Page MenuHomePhabricator
Create Task
Maniphest T108557

Review and deploy UrlShortener extension to Wikimedia wikis
Closed, ResolvedPublic
Actions

Assigned To
Ladsgroup
Authored By
Legoktm
Aug 10 2015, 6:46 AM
Tags
Referenced Files
None
Subscribers
-jem-
AfroThundr3007730
Aklapper
Arian_Ar
ArielGlenn
asherman
Base
View All 75 Subscribers
Tokens
"Like" token, awarded by Jc86035."Love" token, awarded by jrbs."Like" token, awarded by Nicolas_Raoul."Dislike" token, awarded by Shizhao."Like" token, awarded by Liuxinyu970226."Like" token, awarded by Jonas."Like" token, awarded by sumanah."Like" token, awarded by Ladsgroup."Like" token, awarded by Varnent."Like" token, awarded by Luke081515."Dislike" token, awarded by Ricordisamoa.

Description

The UrlShortener extension is designed to implement Tim's suggestion from https://www.mediawiki.org/wiki/Requests_for_comment/URL_shortener#Tim.27s_implementation_suggestion

It provides a special page, Special:UrlShortener, that accepts arbitrary links from whitelisted domains, and gives them short urls. It is intended that we will use the "w.wiki" domain for this.

Checklist:

  • Create a tracking bug for the extension's deployment to Wikimedia wikis. This bug should only concern deployment itself, any sub-issues (that block deployment) should be separate bugs that are listed under "Blocked by" for this tracking bug.
  • Create Extension: mediawiki.org page for developers and people who will install or configure the extension.
  • Create Help:Extension: mediawiki.org page for the end user documentation. Cross-link it with the above.
  • Request a project in Phabricator if none exists yet.
  • Get the extension code in Gerrit.
  • Show community support/desire for the extension to be deployed.
  • Request (and respond to) a product review, if applicable
  • Request (and respond to) a design review, if applicable. T191592: Design review for UrlShortener
  • Open (and respond to) a Application Security Reviews ticket blocking this.
  • Make sure the extension is automatically branched.

Test at: https://en.wikipedia.beta.wmflabs.org/ ("Get shortened URL" in Toolbox - Beta cluster gives a local "short" domain with e.g. https://w-beta.wmflabs.org/4, hacky setup, but it should work).

Details

SubjectRepoBranchLines +/-
Deploy UrlShorteneroperations/mediawiki-configmaster+1 -0
Enable UrlShortener in mediawikiwikioperations/mediawiki-configmaster+6 -2
Put sidebar link behind a config variablemediawiki/extensions/UrlShortenermaster+4 -3
Apache redirects for w.wikioperations/puppetproduction+10 -10
Configure UrlShortener extension in read-only modeoperations/mediawiki-configmaster+44 -2
Add UrlShortener to extension-listoperations/mediawiki-configmaster+1 -0
make-wmf-branch: Branch UrlShortener extensionmediawiki/tools/releasemaster+1 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedLadsgroupT44085 Wikimedia needs a URL shortener (tracking)
 ResolvedBBlackT44270 Wikimedia needs a short domain name for URL shortening
 ResolvedSmalyshevT112715 Enable different URL shorteners for WDQS
 ResolvedLadsgroupT108557 Review and deploy UrlShortener extension to Wikimedia wikis
 ResolvedmatmarexT107550 autofocus on Special:UrlShortener broken
 ResolvedmatmarexT106313 Infusion breaks browser autofocus
 ResolvedLegoktmT108558 UrlShortener: Allow short codes to be in the root of the short domain
 ResolvedmatmarexT108600 UrlShortener URL input field truncates text
 DuplicateNoneT108603 Valid URL not validating
 ResolvedoriT108604 UrlShortener extension accepts arbitrary port numbers and credentials
 ResolvedBBlackT108649 Set up "w.wiki" domain for usage with UrlShortener
 ResolvedBBlackT91612 acquire SSL certificate for w.wiki
Unknown Object (Task)
Unknown Object (Task)
 Resolved dpatrickT112950 Security review for UrlShortener extension
 Resolved PrtksxnaT112680 UrlShortener should not load all of oojs-ui on all pages
 ResolvedLegoktmT116444 Set up UrlShortener extension on the beta cluster
 ResolvedLegoktmT116512 Special:UrlRedirector error message doesn't display properly due to relative paths/url rewrites
 ResolvedArielGlennT116986 Set up UrlShortener dumps
 ResolvedJoeT133485 Configure apache rules for UrlShortener
 ResolvedBBlackT141170 Strip query parameters from w.wiki domain
 ResolvedSmalyshevT142055 Add query.wikidata.org to shortening URL list for UrlShortener
 ResolvedLadsgroupT133109 Add basic abuse prevention to UrlShortener
 ResolvedMarosteguiT218397 Add usc_deleted to urlshortcodes
 ResolvedLegoktmT187052 UrlShortener: Code stewardship review.
 Resolved PrtksxnaT191592 Design review for UrlShortener
 ResolvedLadsgroupT219777 DBA review of UrlShortener
 DeclinedNoneT220432 Clean up "easter egg" short URLs before extension goes live

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Nicolas_Raoul awarded a token.Sep 7 2017, 3:04 AM
Lucas_Werkmeister_WMDE subscribed.Nov 13 2017, 1:24 PM
greg mentioned this in T180657: Purchase domains mediawi.ki and media.wiki to use as a url shortener.Nov 16 2017, 5:45 AM
Jonas added a comment.Jan 5 2018, 7:16 AM

What is the current status? Any progress?

Krinkle unsubscribed.Jan 8 2018, 6:35 PM
Lea_Lacroix_WMDE subscribed.Jan 31 2018, 9:07 AM
Pigsonthewing subscribed.Feb 5 2018, 1:10 PM
Lydia_Pintscher subscribed.Feb 7 2018, 11:20 AM
thiemowmde subscribed.Feb 9 2018, 3:53 PM

Sorry to ask again, but the Wikidata team would really love to know what the state here is, as this is blocking Wikidata-Query-Service development more and more (see T112715). I hear there are (possibly more than one) security issues that are blocking a deployment of this otherwise finished service from happening. Can someone briefly explain what these issues are, and what is probably needed to resolve them? That would be super helpful.

Reedy subscribed.Feb 12 2018, 10:36 AM

The code seems to have no ownership.

In T108557#2113621, @Legoktm wrote:

T116986: Set up UrlShortener dumps is kind of a chicken-and-egg problem, we can't create dumps until the extension is turned on, and we don't want to turn the extension on until we have dumps working...so I wrote https://gerrit.wikimedia.org/r/276826 which adds a read-only mode, preventing anyone from generating new short codes. So we can turn on the extension in production, but not let anyone create short urls until we have dumps and apache stuff set up properly.

^ This seems to be the outstanding TODOs

Reedy changed the task status from Open to Stalled.Feb 12 2018, 10:37 AM
Reedy mentioned this in T187045: Code Stewardship Review: ShortUrl Extension.
Joe subscribed.Feb 12 2018, 10:40 AM

No, the outstanding TODO is having any group of people competently maintaining and monitoring the url shortener for abuse/security issues.

So the issue seems to be there is no one having plans to support this.

Reedy added a comment.Feb 12 2018, 10:41 AM

Create Help:Extension: mediawiki.org page for the end user documentation. Cross-link it with the above.

Although https://www.mediawiki.org/wiki/Extension:UrlShortener exists, the request for a Help page still seems to need to be done

Reedy mentioned this in T187052: UrlShortener: Code stewardship review..Feb 12 2018, 12:03 PM
Reedy added a subtask: T187052: UrlShortener: Code stewardship review..
Legoktm claimed this task.Feb 21 2018, 8:51 PM
Legoktm closed subtask T187052: UrlShortener: Code stewardship review. as Resolved.
Krinkle moved this task from Later to Discuss next on the Sustainability (MediaWiki-MultiDC) board.Mar 17 2018, 12:41 AM
EdErhart-WMF added a subscriber: Krinkle.Mar 29 2018, 5:50 PM

@Krinkle really looking forward to this!

Elitre added a comment.Apr 4 2018, 6:30 PM
In T108557#3962759, @Reedy wrote:

Create Help:Extension: mediawiki.org page for the end user documentation. Cross-link it with the above.

Although https://www.mediawiki.org/wiki/Extension:UrlShortener exists, the request for a Help page still seems to need to be done

I don't think a Help page is really a blocker? Anyone could help documenting how it works, once it's out there?

Varnent added a comment.Apr 4 2018, 6:49 PM
In T108557#4105981, @Elitre wrote:
In T108557#3962759, @Reedy wrote:

Create Help:Extension: mediawiki.org page for the end user documentation. Cross-link it with the above.

Although https://www.mediawiki.org/wiki/Extension:UrlShortener exists, the request for a Help page still seems to need to be done

I don't think a Help page is really a blocker? Anyone could help documenting how it works, once it's out there?

I agree. We keep running into use cases for this feature - anything that Comms can do to help move it along - please let us know. :)

Reedy added a comment.Apr 4 2018, 7:05 PM

Create the page then? ;)

Seriously though, we have to be careful. WMF wanting an extension deployed, but not following the "rules"/procedure because it can't be bothered/doesn't want to do it... just looks bad to the community. When they want things deploying, they have to go through the same procedures. It's only fair.

It's a relatively simple task, and doesn't have to be done by the author of the extension. Create it, and it will collaboratively be edited/improved

Baring in mind the more important code stewardship question has only just been resolved.

Varnent added a comment.EditedApr 4 2018, 8:49 PM

Done: https://www.mediawiki.org/wiki/Help:Extension:UrlShortener

Anything else that Comms can do to help?

Varnent updated the task description. (Show Details)Apr 4 2018, 8:50 PM
Reedy added a comment.Apr 5 2018, 9:53 AM

Who decides if it needs a product/design review?

Elitre added a comment.Apr 5 2018, 10:16 AM

You tell us? You're the one claiming that there's actual strict rules/procedures here to follow, so your book should also tell you what the next steps are...

(Nobody wants to put pressure on an individual or a team here. We're trying to figure out where the responsibilities are, and huge props to Greg for fixing a step despite the fact that he (or his team) definitely didn't have to.)

Reedy added a comment.EditedApr 5 2018, 10:32 AM
In T108557#4108154, @Elitre wrote:

You tell us? You're the one claiming that there's actual strict rules/procedures here to follow, so your book should also tell you what the next steps are...

Because there are. The checklist is there for a reason. It's not a "if we feel like it" -- if we didn't care about anything like that'd we just end up deploying more extensions that would inevitably become tech debt. And no body wants that.

I'm however not a product manager, nor am I a designer. These have been things that often don't get done (and as such, have been marked as "if applicable", as the rules and guidelines for these are at best, vague.

There is T133109 still outstanding too

Legoktm added a comment.Apr 5 2018, 3:27 PM

To clarify the current status...I think the checklist is mostly accurate. I'm working on T133109: Add basic abuse prevention to UrlShortener right now, and hope to have that wrapped up by the end of the week. For the design review part, I'll ask @Prtksxna to take a look at the extension, since things have probablly changed when he originally implemented it.

Elitre added a comment.Apr 5 2018, 4:57 PM
In T108557#4108215, @Reedy wrote:
In T108557#4108154, @Elitre wrote:

You tell us? You're the one claiming that there's actual strict rules/procedures here to follow, so your book should also tell you what the next steps are...

Because there are. The checklist is there for a reason. It's not a "if we feel like it" -- if we didn't care about anything like that'd we just end up deploying more extensions that would inevitably become tech debt. And no body wants that.

I like the checklist. :) I am just unaware it's as official as you say it is. (Can you point me to where it's documented?)
If it is, then ownership of each step should be way more clear than it is. We would never achieve anything if we literally left blockers "up for grabs", hence why I argued that specific step must be not it.

It's also ok if we keep discovering blockers. As long as we identify what's the next step, all's good.

I'm however not a product manager, nor am I a designer. These have been things that often don't get done (and as such, have been marked as "if applicable", as the rules and guidelines for these are at best, vague.

There is T133109 still outstanding too

Quiddity added a comment.Apr 5 2018, 5:33 PM

<tangent> The process is documented at https://www.mediawiki.org/wiki/Review_queue#Checklist/Process - The person/team that is taking responsibility for the code, is in charge of determining which of the optional steps need to/should be done, and getting those done by someone. </>

Prtksxna updated the task description. (Show Details)Apr 6 2018, 4:25 AM
MelodyKramer subscribed.Apr 6 2018, 5:41 PM
jrbs awarded a token.Apr 6 2018, 10:23 PM
greg reopened subtask T187052: UrlShortener: Code stewardship review. as Open.Apr 18 2018, 6:47 PM
greg closed subtask T187052: UrlShortener: Code stewardship review. as Resolved.Apr 25 2018, 8:51 PM
Pigsonthewing added a comment.Jun 9 2018, 11:17 AM

If the screenshot on the new help page is anything to go by, the URL shortener will change URLs in the form:

https://en.wikipedia.org/wiki/Something_very_long

to something in the form:

https://en.wikipedia.org/wiki/Sthg_short

but will not change the "https://en.wikipedia.org/" domain.

Why not use shorter domains, like https://enwp.org/ ?

Reedy added a comment.Jun 9 2018, 11:26 AM

From the original description...

It is intended that we will use the "w.wiki" domain for this.

jrbs added a comment.Jun 10 2018, 2:15 AM
In T108557#4269020, @Pigsonthewing wrote:

Why not use shorter domains, like https://enwp.org/ ?

It should be noted that the Foundation does not own enwp.org. I am not sure anyone knows who does. This is a potentially pretty serious security hole.

MGChecker added a comment.Jun 10 2018, 2:11 PM

Just to point this out, https://dewp.org is owned by the German Wikimedia chapter (WMDE), so there shouldn't be any security problems with this one.

Reedy added a comment.Jun 10 2018, 2:13 PM

I don't think it was ever suggested that those were the domains we were going to use...

Billinghurst added a comment.Jun 10 2018, 2:16 PM

One would hope that the domain to be used would be universal for all 700+ wikis, not focused on enWP, or just WPs.

This shouldn't have to be said.

Reedy added a comment.Jun 10 2018, 2:17 PM
In T108557#4270202, @Billinghurst wrote:

One would hope that the domain to be used would be universal for all 700+ wikis, not focused on enWP, or just WPs.

This shouldn't have to be said.

And I quote, from the description, again...

It is intended that we will use the "w.wiki" domain for this.

revi subscribed.Jul 11 2018, 2:48 PM
Niharika subscribed.Jul 11 2018, 4:46 PM
jeremyb subscribed.Nov 9 2018, 7:41 PM
WalterKlossew subscribed.EditedNov 17 2018, 12:04 PM

I created a proposal on Community Wishlist Survey for this.

Lucas_Werkmeister_WMDE mentioned this in T210139: Facebook adds fbclid ==> you cant paste in WDQS tiny URLSs.Nov 23 2018, 5:26 PM
AfroThundr3007730 subscribed.Nov 26 2018, 2:40 AM
Tgr mentioned this in T138719: Make URL normalisation/shortening a core MediaWiki interface.Jan 26 2019, 6:48 PM
CDanis subscribed.Feb 12 2019, 1:40 PM
Ladsgroup changed the task status from Stalled to Open.Mar 25 2019, 11:20 PM
Ladsgroup claimed this task.

I'll do this.

Restricted Application added a project: User-Ladsgroup. · View Herald TranscriptMar 25 2019, 11:20 PM
Reedy added a comment.Mar 25 2019, 11:28 PM
In T108557#5056363, @Ladsgroup wrote:

I'll do this.

The desc doesn’t read like this is ready to go

Shouldn’t the maintaining team also sign off that they’re happy for it to go ahead now/soon? Rather than you just doing it... and then leaving it to them? :)

Do we have SSL certs for the w.wiki domain now?

Ladsgroup added subscribers: CCicalese_WMF, Fjalapeno.Mar 25 2019, 11:31 PM
In T108557#5056378, @Reedy wrote:

The desc doesn’t read like this is ready to go

I'm doing the subtasks. They have patches up and ready for merge.

Shouldn’t the maintaining team also sign off that they’re happy for it to go ahead now/soon? Rather than you just doing it... and then leaving it to them? :)

Yup, already got it from @CCicalese_WMF and @Fjalapeno

Do we have SSL certs for the w.wiki domain now?

It's not mentioned in the task. Is there any tasks for this? I can ping traffic about this. (Already sent an email to ops-l a week ago)

Lucas_Werkmeister_WMDE added a comment.Mar 26 2019, 10:06 AM

Do we have SSL certs for the w.wiki domain now?

https://w.wiki/3 already sends a valid certificate (the same one as for Wikipedia etc.), and w.wiki is listed as one of the canonical domains at wikitech:HTTPS as well. (It looks like this was done in T91612: acquire SSL certificate for w.wiki.)

greg unsubscribed.Mar 27 2019, 11:22 PM
gerritbot added a comment.Mar 28 2019, 12:45 PM

Change 499760 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[mediawiki/extensions/UrlShortener@master] Put sidebar link behind a config variable

https://gerrit.wikimedia.org/r/499760

Ladsgroup closed subtask T191592: Design review for UrlShortener as Resolved.Mar 28 2019, 2:20 PM
gerritbot added a comment.Mar 29 2019, 11:54 AM

Change 499760 merged by jenkins-bot:
[mediawiki/extensions/UrlShortener@master] Put sidebar link behind a config variable

https://gerrit.wikimedia.org/r/499760

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.24; 2019-04-02).Mar 29 2019, 12:01 PM
Ladsgroup closed subtask T219777: DBA review of UrlShortener as Resolved.Apr 2 2019, 10:05 AM
Ladsgroup closed subtask T133109: Add basic abuse prevention to UrlShortener as Resolved.Apr 2 2019, 11:24 AM
gerritbot added a comment.Apr 3 2019, 9:43 AM

Change 500910 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[operations/mediawiki-config@master] Enable UrlShortener in mediawikiwiki

https://gerrit.wikimedia.org/r/500910

gerritbot added a comment.Apr 3 2019, 11:05 AM

Change 500910 merged by jenkins-bot:
[operations/mediawiki-config@master] Enable UrlShortener in mediawikiwiki

https://gerrit.wikimedia.org/r/500910

Ladsgroup added a project: User-notice.Apr 4 2019, 9:04 AM

This will go live at April 11th.

TheDJ subscribed.Apr 4 2019, 3:03 PM

Should we ping archive.org to make sure they are properly archived into perpetuity like all the bit.ly links etc are these days ?

Johan moved this task from To Triage to In current Tech/News draft on the User-notice board.Apr 5 2019, 4:28 PM
MJL subscribed.Apr 7 2019, 3:53 AM
Jc86035 subscribed.Apr 9 2019, 7:36 AM
Jc86035 added a comment.Apr 9 2019, 7:42 AM

@TheDJ The Internet Archive don't collect them, the Archive Team do (the data is sent to Internet Archive servers). Usually they do this by sequentially or randomly checking every possible alphanumeric combination, although perhaps the complete list of URLs could be given to them instead to save some time for them, since WMF own the database.

Alternatively, if the list is available someone could prefix all the URLs with https://web.archive.org/save/ and have them crawled once in a while.

Legoktm added a comment.Apr 9 2019, 7:53 AM
In T108557#5085336, @TheDJ wrote:

Should we ping archive.org to make sure they are properly archived into perpetuity like all the bit.ly links etc are these days ?

See T116986#1764562 and the follow-up comment.

In T108557#5096376, @Jc86035 wrote:

@TheDJ The Internet Archive don't collect them, the Archive Team do (the data is sent to Internet Archive servers). Usually they do this by sequentially or randomly checking every possible alphanumeric combination, although perhaps the complete list of URLs could be given to them instead to save some time for them, since WMF own the database.

We are going to proactively provide dumps in the URLTeam format to avoid any reliability and archiving concerns, but will leave it up to AT on how they want to ingest it (happy to help in any way possible of course).

Stashbot added a comment.Apr 10 2019, 12:05 PM

Mentioned in SAL (#wikimedia-operations) [2019-04-10T12:05:24Z] <ladsgroup@deploy1001> Synchronized wmf-config/InitialiseSettings.php: SWAT: Prep work for deploying UrlShortener extension (T108557), part I (duration: 01m 00s)

Stashbot added a comment.Apr 10 2019, 12:07 PM

Mentioned in SAL (#wikimedia-operations) [2019-04-10T12:07:13Z] <ladsgroup@deploy1001> Synchronized wmf-config/CommonSettings.php: SWAT: Prep work for deploying UrlShortener extension (T108557), part II (duration: 01m 00s)

Lea_Lacroix_WMDE closed subtask T220432: Clean up "easter egg" short URLs before extension goes live as Declined.Apr 11 2019, 9:04 AM
gerritbot added a comment.Apr 11 2019, 2:03 PM

Change 502998 had a related patch set uploaded (by Ladsgroup; owner: Ladsgroup):
[operations/mediawiki-config@master] Deploy UrlShortener

https://gerrit.wikimedia.org/r/502998

gerritbot added a comment.Apr 11 2019, 2:08 PM

Change 502998 merged by jenkins-bot:
[operations/mediawiki-config@master] Deploy UrlShortener

https://gerrit.wikimedia.org/r/502998

Ladsgroup closed this task as Resolved.Apr 11 2019, 2:19 PM
Jc86035 awarded a token.Apr 11 2019, 2:20 PM
Johan moved this task from In current Tech/News draft to Already announced/Archive on the User-notice board.Apr 11 2019, 4:25 PM
Framawiki subscribed.Apr 13 2019, 9:24 AM
Nirmos subscribed.Apr 16 2019, 7:46 PM
ArielGlenn closed subtask T116986: Set up UrlShortener dumps as Resolved.May 13 2019, 8:35 AM
Ladsgroup edited projects, added User-notice-archive; removed User-notice.Aug 13 2022, 1:54 PM
Ammarpad mentioned this in T347419: Set ShortUrl to read-only on wikis where it's available.Sep 26 2023, 6:28 PM
Maintenance_bot removed a project: Patch-For-Review.Sep 26 2023, 6:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL