From a6027d62d44261269bc7afadc8fdef1277b3919e Mon Sep 17 00:00:00 2001 From: Ian Dunn Date: Wed, 18 Oct 2023 10:43:20 -0700 Subject: [PATCH] Google Maps: Require passing in a constant for `apiKey` This is more appropriate than hardcoding keys for specific sites, since this block will be reused on multiple sites. --- mu-plugins/blocks/google-map/README.md | 3 +++ mu-plugins/blocks/google-map/index.php | 9 +++------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mu-plugins/blocks/google-map/README.md b/mu-plugins/blocks/google-map/README.md index bf9e467ad..f49966770 100644 --- a/mu-plugins/blocks/google-map/README.md +++ b/mu-plugins/blocks/google-map/README.md @@ -16,6 +16,7 @@ Place something like the following in a block or pattern. If you're pulling even $map_options = array( 'id' => 'all-upcoming-events', + 'apiKey' => 'MY_API_KEY_CONSTANT', 'markers' => get_all_upcoming_events(), ); @@ -24,6 +25,8 @@ $map_options = array( ``` +`apiKey` should be the _name_ of a constant, not the value. It's not private because it'll be exposed in the HTTP request to Google Maps, but it should still be stored in a constant in a config file instead of `post_content`. That allows for centralization, documentation, and tracking changes over time. It should be restricted in Google Cloud Console to only the sites where it will be used, to prevent abuse. + `markers` should be an array of objects with the fields in the example below. The `timestamp` field should be a true Unix timestamp, meaning it assumes UTC. The `wporg_events` database table is one potential source for the events, but you can pass anything. ```php diff --git a/mu-plugins/blocks/google-map/index.php b/mu-plugins/blocks/google-map/index.php index e3d717ee8..a0429af19 100644 --- a/mu-plugins/blocks/google-map/index.php +++ b/mu-plugins/blocks/google-map/index.php @@ -34,12 +34,9 @@ function init() { function render( $attributes, $content, $block ) { $attributes['id'] = 'wp-block-wporg-google-map-' . $attributes['id']; - if ( empty( $attributes['apiKey'] ) ) { - $default_key = 'production' === wp_get_environment_type() ? 'WORDCAMP_PROD_GOOGLE_MAPS_API_KEY' : 'WORDCAMP_DEV_GOOGLE_MAPS_API_KEY'; - - if ( defined( $default_key ) ) { - $attributes['apiKey'] = constant( $default_key ); - } + if ( ! empty( $attributes['apiKey'] ) ) { + // See README for why this has to be a constant. + $attributes['apiKey'] = constant( $attributes['apiKey'] ); } $attributes['searchIcon'] = plugins_url( 'images/search.svg', __FILE__ );