• In Magnus’ Rust library, request_builder() takes a single params hashmap that goes into the query for GET requests and into the body for all other requests. If you want query params for POST requests, you presumably have to put them into the URL yourself, though I don’t know if there’s an example for that given how rarely it comes up.
• In MediaWiki core’s mw.Rest JS library, post and other non-GET methods take a path string and a body object. If you want query params, you need to put them into the path yourself, and we can actually see that in GrowthExperiments’ fetchUserImpactData().

Plot twist: it turns out that, unlike in the action API, parameters are absolutely not interchangeable between the query string and the POST body in the REST API. (In the Action API, a few parameters have to go into the body, and origin, crossorigin and centralauthtoken have to be in the query string, but everything else can be in either place. m3api puts everything except action and origin/crossorigin in the body.) There are POST endpoints with query parameters (e.g. /growthexperiments/v0/user-impact/{user}, /ipinfo/v0/revision/{id}, /checkuser/v0/temporaryaccount/{name}; none in MediaWiki core AFAICT), and trying to specify those query parameters in the body will yield an error.

I ran a poll on fedi – options 2 and 3 each got 3/5 votes (so one person voted for both), option 1 got none, nobody suggested anything else. @Legoktm raised the good point that option 3 is best for usage with TypeScript, because you can enforce correct parameters (and, in the case of JSON-returning methods, provide more information about the response structure) with a lot of overloads like:

In T411325#11417826, @LucasWerkmeister wrote:

Or, alternatively, the path is always a string, but we supply a template literal tag function that helps you encode the title correctly:

import { getHtml, path } from 'm3api-rest';

const title = 'AC/DC';
const html = await getHtml( session, path`/v1/page/${title}/html` ); // evaluates to '/v1/page/AC%2FDC/html'

On second thought, I think that’s actually much nicer. (Also, I’m sure that function already exists elsewhere, but we should still make it available from m3api-rest.)

I’ve set up the repository at https://gitlab.wikimedia.org/repos/m3api/m3api-rest using cookiecutter-m3api; actual content will follow over the coming days :)

Weren’t we installing a custom Rawdog fork anyway?

In T411325#11417822, @LucasWerkmeister wrote:

other supported bodies would include plain objects (JSON)

Or, alternatively, the path is always a string, but we supply a template literal tag function that helps you encode the title correctly:

In T411325#11417819, @LucasWerkmeister wrote:

I wonder if the library should include support for formatting the URL path – turning /v1/page/{title}/history + { title: 'AC/DC' } into /v1/page/AC%2FDC/history with a properly escaped / in the title. Probably yes, if I can think of a good interface for it?

Suggested usage from m3api-oauth2:

I wonder if the library should include support for formatting the URL path – turning /v1/page/{title}/history + { title: 'AC/DC' } into /v1/page/AC%2FDC/history with a properly escaped / in the title. Probably yes, if I can think of a good interface for it?

If anyone wants to help me bikeshed names, my current ideas are:

In T409637#11356143, @LucasWerkmeister wrote:

I’m working around this for now on the main branch by checking out the commit just before the “bad” one.

The good news: an extremely rudimentary, but working version of this can be got with a laughably short patch:

In T404513#11178933, @LucasWerkmeister wrote:

On the other hand, if I do nothing, then it’s up to the application author to know when QUERY will work or not, and I don’t have to change anything in the library. (Both browsers and Node.js already let you send QUERY – or any other fictional method – using fetch() today, which is a bit weird but I’m not complaining.)

Current outcome:

$ curl -X QUERY -d action=query https://en.wikipedia.org/w/api.php
<html><body><h1>405 Method Not Allowed</h1>
A request was made of a resource using a request method not supported by that resource
</body></html>

Thanks, that’s useful to know. But there have been exciting new developments – QUERY has been approved! ⇒ T410883: Support HTTP QUERY method as standard alternative to Promise-Non-Write-API-Action header

Is this a duplicate of T372910: Make REST Handler router enforce Promise-Non-Write-API-Action header?

Thanks, good shout – this patch appears to be sufficient to make the m3api-oauth2 tests pass against my local wiki:

Slightly more readable version of what appears to be the loop:

includes/Request/WebRequest.php(860): MediaWiki\Session\SessionManager->getSessionForRequest()
includes/Permissions/PermissionManager.php(1572): MediaWiki\Request\WebRequest->getSession()
includes/Permissions/PermissionManager.php(1514): MediaWiki\Permissions\PermissionManager->getUserPermissions()
includes/Permissions/UserAuthority.php(271): MediaWiki\Permissions\PermissionManager->userHasRight()
includes/Permissions/UserAuthority.php(130): MediaWiki\Permissions\UserAuthority->internalAllowed()
includes/User/User.php(2129): MediaWiki\Permissions\UserAuthority->isAllowed()
includes/User/CentralId/LocalIdLookup.php(104): MediaWiki\User\User->isAllowed()
includes/User/CentralId/CentralIdLookup.php(238): MediaWiki\User\CentralId\LocalIdLookup->lookupCentralIds()
includes/User/CentralId/CentralIdLookup.php(316): MediaWiki\User\CentralId\CentralIdLookup->nameFromCentralId()
extensions/OAuth/src/Backend/Utils.php(292): MediaWiki\User\CentralId\CentralIdLookup->localUserFromCentralId()
extensions/OAuth/src/ResourceServer.php(180): MediaWiki\Extension\OAuth\Backend\Utils::getLocalUserFromCentralId()
extensions/OAuth/src/ResourceServer.php(157): MediaWiki\Extension\OAuth\ResourceServer->setUser()
extensions/OAuth/src/ResourceServer.php(89): MediaWiki\Extension\OAuth\ResourceServer->setVerifiedInfo()
vendor/league/oauth2-server/src/Middleware/ResourceServerMiddleware.php(54): MediaWiki\Extension\OAuth\ResourceServer->{closure:MediaWiki\Extension\OAuth\ResourceServer::verify():88}()
extensions/OAuth/src/ResourceServer.php(85): League\OAuth2\Server\Middleware\ResourceServerMiddleware->__invoke()
extensions/OAuth/src/SessionProvider.php(279): MediaWiki\Extension\OAuth\ResourceServer->verify()
extensions/OAuth/src/SessionProvider.php(109): MediaWiki\Extension\OAuth\SessionProvider->verifyOAuth2Request()
includes/Session/SessionManager.php(569): MediaWiki\Extension\OAuth\SessionProvider->provideSessionInfo()
includes/Session/SessionManager.php(136): MediaWiki\Session\SessionManager->getSessionInfoForRequest()
includes/Request/WebRequest.php(860): MediaWiki\Session\SessionManager->getSessionForRequest()
<!-- there's a hole in my bucket… -->

Hm, I think OAuth might be not so much “resource-hungry” as “broken”? When running the m3api-oauth2 integration tests against a local wiki, with very little custom OAuth configuration, it encounters this error:

Yes, same as before. This is useful data that I don’t think should be thrown away. (Also, my suggestion to exclude URLs or URL prefixes, as opposed to domains – which, to be clear, I also object to – seems to have gotten lost, as you’re again only talking about domains.)

As far as I can tell, this is working, and I just added it to the Scribunto documentation. I think we’re done here – thanks @cscott for the code review! \o/

Also I was under the impression that the rsync upload already happens from CI and not from a manual user.

Huh, thanks. @Ladsgroup could you perhaps rm -r /srv/doc/m3api/tmp-m3api-example on doc2003?

I see, thanks for explaining! Then I guess I’ll just remove the update.php call and see if anything breaks or anyone complains :)

Alright, now I think we just need someone™ with the right permissions to effectively rm -r https://doc.wikimedia.org/m3api/tmp-m3api-example/. (Looking at httpd-doc.wikimedia.org.conf, I think it would be at /srv/docroot/org/wikimedia/doc/m3api/tmp-m3api-example/? On doc1004 and/or doc2003?) @bd808 or @jnuche can you do that? :)

Well, as someone maintaining CI templates to install / set up MediaWiki (GitHub action, GitLab CI), it doesn’t sound like I can remove the update.php call yet if I want my templates to be useful for arbitrary extensions, because I don’t know if the extensions other people would like to use in their CI have been converted to virtual domains or not. (Though this is to some extent academic – I’ve advertised the CI templates a bit, but I don’t know if anyone else actually uses them.)

In T409637#11357020, @Tgr wrote:

What $wgMWOAuthCentralWiki, $wgMWOAuthSharedUserIDs and $wgMWOAuthSharedUserSource settings are you using?

Well, that sounds like it only fixes it for the OAuth extension? What about other extensions?

And I also published new releases of the other packages, so all of these work now:

I’m working around this for now on the main branch by checking out the commit just before the “bad” one.

Okay, git bisect says Deprecate $wgMWOAuthSharedUserIDs is the first bad commit. (I retried each CI job twice, i.e. three builds per commit, to hopefully rule out any flakiness. The results seem quite consistent.)

I’ll see if I can git bisect this down to a specific commit to blame…

Publishing m3api-query docs with the new v1.1.0 release worked \o/

Oops, sorry for not searching properly, this looks like it should’ve been findable.

Oh, this is interesting – it’s only reproducible if the request URL doesn’t have a “proper” path.

Looking at this code in index():

Further commits:

Looking at the code suggests that the $PUB_LOCATION is only meant to allow putting the docs into further subdirectories of the default value; changing the prefix is not allowed. Let’s just go with the longer, slightly redundant URLs then.

Nope, not allowed. CI output (not kept forever because my volunteer account doesn’t have permission to do that apparently ^^):

In T392716#11308970, @LucasWerkmeister wrote:

Bikeshedding question: what should the URLs be?

• Either:
  • https://doc.wikimedia.org/m3api/m3api/
  • https://doc.wikimedia.org/m3api/m3api-query/
  • etc.
• Or:
  • https://doc.wikimedia.org/m3api/
  • https://doc.wikimedia.org/m3api-query/
  • etc.

(We might not have a choice here – docpub might insist on one or the other – but I’m still curious if anyone has a strong opinion either way ^^)

It works \o/ \o/ \o/

Trying this out in the new tmp-m3api-example repo, using the wip branch (current tip but I may force-push that away later) of the ci-templates.

In T392716#10769070, @LucasWerkmeister wrote:

This will probably take a few attempts to get right – would it be okay to first try it out with a temporary / experimental package (still published to the “real” doc.w.o), and to then remove that again from doc.wikimedia.org later?

I believe this task can now be closed (not sure which status is best, let’s go with Resolved for now); thanks to T214998: RFC: Serve mobile and desktop variants through the same URL (unified mobile routing), opening https://en.wikipedia.org/wiki/Kecksburg_UFO_incident?wprov=yicw1 on a mobile device (tested in Firefox on Android) will now stay on the en.wikipedia.org domain (with the ?wprov= parameter intact) and display the mobile site there.

Tagging Reconciliation since Abbe98 suggested the issue might be there rather than in OpenRefine proper.

In T404934#11197217, @TheDJ wrote:

it's overflowing the controls, because it's not wide enough to show all of them. There's some sort of logic in core to show it on smaller sizes (by applying different classes), but I think because your canvas uses a different fontsize, those classes don't work here. But if you use a minimum of 350px, then it shows all the controls.

This is a problem with a local gadget (https://commons.wikimedia.org/wiki/MediaWiki:Gadget-Stockphoto.js#L-427), not the MediaWiki software, so never belonged on Phabricator.

This database table stores URLs that represent the outgoing links from articles. This exists primarily for preventing and finding undesirable links.

\o/ thanks!

I also moved all the to-be-deleted tmp-* repositories to the lucaswerkmeister/ namespace, to get them out of the children.json list immediately. (They’ll still be deleted in a week.)

Hm, I guess we need to pick a group first, I didn’t think about that yet 😅

https://gitlab.wikimedia.org/groups/repos/m3api/-/children.json works (extra repos/), I think that would be okay! (I just scheduled the tmp-* repositories for deletion, though they still show up in that JSON at the moment. If that’s a problem, I can delete them immediately.)

I’ve published 1.0.1 versions of all the libraries (Mastodon announcement), and with that I think this is done! (The remaining subtasks will hopefully happen sooner or later but I don’t consider them blockers.)

In T402700#11178601, @LucasWerkmeister wrote:

We’ll only know for sure when I do the actual migration and the first releases from GitLab

In T404516#11180360, @matmarex wrote:

Similarly to T89916, you can work around this bug by using interwiki links (or external links) in the message. I suggested doing that on-wiki: https://commons.wikimedia.org/wiki/MediaWiki_talk:Abusefilter-disallowed-cross-wiki-upload#Link_to_Special:UploadWizard_doesn't_work_when_this_error_is_displayed_inside_the_editor

Alright, I’ve created all the real repositories on GitLab and manually copied over all the releases. At some point during the next week (hopefully), I’ll publish new releases of the libraries (1.0.1, probably), both to get the new repo URLs published more widely and to test the release CI. (I don’t want to do it today, so that the release creation dates between the imported and fresh releases are different.)

o_O apparently it shows the release date in the list of releases…

Recreating all the GitHub releases on GitLab. Just a bit of manual busywork. (Notably, GitLab releases let you set the release date, so it should be possible to reflect the original release date. Yay!)

Copying @Krinkle’s comment together with my very belated reply:

We’ll only know for sure when I do the actual migration and the first releases from GitLab, but I think as far as I can tell now, this is done.

As mentioned in T392716#11178593, for now I’m leaving the docs on GitHub pages, so this task is no longer blocked on T392716. Which I think means the actual migration should be good to go now…

For now I’ve updated the CI templates to push the docs to GitHub, so the documentation can continue to be hosted on GitHub pages, unblocking the rest of the m3api migration. Maybe some day this task will happen, but after almost five months I really don’t feel like letting it block the migration any longer.

Thanks a lot! \o/