wordpress-turnstile

WORKFLOW.md (6951B)

---

 # GNU Taler Turnstile Workflow
 
 This document explains the complete workflow of the Taler Turnstile
 WordPress plugin.
 
 ## Setup Phase
 
 ### 1. Plugin Installation
 - Admin uploads and activates the plugin
 - Default options are created (post type = 'post', grant_access_on_error = false)
 
 ### 2. Backend Configuration
 **Settings > Taler Turnstile**
 - Admin enters payment backend URL (must end with `/`)
 - Admin enters access token (must start with `secret-token:`)
 - Settings are validated against the actual backend
 - Backend connection is tested via HTTP requests to public
   /config endpoint to see if we have a merchant backend, and to
   "GET /private/orders" to see if the access token is valid.
 
 ### 3. Post Type Selection
 - Admin selects which post types should support paid content
 - When enabled: price category meta field is automatically added
 - When disabled: price category meta field is automatically removed
 - Field appears as a meta box in the post editor sidebar
 
 ### 4. Subscription Price Configuration
 **Settings > Taler Subscriptions**
 - Page only accessible after backend is configured as we need
   to download the list of subscription types from the backend
 - Lists all subscription types from the backend
 - Admin sets purchase price for each subscription in each currency
 - Empty price = subscription cannot be purchased in that currency
 
 ### 5. Price Category Creation
 **Taler Prices > Add New**
 - Admin creates named price categories (e.g., "Premium", "Standard")
 - For each subscription type and currency combination, set the access price
 - Empty price = cannot pay with that combination
 - Zero price = subscription grants full access without payment
 
 ## Content Publishing Phase
 
 ### 6. Content Creation
 - Editor creates/edits a post of an enabled post type
 - In the sidebar meta box, selects a price category
 - Saves the post
 - The price category ID is stored as post meta
 
 ## Visitor Access Phase
 
 ### 7. Initial Page View
 
 When a visitor views a protected post:
 
 ```
 1. WordPress loads the post
 2. Content filter is triggered
 3. Taler_Content_Filter::filter_content() checks:
 
    - Is this a singular post view? (not archive/search)
    - Is Turnstile enabled for this post type?
    - Is the post have a price category and is thus not gratis?
    - Does visitor lack a subscription granting zero-price access?
    - Does visitor's session not already have access?
 
    If all checks pass → proceed to paywall logic
    If any check fails → show full content
 ```
 
 ### 8. Order Management
 
 **Check for existing order:**
 ```
 - Look in session: $_SESSION['taler_turnstile_node_orders'][$post_id]
 - If found:
   - Query backend for order status
   - If paid → grant session access, show full content
   - If expired → ignore, create new order
   - If still valid → reuse existing order
 - If not found or invalid:
   - Create new order via backend API
   - Store order info in session
 ```
 
 **Order Creation:**
 ```
 POST /private/orders
 {
   "order": {
     "version": 1,
     "choices": [...], // From price category
     "summary": "Access to: Post Title",
     "fulfillment_url": "https://example.com/post-slug/",
     "pay_deadline": {...}
   },
   "session_id": "hashed-session-id",
   "create_token": false
 }
 
 Response: { "order_id": "..." }
 ```
 
 ### 9. Paywall Display
 
 Content is replaced with:
 ```html
 <div class="taler-turnstile-paywall">
   <!-- Post excerpt -->
   <div class="taler-turnstile-excerpt">...</div>
 
   <!-- Payment interface -->
   <div class="taler-payment-container">
     <!-- QR Code section -->
     <div class="taler-qr-section">
       <div class="taler-turnstile-qr-code-container"
            data-payment-url="..."
            data-session-id="...">
         <!-- QR code generated by JavaScript -->
       </div>
     </div>
 
     <!-- Button section -->
     <div class="taler-button-section">
       <a href="https://$BACKEND/orders/$ORDER_ID" class="taler-pay-button">
         Pay with GNU Taler
       </a>
     </div>
   </div>
 </div>
 ```
 
 ### 10. QR Code Generation
 
 **Client-side (payment-button.js):**
 ```javascript
 1. Find all .taler-turnstile-qr-code-container elements
 2. Extract payment-url and session-id from data attributes
 3. Convert HTTP URL to Taler URI format:
    - https://$BACKEND/orders/$ORDER_ID → taler://pay/$BACKEND/$ORDER_ID/$SESSION_ID
    - http://$BACKEND/orders/$ORDER_ID → taler+http://pay/$BACKEND/$ORDER_ID/$SESSION_ID
 4. Generate QR code using QRCode.js
 ```
 
 ### 11. Payment Polling
 
 **Automatic polling starts:**
 ```javascript
 function pollPaymentStatus(paymentUrl, sessionId) {
   // Long-poll with 30-second timeout
   GET paymentUrl?timeout_ms=30000&session_id=sessionId
 
   Responses:
   - 200/202: Payment complete → reload page
   - 402: Payment pending → continue polling
   - Timeout: Network timeout → retry polling
   - Error: Wait 5 seconds → retry polling
 }
 ```
 
 **Polling prevents:**
 - Rapid loops (enforces minimum delay between requests)
 - Server hammering (uses long-polling with timeout_ms)
 - Infinite errors (retries with backoff on non-402 errors)
 
 ### 12. Payment Completion
 
 **When visitor pays via wallet:**
 ```
 1. Taler wallet communicates with backend
 2. Backend marks order as paid
 3. Backend may issue subscription token to wallet
 4. Next poll request returns 200 OK
 5. JavaScript detects 200 OK and reloads page
 ```
 
 **On page reload:**
 ```
 1. filter_content() runs again
 2. Finds existing order in session
 3. Checks order status with backend
 4. Backend returns: paid=true, subscription info
 5. Plugin grants session access: $_SESSION['taler_turnstile_access'][$post_id] = true
 6. If subscription purchased: $_SESSION['taler_turnstile_subscriptions'][$slug] = expiration
 7. Full content is displayed
 ```
 
 ## Session State Management
 
 ### Access Tracking
 ```php
 $_SESSION['taler_turnstile_access'] = [
   123 => true,  // Post ID 123 has been paid for
   456 => true,  // Post ID 456 has been paid for
 ];
 ```
 
 ### Subscription Tracking
 ```php
 $_SESSION['taler_turnstile_subscriptions'] = [
   'premium' => 1735689600,  // Expires at Unix timestamp
   'basic' => 1733097600,
 ];
 ```
 
 ### Order Tracking
 ```php
 $_SESSION['taler_turnstile_node_orders'] = [
   123 => [
     'order_id' => 'ABC123',
     'payment_url' => 'https://...',
     'session_id' => 'hashed-id',
     'order_expiration' => 1733011200,
     'paid' => false,
   ],
 ];
 ```
 
 ## Error Handling
 
 ### Backend Unavailable
 ```
 If grant_access_on_error = true:
   - Show full content (fail open)
   - Log warning
 
 If grant_access_on_error = false:
   - Show error message (fail closed)
   - Do not show content
 ```
 
 ### Payment Polling Errors
 ```
 - Non-402 HTTP errors: Wait 5 seconds, retry
 - Network timeouts: Wait for full timeout period, retry
 - 402 responses: Continue polling immediately
 - Never give up polling (visitor may pay at any time)
 ```
 
 ## Security Considerations
 
 ### Session Security
 - Session IDs are hashed (SHA-256) before sending to backend
 - Backend cannot correlate sessions across sites