(add Security-Team-Reviews once all patches are merged)
- Name of tool/project: ReadingLists
- Project home page: https://www.mediawiki.org/wiki/Extension:ReadingLists
- Name of team requesting review: Reading Infrastructure
- Primary contact: @Tgr
- Target date for deployment: mid-October (in production; so before end of September on Beta)
- Link to code repository / patchset: https://phabricator.wikimedia.org/diffusion/ERLS/browse/master/
- Programming Language(s) Used: PHP
Description of the tool/project
The ReadingLists extension provides an API to store and retrieve private lists of pages, e.g. for a "bookmark" or "read it later" feature. It's written with wikifarms in mind (a list can contain pages from multiple wikis) and aims to support both browsers and mobile devices which have their own permanent storage .
For more information see https://www.mediawiki.org/wiki/Reading/Reading_Lists and T164990: RfC: Reading List service.
Main security-relevant characteristics
- API only, no user interface
- all operations (except for the maintenance script for purging old data) including viewing are limited to the current user, enforced in the DAO class
- opt-in/opt-out API endpoints; no data can be stored for the given user before opt-in, all data destroyed on opt-out
Description of how the tool will be used at WMF
The API will power a REST proxy (to be written; does not require review¹). Initially, the REST proxy will be used to back up the reading lists in the Android app (which already has such a feature, but with no portability). iOS and web will add support later on.
purge.php will be run periodically via cron to prune old deleted data.
Has this project been reviewed before?
Working test environment
Use the vagrant role as described on the extension page.
Same as pre-deployment.
- ¹ The REST proxy will be written as a simple patch to the existing RESTBase codebase (T168972), and won't do much beyond translating REST requests into api.php requests (and requests to the RESTBase summary endpoint, in one case), and composing the responses into a single JSON. It will rely on api.php for security, by forwarding cookies.