rtCamp · justlevine · Mar 25, 2025 · Mar 20, 2025 · Mar 20, 2025 · Mar 20, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](./README.md#updating-and-versi
 
 - tests: Use `IntegrationTestCase` for Integration tests.
 - feat: Expose `generalSettings.siteIcon` field to the schema.
+- refactor : Update EnvGenerator variables, tests, documentation.
 
 ## [0.2.1] - 2025-03-10
 

diff --git a/access-functions.php b/access-functions.php
@@ -72,13 +72,15 @@ function snapwp_helper_get_env_variables() {
 		$upload_path = '/' . ltrim( str_replace( ABSPATH, '', $upload_dir['basedir'] ), '/' );
 
 		return [
-			'NODE_TLS_REJECT_UNAUTHORIZED'          => '0',
-			'NEXT_PUBLIC_URL'                       => 'http://localhost:3000',
-			'NEXT_PUBLIC_WORDPRESS_URL'             => untrailingslashit( get_home_url() ),
-			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'          => graphql_get_endpoint(),
-			'NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH'    => $upload_path,
-			'NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX' => '/' . rest_get_url_prefix(),
-			'INTROSPECTION_TOKEN'                   => $token,
+			'INTROSPECTION_TOKEN'              => $token,
+			'NEXT_PUBLIC_CORS_PROXY_PREFIX'    => '/proxy',
+			'NEXT_PUBLIC_FRONTEND_URL'         => 'http://localhost:3000',
+			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'     => graphql_get_endpoint(),
+			'NEXT_PUBLIC_REST_URL_PREFIX'      => '/' . rest_get_url_prefix(),
+			'NEXT_PUBLIC_WP_HOME_URL'          => untrailingslashit( get_home_url() ),
+			'NEXT_PUBLIC_WP_SITE_URL'          => '',
+			'NEXT_PUBLIC_WP_UPLOADS_DIRECTORY' => $upload_path,
+			'NODE_TLS_REJECT_UNAUTHORIZED'     => '0',
 		];
 	}
 }
diff --git a/docs/rest-api.md b/docs/rest-api.md
@@ -23,12 +23,15 @@ curl -X GET \
 
 This endpoint does not require any parameters to be passed in the request body. The .env file content is generated based on WordPress settings. Unchanged variables will be commented out.
 
-  - `NODE_TLS_REJECT_UNAUTHORIZED`: Only enable if connecting to a self-signed cert. (Default: `0`)
-  - `NEXT_PUBLIC_URL` (Required): The headless frontend domain URL. (Default: `http://localhost:3000`)
-  - `NEXT_PUBLIC_WORDPRESS_URL` (Required): The WordPress "frontend" domain URL.
-  - `NEXT_PUBLIC_GRAPHQL_ENDPOINT`: The WordPress GraphQL endpoint. (Default: `graphql`)
-  - `NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH`: The WordPress Uploads directory path. (Default: `wp-content/uploads`)
-  - `NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX`: The WordPress REST URL Prefix. (Default: `wp-json`)
+  - `INTROSPECTION_TOKEN` (Required): Token used for authenticating GraphQL introspection queries 
+  - `NEXT_PUBLIC_CORS_PROXY_PREFIX`: The CORS proxy prefix to use when bypassing CORS restrictions from WordPress server, Possible values: string|false Default: /proxy. This means for script module next app will make request `NEXT_PUBLIC_FRONTEND_URL/proxy/{module-path}`. (Default: `/proxy`)
+  - `NEXT_PUBLIC_FRONTEND_URL` (Required): The headless frontend domain URL. (Default: `http://localhost:3000`)
+  - `NEXT_PUBLIC_GRAPHQL_ENDPOINT` (Required): The WordPress GraphQL endpoint. (Default: `graphql`)
+  - `NEXT_PUBLIC_REST_URL_PREFIX`: The WordPress REST URL Prefix. (Default: `wp-json`)
+  - `NEXT_PUBLIC_WP_HOME_URL` (Required): The WordPress "frontend" domain URL.
+  - `NEXT_PUBLIC_WP_SITE_URL` : The WordPress "backend" domain URL.
+  - `NEXT_PUBLIC_WP_UPLOADS_DIRECTORY`: The WordPress Uploads directory path. (Default: `wp-content/uploads`)
+  - `NODE_TLS_REJECT_UNAUTHORIZED` (Required): Only enable if connecting to a self-signed cert. (Default: `0`)
 
 Note: This endpoint requires authentication with administrator privileges.
 
@@ -42,7 +45,7 @@ Note: This endpoint requires authentication with administrator privileges.
 
     ```json
     {
-        "content": "\n# The headless frontend domain URL\nNEXT_URL=http://localhost:3000\\n\n# The WordPress \"frontend\" domain URL\nHOME_URL=https://headless-demo.local\\n\n# The WordPress GraphQL endpoint\nGRAPHQL_ENDPOINT=graphql\\n"
+        "content":"\n# Token used for authenticating GraphQL introspection queries\nINTROSPECTION_TOKEN=Th15IS4te5tT0KEN\n\n# The CORS proxy prefix to use when bypassing CORS restrictions from WordPress server, Possible values: string|false Default: \/proxy, This means for script module next app will make request NEXT_PUBLIC_FRONTEND_URL\/proxy\/{module-path}\n# NEXT_PUBLIC_CORS_PROXY_PREFIX=\/proxy\n\n# The headless frontend domain URL. Make sure the value matches the URL used by your frontend app.\nNEXT_PUBLIC_FRONTEND_URL=http:\/\/localhost:3000\n\n# The WordPress GraphQL endpoint\nNEXT_PUBLIC_GRAPHQL_ENDPOINT=graphql\n\n# The WordPress REST URL Prefix\n# NEXT_PUBLIC_REST_URL_PREFIX=\/wp-json\n\n# The WordPress \"frontend\" domain URL e.g. https:\/\/my-headless-site.local\nNEXT_PUBLIC_WP_HOME_URL=http:\/\/snapwp.local\n\n# The WordPress \"backend\" Site Address. Uncomment if different than `NEXT_PUBLIC_WP_HOME_URL` e.g. https:\/\/my-headless-site.local\/wp\/\n# NEXT_PUBLIC_WP_SITE_URL=\n\n# The WordPress Uploads directory path\n# NEXT_PUBLIC_WP_UPLOADS_DIRECTORY=\/wp-content\/uploads\n\n# Only enable if connecting to a self-signed cert\nNODE_TLS_REJECT_UNAUTHORIZED=0"
     }
     ```
 

diff --git a/src/Modules/EnvGenerator/VariableRegistry.php b/src/Modules/EnvGenerator/VariableRegistry.php
@@ -19,41 +19,51 @@ class VariableRegistry {
 	 * @var array<string,array{description:string,default:string,required:bool}>
 	 */
 	private const VARIABLES = [
-		'NODE_TLS_REJECT_UNAUTHORIZED'          => [
+		'NODE_TLS_REJECT_UNAUTHORIZED'     => [
 			'description' => 'Only enable if connecting to a self-signed cert',
 			'default'     => '0',
 			'required'    => true,
 		],
-		'NEXT_PUBLIC_URL'                       => [
+		'NEXT_PUBLIC_FRONTEND_URL'         => [
 			'description' => 'The headless frontend domain URL. Make sure the value matches the URL used by your frontend app.',
 			'default'     => 'http://localhost:3000',
 			'required'    => true,
 		],
-		'NEXT_PUBLIC_WORDPRESS_URL'             => [
-			'description' => 'The WordPress "frontend" domain URL',
+		'NEXT_PUBLIC_WP_HOME_URL'          => [
+			'description' => 'The WordPress "frontend" domain URL e.g. https://my-headless-site.local',
 			'default'     => '',
 			'required'    => true,
 		],
-		'NEXT_PUBLIC_GRAPHQL_ENDPOINT'          => [
+		'NEXT_PUBLIC_WP_SITE_URL'          => [
+			'description' => 'The WordPress "backend" Site Address. Uncomment if different than `NEXT_PUBLIC_WP_HOME_URL` e.g. https://my-headless-site.local/wp/',
+			'default'     => '',
+			'required'    => false,
+		],
+		'NEXT_PUBLIC_GRAPHQL_ENDPOINT'     => [
 			'description' => 'The WordPress GraphQL endpoint',
 			'default'     => 'index.php?graphql',
 			'required'    => true,
 		],
-		'NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH'    => [
+		'NEXT_PUBLIC_WP_UPLOADS_DIRECTORY' => [
 			'description' => 'The WordPress Uploads directory path',
 			'default'     => '/wp-content/uploads',
 			'required'    => false,
 		],
-		'NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX' => [
+		'NEXT_PUBLIC_REST_URL_PREFIX'      => [
 			'description' => 'The WordPress REST URL Prefix',
 			'default'     => '/wp-json',
 			'required'    => false,
 		],
-		'INTROSPECTION_TOKEN'                   => [
+		'INTROSPECTION_TOKEN'              => [
 			'description' => 'Token used for authenticating GraphQL introspection queries',
 			'default'     => '',
 			'required'    => true,
 		],
+		'NEXT_PUBLIC_CORS_PROXY_PREFIX'    => [
+			'description' => 'The CORS proxy prefix to use when bypassing CORS restrictions from WordPress server, Possible values: string|false Default: /proxy, This means for script module next app will make request NEXT_PUBLIC_FRONTEND_URL/proxy/{module-path}',
+			'default'     => '/proxy',
+			'required'    => false,
+		],
 	];
 
 	/**

diff --git a/tests/Integration/GeneratorTest.php b/tests/Integration/GeneratorTest.php
@@ -24,12 +24,12 @@ public function testGeneratorInitialization(): void {
 		$registry = new VariableRegistry();
 
 		$values = [
-			'NODE_TLS_REJECT_UNAUTHORIZED'          => '',
-			'NEXT_PUBLIC_URL'                       => 'http://localhost:3000',
-			'NEXT_PUBLIC_WORDPRESS_URL'             => 'https://headless-demo.local',
-			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'          => '',
-			'NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH'    => '',
-			'NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX' => '',
+			'NODE_TLS_REJECT_UNAUTHORIZED'     => '',
+			'NEXT_PUBLIC_FRONTEND_URL'         => 'http://localhost:3000',
+			'NEXT_PUBLIC_WP_HOME_URL'          => 'https://headless-demo.local',
+			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'     => '',
+			'NEXT_PUBLIC_WP_UPLOADS_DIRECTORY' => '',
+			'NEXT_PUBLIC_REST_URL_PREFIX'      => '',
 		];
 
 		$generator = new Generator( $values, $registry );
@@ -43,13 +43,16 @@ public function testGeneratorInitialization(): void {
 	public function testGenerateEnvContent(): void {
 		$registry = new VariableRegistry();
 		$values   = [
-			'NODE_TLS_REJECT_UNAUTHORIZED'          => '5',
-			'NEXT_PUBLIC_URL'                       => 'http://localhost:3000',
-			'NEXT_PUBLIC_WORDPRESS_URL'             => 'https://headless-demo.local',
-			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'          => '/test_endpoint',
-			'NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH'    => 'uploads',
-			'NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX' => 'api',
-			'INVALID_VARIABLE'                      => 'should-not-be-included', // This should not be included in the output.
+			'NODE_TLS_REJECT_UNAUTHORIZED'     => '5',
+			'NEXT_PUBLIC_CORS_PROXY_PREFIX'    => '/proxy',
+			'NEXT_PUBLIC_FRONTEND_URL'         => 'http://localhost:3000',
+			'NEXT_PUBLIC_WP_HOME_URL'          => 'https://headless-demo.local',
+			'NEXT_PUBLIC_WP_SITE_URL'          => '',
+			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'     => '/test_endpoint',
+			'NEXT_PUBLIC_WP_UPLOADS_DIRECTORY' => 'uploads',
+			'NEXT_PUBLIC_REST_URL_PREFIX'      => 'api',
+			'INTROSPECTION_TOKEN'              => '0123456789',
+			'INVALID_VARIABLE'                 => 'should-not-be-included', // This should not be included in the output.
 		];
 
 		$generator = new Generator( $values, $registry );
@@ -61,20 +64,29 @@ public function testGenerateEnvContent(): void {
 # Only enable if connecting to a self-signed cert
 NODE_TLS_REJECT_UNAUTHORIZED=5
 
+# The CORS proxy prefix to use when bypassing CORS restrictions from WordPress server, Possible values: string|false Default: /proxy, This means for script module next app will make request NEXT_PUBLIC_FRONTEND_URL/proxy/{module-path}
+# NEXT_PUBLIC_CORS_PROXY_PREFIX=/proxy
+
 # The headless frontend domain URL. Make sure the value matches the URL used by your frontend app.
-NEXT_PUBLIC_URL=http://localhost:3000
+NEXT_PUBLIC_FRONTEND_URL=http://localhost:3000
+
+# The WordPress "frontend" domain URL e.g. https://my-headless-site.local
+NEXT_PUBLIC_WP_HOME_URL=https://headless-demo.local
 
-# The WordPress "frontend" domain URL
-NEXT_PUBLIC_WORDPRESS_URL=https://headless-demo.local
+# The WordPress "backend" Site Address. Uncomment if different than `NEXT_PUBLIC_WP_HOME_URL` e.g. https://my-headless-site.local/wp/
+# NEXT_PUBLIC_WP_SITE_URL=
 
 # The WordPress GraphQL endpoint
 NEXT_PUBLIC_GRAPHQL_ENDPOINT=/test_endpoint
 
 # The WordPress Uploads directory path
-NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH=uploads
+NEXT_PUBLIC_WP_UPLOADS_DIRECTORY=uploads
 
 # The WordPress REST URL Prefix
-NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX=api';
+NEXT_PUBLIC_REST_URL_PREFIX=api
+
+# Token used for authenticating GraphQL introspection queries
+INTROSPECTION_TOKEN=0123456789';
 
 		$this->assertSame( $expectedContent, $content );
 	}
@@ -85,12 +97,13 @@ public function testGenerateEnvContent(): void {
 	public function testMissingRequiredValuesEnvContent(): void {
 		$registry = new VariableRegistry();
 		$values   = [
-			'NODE_TLS_REJECT_UNAUTHORIZED'          => '',
-			'NEXT_PUBLIC_URL'                       => '',
-			'NEXT_PUBLIC_WORDPRESS_URL'             => '',
-			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'          => '',
-			'NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH'    => '',
-			'NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX' => '',
+			'NODE_TLS_REJECT_UNAUTHORIZED'     => '',
+			'NEXT_PUBLIC_FRONTEND_URL'         => '',
+			'NEXT_PUBLIC_WP_HOME_URL'          => '',
+			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'     => '',
+			'NEXT_PUBLIC_WP_UPLOADS_DIRECTORY' => '',
+			'NEXT_PUBLIC_REST_URL_PREFIX'      => '',
+			'INTROSPECTION_TOKEN'              => '',
 		];
 
 		$generator = new Generator( $values, $registry );
@@ -111,12 +124,13 @@ public function testDefaultValuesForEnvContent(): void {
 
 		// CASE : For NODE_TLS_REJECT_UNAUTHORIZED with no default value, Generator class should comment out the variable in .ENV content.
 		$values = [
-			'NODE_TLS_REJECT_UNAUTHORIZED'          => '0',
-			'NEXT_PUBLIC_URL'                       => 'http://localhost:3000',
-			'NEXT_PUBLIC_WORDPRESS_URL'             => 'https://headless-demo.local',
-			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'          => '/test_endpoint',
-			'NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH'    => '',
-			'NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX' => '',
+			'NODE_TLS_REJECT_UNAUTHORIZED'     => '0',
+			'NEXT_PUBLIC_CORS_PROXY_PREFIX'    => '',
+			'NEXT_PUBLIC_FRONTEND_URL'         => 'http://localhost:3000',
+			'NEXT_PUBLIC_WP_HOME_URL'          => 'https://headless-demo.local',
+			'NEXT_PUBLIC_GRAPHQL_ENDPOINT'     => '/test_endpoint',
+			'NEXT_PUBLIC_WP_UPLOADS_DIRECTORY' => '',
+			'NEXT_PUBLIC_REST_URL_PREFIX'      => '',
 		];
 
 		$generator = new Generator( $values, $registry );
@@ -129,20 +143,23 @@ public function testDefaultValuesForEnvContent(): void {
 # Only enable if connecting to a self-signed cert
 NODE_TLS_REJECT_UNAUTHORIZED=0
 
+# The CORS proxy prefix to use when bypassing CORS restrictions from WordPress server, Possible values: string|false Default: /proxy, This means for script module next app will make request NEXT_PUBLIC_FRONTEND_URL/proxy/{module-path}
+# NEXT_PUBLIC_CORS_PROXY_PREFIX=/proxy
+
 # The headless frontend domain URL. Make sure the value matches the URL used by your frontend app.
-NEXT_PUBLIC_URL=http://localhost:3000
+NEXT_PUBLIC_FRONTEND_URL=http://localhost:3000
 
-# The WordPress "frontend" domain URL
-NEXT_PUBLIC_WORDPRESS_URL=https://headless-demo.local
+# The WordPress "frontend" domain URL e.g. https://my-headless-site.local
+NEXT_PUBLIC_WP_HOME_URL=https://headless-demo.local
 
 # The WordPress GraphQL endpoint
 NEXT_PUBLIC_GRAPHQL_ENDPOINT=/test_endpoint
 
 # The WordPress Uploads directory path
-# NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH=/wp-content/uploads
+# NEXT_PUBLIC_WP_UPLOADS_DIRECTORY=/wp-content/uploads
 
 # The WordPress REST URL Prefix
-# NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX=/wp-json';
+# NEXT_PUBLIC_REST_URL_PREFIX=/wp-json';
 
 		$this->assertSame( $expectedContent, $content );
 	}

diff --git a/tests/Integration/RestControllerTest.php b/tests/Integration/RestControllerTest.php
@@ -93,7 +93,7 @@ public function testGenerateEnvEndpoint(): void {
 		$this->assertNotEmpty( $actual_data['content'] );
 		$search   = '\n';
 		$replace  = '';
-		$expected = "\n# Only enable if connecting to a self-signed cert\nNODE_TLS_REJECT_UNAUTHORIZED=0\n\n# The headless frontend domain URL. Make sure the value matches the URL used by your frontend app.\nNEXT_PUBLIC_URL=http://localhost:3000\n\n# The WordPress \"frontend\" domain URL\nNEXT_PUBLIC_WORDPRESS_URL=" . get_home_url() . "\n\n# The WordPress GraphQL endpoint\nNEXT_PUBLIC_GRAPHQL_ENDPOINT=" . graphql_get_endpoint() . "\n\n# The WordPress Uploads directory path\n# NEXT_PUBLIC_WORDPRESS_UPLOADS_PATH=/" . str_replace( ABSPATH, '', wp_get_upload_dir()['basedir'] ) . "\n\n# The WordPress REST URL Prefix\n# NEXT_PUBLIC_WORDPRESS_REST_URL_PREFIX=/" . rest_get_url_prefix() . "\n\n# Token used for authenticating GraphQL introspection queries\nINTROSPECTION_TOKEN=" . IntrospectionToken::get_token();
+		$expected = "\n# Token used for authenticating GraphQL introspection queries\nINTROSPECTION_TOKEN=" . IntrospectionToken::get_token() . "\n\n# The CORS proxy prefix to use when bypassing CORS restrictions from WordPress server, Possible values: string|false Default: /proxy, This means for script module next app will make request NEXT_PUBLIC_FRONTEND_URL/proxy/{module-path}\n# NEXT_PUBLIC_CORS_PROXY_PREFIX=/proxy\n\n# The headless frontend domain URL. Make sure the value matches the URL used by your frontend app.\nNEXT_PUBLIC_FRONTEND_URL=http://localhost:3000\n\n# The WordPress GraphQL endpoint\nNEXT_PUBLIC_GRAPHQL_ENDPOINT=" . graphql_get_endpoint() . "\n\n# The WordPress REST URL Prefix\n# NEXT_PUBLIC_REST_URL_PREFIX=/" . rest_get_url_prefix() . "\n\n# The WordPress \"frontend\" domain URL e.g. https://my-headless-site.local\nNEXT_PUBLIC_WP_HOME_URL=" . get_home_url() . "\n\n# The WordPress \"backend\" Site Address. Uncomment if different than `NEXT_PUBLIC_WP_HOME_URL` e.g. https://my-headless-site.local/wp/\n# NEXT_PUBLIC_WP_SITE_URL=\n\n# The WordPress Uploads directory path\n# NEXT_PUBLIC_WP_UPLOADS_DIRECTORY=/" . str_replace( ABSPATH, '', wp_get_upload_dir()['basedir'] ) . "\n\n# Only enable if connecting to a self-signed cert\nNODE_TLS_REJECT_UNAUTHORIZED=0";
 
 		$this->assertEquals( $expected, str_replace( $search, $replace, $actual_data['content'] ) );