Traffic Boost: Add backend implementation #3149
Conversation
# Conflicts: # package-lock.json # src/content-helper/common/settings/provider.tsx
…add/traffic-boost-backend
…on a loading state.
vaurdan
added
Component: PHP
Feature: PCH
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-link-positions.php
Outdated
Show resolved
Hide resolved
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-link-positions.php
Outdated
Show resolved
Hide resolved
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-links.php
Outdated
Show resolved
Hide resolved
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-links.php
Outdated
Show resolved
Hide resolved
src/content-helper/dashboard-page/pages/traffic-boost/single-post-component.tsx
Outdated
Show resolved
Hide resolved
src/content-helper/dashboard-page/pages/traffic-boost/single-post-component.tsx
Outdated
Show resolved
Hide resolved
src/content-helper/dashboard-page/pages/traffic-boost/single-post-component.tsx
Outdated
Show resolved
Hide resolved
src/content-helper/dashboard-page/pages/traffic-boost/single-post-component.tsx
Outdated
Show resolved
Hide resolved
|
Hey @vaurdan, thanks for working on this, I've completed my review. I also wanted to note that I'm getting these PHPStan errors: |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
src/Models/class-inbound-smart-link.php (1)
811-932: Refactor largeremove()method.The
remove()method handles multiple concerns (restoring links, removing anchors, updating post meta, etc.), which can become harder to maintain. Consider breaking it into smaller helper methods to improve readability.src/rest-api/content-helper/class-endpoint-traffic-boost.php (2)
3-9: Add a period to the short description lines.Per WordPress coding standards, short descriptions in doc blocks should end with a period. Consider adding a period to lines 3 and 4 for consistency.
Apply this diff to fix the short descriptions:
- * Endpoint: Traffic Boost - * Parse.ly Content Helper `/traffic-boost` API endpoint class + * Endpoint: Traffic Boost. + * Parse.ly Content Helper `/traffic-boost` API endpoint class.
736-770: Consider integrating additional authorization checks.The smart link ID validation is thorough. However, there is no explicit check of user roles/capabilities within
validate_smart_link_id. If permissions are not enforced inBase_Endpoint, you might expose endpoints to unauthorized users. Confirm that this method is called only when a valid permission callback is in place.
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (8)
src/Models/class-inbound-smart-link.php(6 hunks)src/Models/class-smart-link-status.php(1 hunks)src/Models/class-smart-link.php(22 hunks)src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/add-new-link-button.tsx(3 hunks)src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/post-details.tsx(5 hunks)src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/tabs/inbound-links-tab.tsx(3 hunks)src/rest-api/content-helper/class-endpoint-traffic-boost.php(1 hunks)src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-links.php(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- src/Models/class-smart-link-status.php
🧰 Additional context used
📓 Path-based instructions (2)
`**/*.{js,ts,tsx,jsx}`: "Perform a detailed review of the pr...
**/*.{js,ts,tsx,jsx}: "Perform a detailed review of the provided code with following key aspects in mind:
- Review the code to ensure it is well-structured and adheres to best practices.
- Verify compliance with WordPress coding standards.
- Ensure the code is well-documented.
- Check for security vulnerabilities and confirm the code is secure.
- Optimize the code for performance, removing any unnecessary elements.
- Validate JSDoc comments for accuracy, currency, and adherence to WordPress coding standards.
- Ensure each line comment concludes with a period.
- Confirm every JSDoc comment includes a @SInCE tag indicating the next version of the plugin to include the code.
- Guarantee compatibility with the latest version of WordPress, avoiding deprecated functions or features."
src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/post-details.tsxsrc/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/tabs/inbound-links-tab.tsxsrc/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/add-new-link-button.tsx
`**/*.{html,php}`: "Perform a detailed review of the provide...
**/*.{html,php}: "Perform a detailed review of the provided code with following key aspects in mind:
- Review the HTML and PHP code to ensure it is well-structured and adheres to best practices.
- Ensure the code follows WordPress coding standards and is well-documented.
- Confirm the code is secure and free from vulnerabilities.
- Optimize the code for performance, removing any unnecessary elements.
- Validate comments for accuracy, currency, and adherence to WordPress coding standards.
- Ensure each line comment concludes with a period.
- Verify code compatibility with the latest version of WordPress, avoiding deprecated functions or features."
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-links.phpsrc/Models/class-inbound-smart-link.phpsrc/Models/class-smart-link.phpsrc/rest-api/content-helper/class-endpoint-traffic-boost.php
🪛 Biome (1.9.4)
src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/post-details.tsx
[error] 44-44: Avoid passing content using the dangerouslySetInnerHTML prop.
Setting content using code can expose users to cross-site scripting (XSS) attacks
(lint/security/noDangerouslySetInnerHtml)
🪛 GitHub Check: SonarCloud
src/Models/class-inbound-smart-link.php
[failure] 585-585: XPath expressions should not be vulnerable to injection attacks
Change this code to not construct this XPath expression from user-controlled data.See more on SonarQube Cloud
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: E2E against WordPress latest
🔇 Additional comments (21)
src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/post-details.tsx (2)
4-4: Good addition for loading state management.Adding the Spinner component provides a better user experience by showing a loading indicator.
19-20: Props interface updates align well with loading state requirements.Making the post property optional and adding the isLoading boolean enhances component flexibility. This change properly supports the loading state pattern.
src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/tabs/inbound-links-tab.tsx (4)
5-5: Good addition of internationalization support.Adding the
__function from@wordpress/i18nensures proper localization of user-facing strings.
38-39: Well-implemented loading state management.Correctly adding and using the loading state from the store follows best practices for React and WordPress data management.
Also applies to: 44-45
54-54: Good prop passing for loading state.Properly passing the loading state to the child component ensures consistent UI behavior.
62-66: Excellent UX with empty state handling.Adding a specific empty state message improves user experience by providing clear feedback when no inbound links are available. The internationalized message follows WordPress guidelines.
src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/add-new-link-button.tsx (3)
6-7: Good addition of required dependencies.Adding the useSelect hook and TrafficBoostStore imports follows WordPress coding standards for proper state management.
Also applies to: 17-17
47-48: Well-implemented state access.Using useSelect to access the current post from the store follows WordPress data management best practices.
54-62: Important UX improvement to prevent self-referential links.The logic properly excludes the current post from suggestions, which prevents users from accidentally creating links to the same post they're working on. This is a valuable improvement that helps prevent potential user errors.
The dependency array correctly includes both suggestions and currentPost, ensuring the effect runs when either value changes.
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-links.php (4)
1-7: Overall structure looks good.All high-level elements (namespace, class declaration, docblocks) are well-structured and adhere to WordPress and PHP standards.
69-69: Consider renamingblending_weight.A past review comment already suggested changing this to
performance_blending_weight.
133-133: Update the@sincetag.Past feedback suggests this should match 3.18.0 for consistency with the rest of the file.
85-90:❓ Verification inconclusive
Verify the existence of
anchor_texts.There is no safeguard if
$link['anchor_texts']is missing or null. Ensure the remote API always returnsanchor_texts; otherwise, add a fallback or error check.
🏁 Script executed:
#!/bin/bash # Description: Searches for references to 'anchor_texts' usage beyond this file to confirm assumptions about the remote API response structure. ast-grep --pattern $'$_["anchor_texts"]'Length of output: 41
Action Required: Confirm the API’s "anchor_texts" Key Exists
The code in
src/services/suggestions-api/endpoints/class-endpoint-suggest-inbound-links.php(lines 85–90) assumes that$link['anchor_texts']is always defined. However, our initial ast-grep search for this key didn’t yield any further occurrences in the repository. Please manually verify that the remote API response consistently includes the"anchor_texts"key. If there’s any chance it might be missing ornull, add a safeguard (for example, by wrapping the access in anisset()check or providing a default value).src/Models/class-inbound-smart-link.php (1)
585-585: Prevent potential XPath injection.This line builds the XPath query directly using
$this->uid. Ensure$this->uidis sanitized or encoded to avoid injection.- $query = sprintf( '//a[@data-smartlink="%s"]', $this->uid ); + $sanitized_uid = esc_attr( $this->uid ); + $query = '//a[@data-smartlink="' . $sanitized_uid . '"]';🧰 Tools
🪛 GitHub Check: SonarCloud
[failure] 585-585: XPath expressions should not be vulnerable to injection attacks
Change this code to not construct this XPath expression from user-controlled data.See more on SonarQube Cloud
src/Models/class-smart-link.php (2)
40-47: Recheck@since 3.16.0.Previous reviews noted this likely belongs to a later version (e.g., 3.18.0) since the property is newly added.
1-1019: All other changes appear consistent.No further security or functionality concerns in the remaining lines. Good adherence to WordPress coding standards and code organization.
src/rest-api/content-helper/class-endpoint-traffic-boost.php (5)
7-7: Version annotation verification.You've placed multiple
@since 3.17.0annotations across this file. Verify that the version references accurately map to features introduced in 3.17.0 vs. 3.18.0, as some functions are tagged with 3.18.0.
32-34: Reusable trait usage looks clean.Using the
Content_Helper_Featuretrait andUse_Post_ID_Parameter_Traitkeeps code modular and consistent with the rest of the plugin. No issues noted here.
79-83: Missing explicit REST permissions callback.While the routes are registered correctly, it’s not obvious whether
Base_Endpointenforces a permissions check. Ensure that each route requires the correct user capability to prevent unauthorized API calls.
92-92: We aren’t settingrequiredhere, in contrast to other route registrations.This is identical to a past review comment mentioning the inconsistent use of
'required' => truefor parameters across routes. If the parameter truly isn't mandatory, please confirm or document why.
293-303: Discarding previous suggestions logic appears correct.The optional
discard_previousparameter and its handling here look well-implemented. This helps avoid stacking stale suggestions. No further adjustments needed.
src/content-helper/dashboard-page/pages/traffic-boost/sidebar/components/post-details.tsx
Show resolved
Hide resolved
|
@acicovic I have addressed your feedback! I will now move to check Code Rabbit's feedback and fix any issues in another commit.
Interesting, I don't see the $ composer static-analysis
> @php ./vendor/bin/phpstan analyze --memory-limit=2G
Note: Using configuration file /Users/henrique/Repositories/wp-parsely/phpstan.neon.
165/165 [▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓] 100%
------ --------------------------------------------------------------------------------------------------------------------------------------------
Line src/UI/class-dashboard-page.php
------ --------------------------------------------------------------------------------------------------------------------------------------------
:71 Strict comparison using === between 0 and 1|2|false will always evaluate to false.
💡 Because the type is coming from a PHPDoc, you can turn off this check by setting treatPhpDocTypesAsCertain: false in your phpstan.neon.
:131 Strict comparison using === between 0 and 1|2|false will always evaluate to false.
💡 Because the type is coming from a PHPDoc, you can turn off this check by setting treatPhpDocTypesAsCertain: false in your phpstan.neon.
------ --------------------------------------------------------------------------------------------------------------------------------------------
[ERROR] Found 2 errors
Script @php ./vendor/bin/phpstan analyze --memory-limit=2G handling the static-analysis event returned with error code 1
$ php ./vendor/bin/phpstan --version
PHPStan - PHP Static Analysis Tool 1.12.20I have fixed these issues though. @coderabbitai pause |
|
@vaurdan Thanks for the update! I've confirmed that the PHPStan errors in I've paused the automated reviews as requested. Just let me know when you'd like me to resume reviewing. ✅ Actions performedReviews paused. |
|
@vaurdan Thanks for addressing the feedback and fixing the PHPStan errors. I'll pause the automated reviews for this PR as requested. ✅ Actions performedReviews paused. |
|
@acicovic SonarCloud is complaining about duplicate lines, but it's actually a false positive and I don't think it warrants a fix. So feel free to ignore the failing status of it, I have addressed all the other issues flagged by it. |
|
Hey @vaurdan, I'm completing my review and I've responded to a couple of conversations. I haven't re-checked PHPStan, but if this is an issue it will surely come up again when work is done against the branch. |
|
@acicovic I have addressed your comments in the latest commit, feel free to take a look! |
Description
This PR implements the backend for Traffic Boost, that integrates with the Suggestions API to generate traffic boost suggestions.
Alongside the new services added -
suggest-inbound-linksandsuggest-inbound-link-positions, a new REST API endpoint (traffic-boost) has been added that allows manipulating the Traffic Boost data (add, remove and list suggestions and existing inbound links).This PR adds a new composer dependency -
masterminds/HTML5- that helps with the DOM manipulation of the posts where links are added and removed.Motivation and context
How has this been tested?
Tested locally, on a clean environment and on a clone environment of an existing site. This has also been tested on a staging environment of a VIP site.
No new tests have been implemented yet, but existing tests do pass.
Screenshots (if appropriate)
Summary by CodeRabbit
New Features
Refactor
Style
Tests