GitHub_API.php

<?php
/**
 * Git Updater
 *
 * @author   Andy Fragen
 * @license  GPL-3.0-or-later
 * @link     https://github.com/afragen/git-updater
 * @package  git-updater
 *
 * @phpcs:disable Squiz.Commenting.InlineComment.InvalidEndChar
 */

namespace Fragen\Git_Updater\API;

use Fragen\Singleton;
use stdClass;

/*
 * Exit if called directly.
 */
if ( ! defined( 'WPINC' ) ) {
	die;
}

/**
 * Class GitHub_API
 *
 * Get remote data from a GitHub repo.
 *
 * @author  Andy Fragen
 */
class GitHub_API extends API implements API_Interface {
	/**
	 * Constructor.
	 *
	 * @param stdClass $type plugin|theme.
	 */
	public function __construct( $type = null ) {
		parent::__construct();
		$this->type     = $type;
		$this->response = [];
		add_action( 'admin_init', [ $this, 'maybe_handle_oauth_flow' ] );
		$this->settings_hook( $this );
		$this->add_settings_subtab();
		$this->add_install_fields( $this );
	}

	/**
	 * Read the remote file and parse headers.
	 *
	 * @param string $file Filename.
	 *
	 * @return bool
	 */
	public function get_remote_info( $file ) {
		return $this->get_remote_api_info( 'github', "/repos/:owner/:repo/contents/{$file}" );
	}

	/**
	 * Get remote info for tags.
	 *
	 * @return bool
	 */
	public function get_remote_tag() {
		return $this->get_remote_api_tag( 'github', '/repos/:owner/:repo/tags' );
	}

	/**
	 * Read the remote CHANGES.md file.
	 *
	 * @param string $changes The changelog filename - deprecated.
	 *
	 * @return bool
	 */
	public function get_remote_changes( $changes ) {
		return $this->get_remote_api_changes( 'github', $changes, '/repos/:owner/:repo/contents/:changelog' );
	}

	/**
	 * Read and parse remote readme.txt.
	 *
	 * @return bool|void
	 */
	public function get_remote_readme() {
		$this->get_remote_api_readme( 'github', '/repos/:owner/:repo/contents/:readme' );
	}

	/**
	 * Read the repository meta from API.
	 *
	 * @return bool
	 */
	public function get_repo_meta() {
		return $this->get_remote_api_repo_meta( 'github', '/repos/:owner/:repo' );
	}

	/**
	 * Create array of branches and download links as array.
	 *
	 * @return bool
	 */
	public function get_remote_branches() {
		return $this->get_remote_api_branches( 'github', '/repos/:owner/:repo/branches' );
	}

	/**
	 * Return the latest GitHub release asset URL.
	 *
	 * @return string|bool|void
	 */
	public function get_release_asset() {
		// return $this->get_api_release_asset( 'github', '/repos/:owner/:repo/releases/latest' );
	}

	/**
	 * Return array of release assets.
	 *
	 * @return array
	 */
	public function get_release_assets() {
		return $this->get_api_release_assets( 'github', '/repos/:owner/:repo/releases' );
	}

	/**
	 * Return list of repository assets.
	 *
	 * @return array
	 */
	public function get_repo_assets() {
		return $this->get_remote_api_assets( 'github', '/repos/:owner/:repo/contents/:path' );
	}

	/**
	 * Return list of files at repo root.
	 *
	 * @return array
	 */
	public function get_repo_contents() {
		return $this->get_remote_api_contents( 'github', '/repos/:owner/:repo/contents' );
	}

	/**
	 * Construct $this->type->download_link using Repository Contents API.
	 *
	 * @url http://developer.github.com/v3/repos/contents/#get-archive-link
	 *
	 * @param boolean $branch_switch for direct branch changing.
	 *
	 * @return string $endpoint
	 */
	public function construct_download_link( $branch_switch = false ) {
		self::$method       = 'download_link';
		$download_link_base = $this->get_api_url( '/repos/:owner/:repo/zipball/', true );
		$endpoint           = '';

		// Release asset.
		if ( $this->use_release_asset( $branch_switch ) ) {
			$release_assets = $this->get_release_assets();
			if ( ! $release_assets ) {
				return '';
			}
			$release_assets['assets'] = $release_assets['assets'] ?? [];
			$release_asset            = reset( $release_assets['assets'] );

			/*
			 * Check if dev release asset is newer than latest release asset.
			 *
			 * @param bool
			 * @param $this->type Repo type object.
			 */
			if ( apply_filters( 'gu_dev_release_asset', false, $this->type ) ) {
				$current_asset_version     = array_key_first( $release_assets['assets'] ) ?? '';
				$current_dev_asset_version = array_key_first( $release_assets['dev_assets'] ) ?? '';
				if ( version_compare( $current_asset_version, $current_dev_asset_version, '<' ) ) {
					$release_asset = reset( $release_assets['dev_assets'] );
				}
			}

			if ( empty( $this->response['release_asset_download'] ) ) {
				$this->set_repo_cache( 'release_asset_download', $release_asset );
			}
			if ( ! empty( $this->response['release_asset_download'] ) ) {
				return $this->response['release_asset_download'];
			}

			return $this->get_release_asset_redirect( $release_asset, true );
		}

		/*
		 * If a branch has been given, use branch.
		 * If branch is primary branch (default) and tags are used, use newest tag.
		 */
		if ( $this->type->primary_branch !== $this->type->branch || empty( $this->type->tags ) ) {
			$endpoint .= $this->type->branch;
		} else {
			$endpoint .= $this->type->newest_tag;
		}

		// Create endpoint for branch switching.
		if ( $branch_switch ) {
			$endpoint = $branch_switch;
		}

		$download_link = $download_link_base . $endpoint;
		$download_link = apply_filters( 'gu_post_construct_download_link', $download_link, $this->type, $branch_switch );

		return $download_link;
	}

	/**
	 * Create GitHub API endpoints.
	 *
	 * @param GitHub_API|API $git Git host specific API object.
	 * @param string         $endpoint Endpoint.
	 *
	 * @return string $endpoint
	 */
	public function add_endpoints( $git, $endpoint ) {
		switch ( $git::$method ) {
			case 'file':
			case 'readme':
			case 'assets':
			case 'changes':
				$endpoint = add_query_arg( 'ref', $git->type->branch, $endpoint );
				break;
			case 'meta':
			case 'tags':
			case 'download_link':
			case 'release_asset':
			case 'translation':
				break;
			case 'branches':
				$endpoint = add_query_arg( 'per_page', '100', $endpoint );
				break;
			default:
				break;
		}

		/*
		 * If GitHub Enterprise return this endpoint.
		 */
		if ( ! empty( $git->type->enterprise_api ) ) {
			return $git->type->enterprise_api . $endpoint;
		}

		return $endpoint;
	}

	/**
	 * Calculate and store time until rate limit reset.
	 *
	 * @param array  $response HTTP headers.
	 * @param string $repo     Repo name.
	 *
	 * @return int
	 */
	public static function ratelimit_reset( $response, $repo ) {
		$headers = wp_remote_retrieve_headers( $response );
		if ( empty( $headers ) ) {
			return 60;
		}
		$data = $headers->getAll();
		if ( isset( $data['x-ratelimit-reset'] ) ) {
			$reset = (int) $data['x-ratelimit-reset'];
			//phpcs:ignore WordPress.DateTime.RestrictedFunctions.date_date
			$wait                        = date( 'i', $reset - time() );
			static::$error_code[ $repo ] = static::$error_code[ $repo ] ?? [];
			static::$error_code[ $repo ] = array_merge( static::$error_code[ $repo ], [ 'wait' => $wait ] );

			return $wait;
		}
	}

	/**
	 * Parse API response call and return only array of tag numbers.
	 *
	 * @param stdClass|array $response Response from API call.
	 *
	 * @return stdClass|array $arr Array of tag numbers, object is error.
	 */
	public function parse_tag_response( $response ) {
		if ( $this->validate_response( $response ) ) {
			return $response;
		}

		$arr = [];
		array_map(
			function ( $e ) use ( &$arr ) {
				$arr[] = $e->name;

				return $arr;
			},
			(array) $response
		);

		return $arr;
	}

	/**
	 * Parse API response and return array of meta variables.
	 *
	 * @param stdClass|array $response Response from API call.
	 *
	 * @return array $arr Array of meta variables.
	 */
	public function parse_meta_response( $response ) {
		if ( $this->validate_response( $response ) ) {
			return $response;
		}
		$arr      = [];
		$response = [ $response ];

		array_filter(
			$response,
			function ( $e ) use ( &$arr ) {
				$arr['private']      = $e->private ?? false;
				$arr['last_updated'] = $e->pushed_at ?? '';
				$arr['added']        = $e->created_at ?? '';
				$arr['watchers']     = $e->watchers ?? 0;
				$arr['forks']        = $e->forks ?? 0;
				$arr['open_issues']  = $e->open_issues ?? 0;
			}
		);

		return $arr;
	}

	/**
	 * Parse API response and return array with changelog in base64.
	 *
	 * @param stdClass|array $response Response from API call.
	 *
	 * @return array $arr Array of changes in base64.
	 */
	public function parse_changelog_response( $response ) {
		if ( $this->validate_response( $response ) ) {
			return $response;
		}
		$arr      = [];
		$response = [ $response ];

		array_filter(
			$response,
			function ( $e ) use ( &$arr ) {
				$arr['changes'] = $e->content;
			}
		);

		return $arr;
	}

	/**
	 * Parse API response and return array of branch data.
	 *
	 * @param stdClass $response API response.
	 *
	 * @return array Array of branch data.
	 */
	public function parse_branch_response( $response ) {
		if ( $this->validate_response( $response ) ) {
			return $response;
		}
		$branches = [];
		foreach ( $response as $branch ) {
			$branches[ $branch->name ]['download']    = $this->construct_download_link( $branch->name );
			$branches[ $branch->name ]['commit_hash'] = $branch->commit->sha;
			$branches[ $branch->name ]['commit_api']  = $branch->commit->url;
		}

		return $branches;
	}

	/**
	 * Parse release asset API response.
	 *
	 * @param stdClass $response API response.
	 *
	 * @return void
	 */
	public function parse_release_asset_response( $response ) {
		if ( $this->validate_response( $response ) ) {
			return;
		}
		if ( property_exists( $response, 'url' ) ) {
			$this->set_repo_cache( 'release_asset_download', $response->url );
		}
	}

	/**
	 * Parse tags and create download links.
	 *
	 * @param stdClass|array $response  Response from API call.
	 * @param array          $repo_type Array of repo data.
	 *
	 * @return array
	 */
	protected function parse_tags( $response, $repo_type ) {
		$tags          = [];
		$download_base = implode(
			'/',
			[
				$repo_type['base_uri'],
				'repos',
				$this->type->owner,
				$this->type->slug,
				'zipball/',
			]
		);

		foreach ( (array) $response as $tag ) {
			// Ignore leading 'v' and skip anything with dash or words.
			if ( ! preg_match( '/[^v]+[-a-z]+/', $tag ) ) {
				$tags[ $tag ] = $download_base . $tag;
			}
		}
		uksort( $tags, fn ( $a, $b ) => version_compare( ltrim( $b, 'v' ), ltrim( $a, 'v' ) ) );

		return $tags;
	}

	/**
	 * Parse remote root files/dirs.
	 *
	 * @param stdClass|array $response Response from API call.
	 *
	 * @return array
	 */
	protected function parse_contents_response( $response ) {
		$files = [];
		$dirs  = [];
		foreach ( $response as $content ) {
			$content = (object) $content;
			if ( property_exists( $content, 'type' ) && 'file' === $content->type ) {
				$files[] = $content->name;
			}
			if ( property_exists( $content, 'type' ) && 'dir' === $content->type ) {
				$dirs[] = $content->name;
			}
		}

		return [
			'files' => $files,
			'dirs'  => $dirs,
		];
	}

	/**
	 * Parse remote assets directory.
	 *
	 * @param stdClass|array $response Response from API call.
	 *
	 * @return stdClass|array
	 */
	protected function parse_asset_dir_response( $response ) {
		$assets = [];

		if ( isset( $response->message ) || is_wp_error( $response ) ) {
			return $response;
		}

		foreach ( $response as $asset ) {
			if ( 'file' === $asset->type ) {
				$assets[ $asset->name ] = $asset->download_url;
			}
		}

		if ( empty( $assets ) ) {
			$assets['message'] = 'No assets found';
			$assets            = (object) $assets;
		}

		return $assets;
	}

	/**
	 * Add settings for GitHub Personal Access Token.
	 *
	 * @param array $auth_required Array of authentication data.
	 *
	 * @return void
	 */
	public function add_settings( $auth_required ) {
		add_settings_section(
			'github_access_token',
			esc_html__( 'GitHub Personal Access Token', 'git-updater' ),
			[ $this, 'print_section_github_access_token' ],
			'git_updater_github_install_settings'
		);

		add_settings_field(
			'github_access_token',
			esc_html__( 'GitHub.com Access Token', 'git-updater' ),
			[ Singleton::get_instance( 'Settings', $this ), 'token_callback_text' ],
			'git_updater_github_install_settings',
			'github_access_token',
			[
				'id'    => 'github_access_token',
				'token' => true,
			]
		);

		/*
		 * Show section for private GitHub repositories.
		 */
		if ( $auth_required['github_private'] || $auth_required['github_enterprise'] ) {
			add_settings_section(
				'github_id',
				esc_html__( 'GitHub Private Settings', 'git-updater' ),
				[ $this, 'print_section_github_info' ],
				'git_updater_github_install_settings'
			);
		}
	}

	/**
	 * Add values for individual repo add_setting_field().
	 *
	 * @return mixed
	 */
	public function add_repo_setting_field() {
		$setting_field['page']            = 'git_updater_github_install_settings';
		$setting_field['section']         = 'github_id';
		$setting_field['callback_method'] = [
			Singleton::get_instance( 'Settings', $this ),
			'token_callback_text',
		];

		return $setting_field;
	}

	/**
	 * Print the GitHub text.
	 */
	public function print_section_github_info() {
		esc_html_e( 'Enter your GitHub Access Token. Leave empty for public repositories.', 'git-updater' );
	}

	/**
	 * Print the GitHub Personal Access Token text.
	 */
	public function print_section_github_access_token() {
		esc_html_e( 'Enter your personal GitHub.com or GitHub Enterprise Access Token to avoid API access limits.', 'git-updater' );
		$this->render_oauth_controls();
		$icon = plugin_dir_url( dirname( __DIR__, 2 ) ) . 'assets/github-logo.svg';
		printf( '<img class="git-oauth-icon" src="%s" alt="GitHub logo" />', esc_attr( $icon ) );
	}

	/**
	 * Output OAuth controls and status messages.
	 */
	private function render_oauth_controls() {
		$credentials = $this->get_oauth_credentials();
		// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Read-only status query arg for UI message only.
		$status = isset( $_GET['gu_github_oauth'] ) ? sanitize_key( wp_unslash( $_GET['gu_github_oauth'] ) ) : '';

		if ( 'success' === $status ) {
			echo '<p><strong>' . esc_html__( 'OAuth token updated from GitHub.', 'git-updater' ) . '</strong></p>';
		}

		if ( str_starts_with( $status, 'error-' ) ) {
			echo '<p><strong>' . esc_html__( 'GitHub OAuth was not completed. You can retry below.', 'git-updater' ) . '</strong></p>';
		}

		if ( empty( $credentials['client_id'] ) ) {
			echo '<p>' . esc_html__( 'To enable OAuth login, set GU_GITHUB_OAUTH_CLIENT_ID in wp-config.php or filter gu_github_oauth_credentials.', 'git-updater' ) . '</p>';

			return;
		}

		printf(
			'<p><a class="button button-secondary" href="%s">%s</a></p>',
			esc_url( $this->get_oauth_start_url() ),
			esc_html__( 'Authorize via GitHub OAuth', 'git-updater' )
		);
	}

	/**
	 * Start OAuth flow and process callback.
	 */
	public function maybe_handle_oauth_flow() {
		if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
			return;
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Nonce is validated in start_oauth_flow().
		if ( isset( $_GET['gu_github_oauth_start'] ) ) {
			$this->start_oauth_flow();
		}

		// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- OAuth state+PKCE verifier validation is used on callback.
		if ( isset( $_GET['gu_github_oauth_callback'] ) ) {
			$this->complete_oauth_flow();
		}
	}

	/**
	 * Build start URL for OAuth flow.
	 *
	 * @return string
	 */
	private function get_oauth_start_url() {
		$redirect = $this->get_settings_redirect_url();

		return add_query_arg(
			[
				'gu_github_oauth_start' => 1,
				'_wpnonce'              => wp_create_nonce( 'gu-github-oauth-start' ),
			],
			$redirect
		);
	}

	/**
	 * Start GitHub OAuth redirect.
	 */
	private function start_oauth_flow() {
		if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( wp_unslash( $_GET['_wpnonce'] ) ), 'gu-github-oauth-start' ) ) {
			$this->oauth_redirect_with_status( 'error-nonce' );

			return;
		}

		$credentials = $this->get_oauth_credentials();
		if ( empty( $credentials['client_id'] ) ) {
			$this->oauth_redirect_with_status( 'error-client-id' );

			return;
		}

		$state    = wp_generate_password( 48, false, false );
		$verifier = wp_generate_password( 96, false, false );
		$key      = $this->get_oauth_transient_key( $state );

		set_transient(
			$key,
			[
				'code_verifier' => $verifier,
			],
			15 * MINUTE_IN_SECONDS
		);

		$authorize_url = add_query_arg(
			[
				'client_id'             => $credentials['client_id'],
				'redirect_uri'          => $this->get_oauth_callback_url(),
				'scope'                 => $credentials['scope'],
				'state'                 => $state,
				'code_challenge'        => $this->get_oauth_code_challenge( $verifier ),
				'code_challenge_method' => 'S256',
			],
			'https://github.com/login/oauth/authorize'
		);

		wp_safe_redirect( $authorize_url );
		exit;
	}

	/**
	 * Process GitHub callback and save token.
	 */
	private function complete_oauth_flow() {
		// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- OAuth callback is validated through state and PKCE verifier.
		$state = isset( $_GET['state'] ) ? sanitize_text_field( wp_unslash( $_GET['state'] ) ) : '';
		// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- OAuth callback is validated through state and PKCE verifier.
		$code = isset( $_GET['code'] ) ? sanitize_text_field( wp_unslash( $_GET['code'] ) ) : '';

		if ( empty( $state ) || empty( $code ) ) {
			$this->oauth_redirect_with_status( 'error-callback' );

			return;
		}

		$key      = $this->get_oauth_transient_key( $state );
		$flow     = get_transient( $key );
		$verifier = is_array( $flow ) && ! empty( $flow['code_verifier'] ) ? $flow['code_verifier'] : '';
		delete_transient( $key );

		if ( empty( $verifier ) ) {
			$this->oauth_redirect_with_status( 'error-state' );

			return;
		}

		$credentials = $this->get_oauth_credentials();
		$token       = $this->exchange_code_for_token( $credentials, $code, $verifier );

		if ( empty( $token ) ) {
			$this->oauth_redirect_with_status( 'error-token' );

			return;
		}

		$options                        = get_site_option( 'git_updater', [] );
		$options['github_access_token'] = $token;
		update_site_option( 'git_updater', $options );
		static::$options['github_access_token'] = $token;

		$this->oauth_redirect_with_status( 'success' );
	}

	/**
	 * Exchange callback code for access token.
	 *
	 * @param array  $credentials OAuth credentials.
	 * @param string $code Callback code.
	 * @param string $verifier PKCE verifier.
	 *
	 * @return string
	 */
	private function exchange_code_for_token( $credentials, $code, $verifier ) {
		$body = [
			'client_id'     => $credentials['client_id'],
			'code'          => $code,
			'redirect_uri'  => $this->get_oauth_callback_url(),
			'code_verifier' => $verifier,
		];

		if ( ! empty( $credentials['client_secret'] ) ) {
			$body['client_secret'] = $credentials['client_secret'];
		}

		$response = wp_remote_post(
			'https://github.com/login/oauth/access_token',
			[
				'timeout' => 15,
				'headers' => [
					'Accept' => 'application/json',
				],
				'body'    => $body,
			]
		);

		if ( is_wp_error( $response ) ) {
			return '';
		}

		$payload = json_decode( wp_remote_retrieve_body( $response ), true );

		if ( ! is_array( $payload ) || empty( $payload['access_token'] ) ) {
			return '';
		}

		return sanitize_text_field( $payload['access_token'] );
	}

	/**
	 * Build callback URL for GitHub OAuth.
	 *
	 * @return string
	 */
	private function get_oauth_callback_url() {
		return add_query_arg( 'gu_github_oauth_callback', 1, $this->get_settings_redirect_url() );
	}

	/**
	 * Build redirect URL to GitHub subtab.
	 *
	 * @return string
	 */
	private function get_settings_redirect_url() {
		$base = is_multisite() ? network_admin_url( 'settings.php' ) : admin_url( 'options-general.php' );

		return add_query_arg(
			[
				'page'   => 'git-updater',
				'tab'    => 'git_updater_settings',
				'subtab' => 'github',
			],
			$base
		);
	}

	/**
	 * Redirect to GitHub settings with flow status.
	 *
	 * @param string $status OAuth status value.
	 */
	private function oauth_redirect_with_status( $status ) {
		wp_safe_redirect(
			add_query_arg(
				'gu_github_oauth',
				$status,
				$this->get_settings_redirect_url()
			)
		);
		exit;
	}

	/**
	 * Return GitHub OAuth credentials.
	 *
	 * @return array
	 */
	private function get_oauth_credentials() {
		$client_id     = defined( 'GU_GITHUB_OAUTH_CLIENT_ID' ) ? GU_GITHUB_OAUTH_CLIENT_ID : '';
		$client_secret = defined( 'GU_GITHUB_OAUTH_CLIENT_SECRET' ) ? GU_GITHUB_OAUTH_CLIENT_SECRET : '';
		$scope         = defined( 'GU_GITHUB_OAUTH_SCOPE' ) ? GU_GITHUB_OAUTH_SCOPE : 'repo';

		$credentials = [
			'client_id'     => $client_id,
			'client_secret' => $client_secret,
			'scope'         => $scope,
		];

		/**
		 * Filter OAuth credentials for GitHub auth flow.
		 *
		 * @since 13.4.0
		 *
		 * @param array $credentials OAuth configuration.
		 */
		return apply_filters( 'gu_github_oauth_credentials', $credentials );
	}

	/**
	 * Build transient key for OAuth flow state.
	 *
	 * @param string $state OAuth state.
	 *
	 * @return string
	 */
	private function get_oauth_transient_key( $state ) {
		return 'gu_github_oauth_' . md5( $state );
	}

	/**
	 * Build S256 PKCE challenge.
	 *
	 * @param string $verifier PKCE verifier.
	 *
	 * @return string
	 */
	private function get_oauth_code_challenge( $verifier ) {
		$hash = hash( 'sha256', $verifier, true );

		// phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode -- Required for RFC7636 base64url PKCE encoding.
		return rtrim( strtr( base64_encode( $hash ), '+/', '-_' ), '=' );
	}

	/**
	 * Add remote install settings fields.
	 *
	 * @param string $type plugin|theme.
	 */
	public function add_install_settings_fields( $type ) {
		add_settings_field(
			'github_access_token',
			esc_html__( 'GitHub Access Token', 'git-updater' ),
			[ $this, 'github_access_token' ],
			'git_updater_install_' . $type,
			$type
		);
	}

	/**
	 * Add subtab to Settings page.
	 */
	private function add_settings_subtab() {
		add_filter(
			'gu_add_settings_subtabs',
			function ( $subtabs ) {
				return array_merge( $subtabs, [ 'github' => esc_html__( 'GitHub', 'git-updater' ) ] );
			}
		);
	}

	/**
	 * GitHub Access Token for remote install.
	 */
	public function github_access_token() {
		?>
		<label for="github_access_token">
			<input class="github_setting" type="password" style="width:50%;" id="github_access_token" name="github_access_token" value="" autocomplete="new-password">
			<br>
			<span class="description">
			<?php esc_html_e( 'Enter GitHub Access Token for private GitHub repositories.', 'git-updater' ); ?>
			</span>
		</label>
		<?php
	}

	/**
	 * Add remote install feature, create endpoint.
	 *
	 * @param array $headers Array of headers.
	 * @param array $install Array of install data.
	 *
	 * @return mixed
	 */
	public function remote_install( $headers, $install ) {
		$options['github_access_token'] = static::$options['github_access_token'] ?? null;

		if ( 'github.com' === $headers['host'] || empty( $headers['host'] ) ) {
			$base            = 'https://api.github.com';
			$headers['host'] = 'github.com';
		} else {
			$base = $headers['base_uri'] . '/api/v3';
		}

		$install['download_link'] = "{$base}/repos/{$install['git_updater_repo']}/zipball/{$install['git_updater_branch']}";

		// If asset is entered install it.
		if ( false !== stripos( $headers['uri'], 'releases/download' ) ) {
			$install['download_link'] = $headers['uri'];
		}

		/*
		 * Add/Save access token if present.
		 */
		if ( ! empty( $install['github_access_token'] ) ) {
			$install['options'][ $install['repo'] ] = $install['github_access_token'];
		}

		return $install;
	}
}