Page MenuHomePhabricator
Create Task
Maniphest T202110

Create GuzzleHttpRequest class as new default for HttpRequestFactory
Closed, ResolvedPublic
Actions

Description

Create a GuzzleHttpRequest class using the external Guzzle (docs.guzzlephp.org) library. This will be the new default request type, but CurlHttpRequest and PhpHttpRequest will remain available and accessible via Http::$httpEngine

This has several positives, including:

  1. increases parity and consistency between mediawiki installations with and without curl installed (Guzzle automatically falls back to php streams if curl is unavailable)
  1. brings Guzzle into the codebase, making it available to other areas that might benefit from it (ex. MultiHttpClient)
  1. provides a path to reducing the amount of custom code we must maintain (we could deprecate and eventually remove CurlHttpRequest and PhpHttpRequest)

It also has a few negatives, including:

  1. at least temporarily, adds additional code without removing any
  1. ties us to external code over which we have less control

This task flows from discussion in T110022 and T139169 and is hopefully a big step toward addressing T137926. (MultiHttpClient still needs addressed, presumably also via Guzzle. I intend to do that under a separate task.)

Details

SubjectRepoBranchLines +/-
Create GuzzleHttpRequest class as new default for HttpRequestFactorymediawiki/coremaster+250 -7
Add guzzlehttp/guzzle 6.3.3 and dependanciesmediawiki/vendormaster+19 K -1
Customize query in gerrit

Related Objects

Event Timeline

BPirkle created this task.Aug 17 2018, 3:57 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 17 2018, 3:57 AM
BPirkle added a comment.Aug 17 2018, 4:01 AM

I have a complete implementation of GuzzleHttpRequest coded and tested locally, including a phpunit test. (Wanted to make sure it was going to work out well before I created the official task.)

Does https://www.mediawiki.org/wiki/Manual:External_libraries describe the steps I need to take before adding a new external library to mediawiki? In particular, do I need to request a security review before posting a Gerrit change?

Legoktm added projects: Core-Platform-Team-Old, MediaWiki-General.Aug 17 2018, 4:04 AM
Legoktm removed a subscriber: Core-Platform-Team-Old.
Legoktm added a comment.Aug 17 2018, 4:09 AM
In T202110#4508941, @BPirkle wrote:

I have a complete implementation of GuzzleHttpRequest coded and tested locally, including a phpunit test. (Wanted to make sure it was going to work out well before I created the official task.)

Does https://www.mediawiki.org/wiki/Manual:External_libraries describe the steps I need to take before adding a new external library to mediawiki? In particular, do I need to request a security review before posting a Gerrit change?

Feel free to upload whatever you want to Gerrit, we just can't merge anything that depends upon the new library until the security review is finished.

gerritbot subscribed.Aug 17 2018, 2:58 PM

Change 453408 had a related patch set uploaded (by BPirkle; owner: BPirkle):
[mediawiki/core@master] Create GuzzleHttpRequest class as new default for HttpRequestFactory

https://gerrit.wikimedia.org/r/453408

gerritbot added a project: Patch-For-Review.Aug 17 2018, 2:58 PM
BPirkle mentioned this in T202143: Security review for Guzzle 6.3.3.Aug 17 2018, 3:16 PM
CCicalese_WMF moved this task from Inbox to CPT-Q1-Jul-Sep-2018 on the Core-Platform-Team-Old board.Aug 20 2018, 8:18 PM
CCicalese_WMF edited projects, added Core-Platform-Team-Old (CPT-Q1-Jul-Sep-2018); removed Core-Platform-Team-Old.
Restricted Application changed the subtype of this task from "Deadline" to "Task". · View Herald TranscriptAug 20 2018, 8:18 PM
CCicalese_WMF moved this task from Backlog to In Progress on the Core-Platform-Team-Old (CPT-Q1-Jul-Sep-2018) board.Aug 20 2018, 8:18 PM
BPirkle mentioned this in T202352: Convert MultiHttpClient to use Guzzle.Aug 21 2018, 12:51 AM
CCicalese_WMF edited projects, added Platform Team Legacy (Designing); removed Core-Platform-Team-Old (CPT-Q1-Jul-Sep-2018).Oct 1 2018, 1:27 PM
CCicalese_WMF moved this task from Inbox to Doing on the Platform Team Legacy (Designing) board.Oct 1 2018, 1:33 PM
CCicalese_WMF added a project: Platform Engineering.Oct 2 2018, 2:15 PM
CCicalese_WMF moved this task from Inbox to Needs Cleaning - Code Health (TEC13) on the Platform Engineering board.Oct 3 2018, 2:13 PM
CCicalese_WMF edited projects, added Platform Engineering (Needs Cleaning - Code Health (TEC13)); removed Platform Engineering.
CCicalese_WMF edited projects, added Platform Team Workboards (Doing); removed Platform Team Legacy (Designing).Oct 14 2018, 3:56 PM
CCicalese_WMF moved this task from Doing to Blocked Externally on the Platform Team Workboards board.Nov 6 2018, 2:23 AM
CCicalese_WMF edited projects, added Platform Team Workboards (Blocked Externally); removed Platform Team Workboards (Doing).
Reedy subscribed.Dec 4 2018, 1:25 PM

So doing some poking around here... We end up with a few extra other libraries, which is fine, just a bit more poking around needed.

Vendor patching incoming as I'm going through stuff

(we might also want to pin some more of these versions in mediawikis composer.json too)

reedy@ubuntu64-web-esxi:/var/www/wiki/mediawiki/vendor$ composer update --no-dev
Loading composer repositories with package information
Updating dependencies
Package operations: 5 installs, 0 updates, 0 removals
  - Installing guzzlehttp/promises (v1.3.1): Downloading (100%)         
  - Installing ralouphie/getallheaders (2.0.5): Downloading (100%)         
  - Installing psr/http-message (1.0.1): Downloading (100%)         
  - Installing guzzlehttp/psr7 (1.5.0): Downloading (100%)         
  - Installing guzzlehttp/guzzle (6.3.3): Downloading (100%)         
Writing lock file
Generating optimized autoload files
reedy@ubuntu64-web-esxi:/var/www/wiki/mediawiki/vendor$
gerritbot added a comment.Dec 4 2018, 1:29 PM

Change 477538 had a related patch set uploaded (by Reedy; owner: Reedy):
[mediawiki/vendor@wmf/1.33.0-wmf.6] Add guzzlehttp/guzzle 6.3.3 and dependancies

https://gerrit.wikimedia.org/r/477538

Reedy added a comment.Dec 4 2018, 2:26 PM

No longer blocked by T202143: Security review for Guzzle 6.3.3

Legoktm added a comment.Dec 6 2018, 8:19 AM

My main question about bringing in Guzzle is how we're going to apply the deprecation policy to this. Typically we've said that extensions can depend upon any library that MediaWiki core depends upon, since we're going to keep back-compat or cautiously update external libraries. But the size of Guzzle is much much larger than any other library that core depends upon to date. If Guzzle makes a breaking change, I'm imagining a mess if we need to update every thing that makes HTTP requests.

My thinking right now is that we somehow/somewhere declare that Guzzle isn't part of the stable interface, and extensions need to use the MW abstraction layer instead (this seems like a good idea regardless given T202143#4802539). Does that seem reasonable?

I also wanted to say that I found the Guzzle codebase relatively well-written. My full comments/thoughts are:

  • It would be nice if we didn't have any autoload files and everything was class loaded. E.g. for Guzzle there's no reason the default_user_agent() function couldn't be static on a class.
  • Having CodeSniffer run upstream (https://github.com/guzzle/guzzle/pull/2194) would be nice too, would make it easy for some minor things I noticed like php_sapi_name() instead of PHP_SAPI.
  • .gitattributes exclusions, but Reedy already sent PRs to everyone
  • PHP only has the getallheaders function in the Apache and FPM (since 7.3) SAPIs so it needs a polyfill. Maybe we can ask PHP to provide the function on all SAPIs where it does nothing so it doesn't need a userland polyfill?
Reedy added a comment.Dec 6 2018, 10:37 AM

My thinking right now is that we somehow/somewhere declare that Guzzle isn't part of the stable interface, and extensions need to use the MW abstraction layer instead (this seems like a good idea regardless given T202143#4802539). Does that seem reasonable?

I think so. Or if they use it directly, MW isn't responsible for breaking changes and therefore won't accept bug reports

Reedy added a comment.Dec 6 2018, 10:41 AM

And for your bullet points, we can hopefully grab the little improvements in point releases in the near future

There's definitely some annoyances, but I don't see anything too major to not continue with doing this

TheDJ subscribed.Dec 6 2018, 12:55 PM
TheDJ added a comment.Dec 6 2018, 1:17 PM

@Legoktm on the deprecation policy and Guzzle support.. I point at PSR-17 and PSR-18 and I think that that is what we need to keep in mind in terms of any breaking changes and support.

So maybe have one new interface that is compatible with upcoming php interfaces and those psr's should be the only contract we promise to deliver to extensions. Either use that and be supported or use guzzle directly yourself and be responsible for any of your breakages.

gerritbot added a comment.Dec 10 2018, 8:32 AM

Change 477538 merged by jenkins-bot:
[mediawiki/vendor@master] Add guzzlehttp/guzzle 6.3.3 and dependancies

https://gerrit.wikimedia.org/r/477538

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.8; 2018-12-11).Dec 10 2018, 9:00 AM
gerritbot added a comment.Dec 10 2018, 3:39 PM

Change 453408 merged by jenkins-bot:
[mediawiki/core@master] Create GuzzleHttpRequest class as new default for HttpRequestFactory

https://gerrit.wikimedia.org/r/453408

BPirkle closed this task as Resolved.Dec 10 2018, 3:57 PM
BPirkle mentioned this in T110022: Move HTTP-related code from MW to its own library.Dec 10 2018, 4:03 PM
CCicalese_WMF moved this task from Blocked Externally to Done with CPT on the Platform Team Workboards board.Dec 13 2018, 8:09 PM
CCicalese_WMF edited projects, added Platform Team Workboards (Done with CPT); removed Platform Team Workboards (Blocked Externally).
BPirkle mentioned this in T212175: Support callback functions in GuzzleHttpRequest and MultiHttpClient.Dec 17 2018, 11:53 PM
Reedy mentioned this in T215753: Replacing wfRemoveDotSegments() with GuzzleHttp\Psr7\UriResolver::removeDotSegments().Feb 11 2019, 4:42 AM
Krinkle mentioned this in MediaWiki-libs-HTTP.Sep 13 2019, 5:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits