API: Handle 403 "Forbidden" response (usage limit)

[pdclark]

api methods just return false when a non 200 response is received. It might be helpful to ask the user to provide a Github login if we receive 403, which means the anonymous API usage limit has been reached.

[afragen]

I've found that a 403 usually meant my transient wasn't quite working as I thought.

[pdclark]

Correct — that would be related. 403 is accompanied by a message that the API is being hit too much. The API limit for anonymous users is 30, but when logged in, it's 5000.

It's not hit for updates hardly every when transients work, but still wouldn't hurt to allow login — hitting 5000 would just be impossible!

I'll probably code this for the search plugin (where there's a lower API limit and higher need for logging in), then just bring it over once it's stable.

[afragen]

Are you creating a single transient for all plugins or a transient for each individual plugin?

[pdclark]

Single transient for each cached piece of information. (1 to several per plugin.)

[pdclark]

Just realized we might have been using plugin differently — I meant plugin to mean git-plugin-updates vs. github-plugin-search.

Taking plugins to mean all installed plugins that we're running queries on, the answer is both — there is a transient set for the generation of all plugin data to prevent that expensive method from running on every page load. If WP_DEBUG is enabled, that transient and WordPress's update check transient are both cleared.

There is also a transient set for each request for unique info from the Github API (plugin info, or readme contents).

All transients share a plugin-wide timeout, currently set to 60 minutes. It can be modified or filtered here.