re looking at the “Create a new task belonging to the user” API endpoint:

https://habitica.com/api/v3/tasks/user

With this, we’ll need to make a POST request with some special headers to authenticate and then a body payload made of JSON:

Headers:
```
X-Client: my-user-id-IFTTTiOSRemindersSync
X-API-User: my-user-id
X-API-Key: my-api-keyCode language: HTTP (http)
```
Body:
```
{
	"text": "{{Title}}",
	"type": "todo",
	"notes": "{{Notes}} (Imported from iOS Reminders via IFTTT)"
}Code language: JSON / JSON with Comments (json)
```
From here, IFTTT will fill in the title, notes, and ship it off to Habitica for me to check off for some sweet XP!
October 29, 2021