2010-09-04 04:00:09 +00:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License along
|
|
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
2010-09-05 13:31:34 +00:00
|
|
|
* @file
|
2010-09-04 04:00:09 +00:00
|
|
|
* @author Roan Kattouw
|
|
|
|
|
* @author Trevor Parscal
|
|
|
|
|
*/
|
|
|
|
|
|
2022-05-06 09:09:56 +00:00
|
|
|
namespace MediaWiki\ResourceLoader;
|
|
|
|
|
|
|
|
|
|
use BagOStuff;
|
|
|
|
|
use Config;
|
|
|
|
|
use DeferredUpdates;
|
|
|
|
|
use Exception;
|
|
|
|
|
use ExtensionRegistry;
|
|
|
|
|
use HashBagOStuff;
|
|
|
|
|
use HttpStatus;
|
|
|
|
|
use InvalidArgumentException;
|
2023-02-07 00:46:33 +00:00
|
|
|
use Less_Environment;
|
2022-05-06 09:09:56 +00:00
|
|
|
use Less_Parser;
|
2022-12-28 21:50:03 +00:00
|
|
|
use MediaWiki\CommentStore\CommentStore;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
use MediaWiki\HookContainer\HookContainer;
|
2023-02-16 19:27:21 +00:00
|
|
|
use MediaWiki\Html\Html;
|
2023-07-13 15:44:35 +00:00
|
|
|
use MediaWiki\Html\HtmlJsCode;
|
2022-04-10 15:34:45 +00:00
|
|
|
use MediaWiki\MainConfigNames;
|
2016-11-22 23:39:22 +00:00
|
|
|
use MediaWiki\MediaWikiServices;
|
2023-03-01 20:16:39 +00:00
|
|
|
use MediaWiki\Profiler\ProfilingContext;
|
2022-11-02 17:22:08 +00:00
|
|
|
use MediaWiki\Request\HeaderCallback;
|
2023-03-01 20:33:26 +00:00
|
|
|
use MediaWiki\Title\Title;
|
2022-06-27 16:06:15 +00:00
|
|
|
use MediaWiki\User\UserOptionsLookup;
|
2023-02-23 20:44:38 +00:00
|
|
|
use MediaWiki\WikiMap\WikiMap;
|
2022-05-06 09:09:56 +00:00
|
|
|
use MWExceptionHandler;
|
|
|
|
|
use MWExceptionRenderer;
|
|
|
|
|
use Net_URL2;
|
|
|
|
|
use ObjectCache;
|
|
|
|
|
use OutputPage;
|
2015-06-04 03:52:45 +00:00
|
|
|
use Psr\Log\LoggerAwareInterface;
|
|
|
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
|
use Psr\Log\NullLogger;
|
2022-05-06 09:09:56 +00:00
|
|
|
use ResourceFileCache;
|
|
|
|
|
use RuntimeException;
|
|
|
|
|
use stdClass;
|
|
|
|
|
use Throwable;
|
|
|
|
|
use UnexpectedValueException;
|
2022-10-27 13:14:16 +00:00
|
|
|
use WebRequest;
|
2019-06-29 04:50:31 +00:00
|
|
|
use Wikimedia\DependencyStore\DependencyStore;
|
|
|
|
|
use Wikimedia\DependencyStore\KeyValueDependencyStore;
|
2021-02-18 04:38:29 +00:00
|
|
|
use Wikimedia\Minify\CSSMin;
|
|
|
|
|
use Wikimedia\Minify\JavaScriptMinifier;
|
2017-02-24 16:17:16 +00:00
|
|
|
use Wikimedia\Rdbms\DBConnectionError;
|
2022-02-01 01:11:09 +00:00
|
|
|
use Wikimedia\RequestTimeout\TimeoutException;
|
2021-10-02 18:02:07 +00:00
|
|
|
use Wikimedia\ScopedCallback;
|
2019-12-01 01:58:30 +00:00
|
|
|
use Wikimedia\Timestamp\ConvertibleTimestamp;
|
2018-01-21 04:39:17 +00:00
|
|
|
use Wikimedia\WrappedString;
|
2022-05-06 09:09:56 +00:00
|
|
|
use Xml;
|
2015-06-04 03:52:45 +00:00
|
|
|
|
2010-09-05 13:31:34 +00:00
|
|
|
/**
|
2019-09-14 04:32:54 +00:00
|
|
|
* @defgroup ResourceLoader ResourceLoader
|
|
|
|
|
*
|
|
|
|
|
* For higher level documentation, see <https://www.mediawiki.org/wiki/ResourceLoader/Architecture>.
|
|
|
|
|
*/
|
|
|
|
|
|
2020-04-21 18:08:02 +00:00
|
|
|
/**
|
|
|
|
|
* @defgroup ResourceLoaderHooks ResourceLoader Hooks
|
|
|
|
|
* @ingroup ResourceLoader
|
|
|
|
|
* @ingroup Hooks
|
|
|
|
|
*/
|
|
|
|
|
|
2019-09-14 04:32:54 +00:00
|
|
|
/**
|
|
|
|
|
* ResourceLoader is a loading system for JavaScript and CSS resources.
|
|
|
|
|
*
|
|
|
|
|
* For higher level documentation, see <https://www.mediawiki.org/wiki/ResourceLoader/Architecture>.
|
2010-10-19 20:45:02 +00:00
|
|
|
*
|
2019-09-14 04:32:54 +00:00
|
|
|
* @ingroup ResourceLoader
|
|
|
|
|
* @since 1.17
|
2010-09-04 04:00:09 +00:00
|
|
|
*/
|
2015-06-04 03:52:45 +00:00
|
|
|
class ResourceLoader implements LoggerAwareInterface {
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
/** @var int */
|
|
|
|
|
public const CACHE_VERSION = 9;
|
|
|
|
|
/** @var string JavaScript / CSS pragma to disable minification. * */
|
|
|
|
|
public const FILTER_NOMIN = '/*@nomin*/';
|
|
|
|
|
|
|
|
|
|
/** @var string */
|
|
|
|
|
private const RL_DEP_STORE_PREFIX = 'ResourceLoaderModule';
|
|
|
|
|
/** @var int How long to preserve indirect dependency metadata in our backend store. */
|
ResourceLoader: Remove DependencyStore::renew
== Background
When file dependency information is lost, the startup module computes
a hash that is based on an incomplete summary of bundled resources.
This means it arrives at a "wrong" hash. Once a browser actually asks
for that version of the module, though, we rediscover the dependency
information, and subsequent startup responses will include arrive once
again at the same correct hash. These 5-minute windows of time where
the browser cache of anyone visiting is churned over are not great,
and so we try to avoid them.
The status quo is the dedicated module_deps table in core with no
expiry. This means a potential concern is building up gargage over
time for modules and extensions that no longer exist or are no longer
deployed on that wiki. In practice this has not been much of an issue,
we haven't run the cleanupRemovedModules.php or purgeModuleDeps.php
scripts in years. Once in 2017 to fix corrupt rows (T158105), and
once in 2020 to estimate needed space if we had expiries
<https://phabricator.wikimedia.org/T113916#6142457>.
Hence we're moving to mainstash via KeyValueDepStore, and not to
memcached. But for that we might as well start using experies.
To not compromise on losing dep info regularly and causing avoidable
browser cache for modules that are hot and very much still existing,
we adopted `renew()` in 5282a0296 when drafting KeyValueDepStore, so that
we keep moving the TTL of active rows forward and let the rest naturally
expire.
== Problem
The changeTTL writes are so heavy and undebounced, that it fully
saturates the hardware disk, unable to keep up simply with the amount
of streaming append-only writes to disk.
https://phabricator.wikimedia.org/T312902
== Future
Perhaps we can make this work if SqlBagOStuff in "MainStash" mode
was more efficient and lenient around changeTTL. E.g. rather than
simultanously ensure presence of the row itself for perfect eventual
consistency, maybe it could just be a light "touch" to ensure the
TTL of any such row has a given minimum TTL.
Alternatively, if we don't make it part of the generalised
SqlBag/MainStash interface but something speciifc to KeyValueDepStore,
we could also do something several orders of magnitudes more efficient,
such as only touching it once a day or once a week, instead of several
hundred times a second after every read performing a write that
amplifies the read back into a full row write, with thus a very large
and repetative binlog.
== This change
As interim measure, I propose we remove renew() and instead increase
the TTL from 1 week to 1 year. This is still shorter than "indefinite"
which is what the module_deps table does in the status quo, and that
was never an issue in practice in terms of space. This is because
the list of modules modules is quite stable. It's limited to modules
that are both file-backed (so no gadgets) and also have non-trivial
file dependencies (such as styles.less -> foo.css -> bar.svg).
== Impact
The installer and update.php (DatabaseUpdater) already clear
`module_deps` and `objectcache` so this is a non-issue for third
parties.
For WMF, it means that the maintenance script we never ran, can
be removed as it will now automatically clean up this stuff after
a year of inactivity, with a small cache churn cost to pay at that
time.
Bug: T113916
Bug: T312902
Change-Id: Ie11bdfdcf5e6724bc19ac24e4353aaea316029fd
2022-07-11 21:20:22 +00:00
|
|
|
private const RL_MODULE_DEP_TTL = BagOStuff::TTL_YEAR;
|
2022-05-15 20:36:52 +00:00
|
|
|
/** @var int */
|
|
|
|
|
private const MAXAGE_RECOVER = 60;
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
|
|
|
|
|
/** @var int|null */
|
|
|
|
|
protected static $debugMode = null;
|
|
|
|
|
|
2019-09-14 04:32:54 +00:00
|
|
|
/** @var Config */
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
private $config;
|
2019-08-01 19:53:31 +00:00
|
|
|
/** @var MessageBlobStore */
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
private $blobStore;
|
2019-06-29 04:50:31 +00:00
|
|
|
/** @var DependencyStore */
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
private $depStore;
|
2019-08-01 19:53:31 +00:00
|
|
|
/** @var LoggerInterface */
|
|
|
|
|
private $logger;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
/** @var HookContainer */
|
|
|
|
|
private $hookContainer;
|
|
|
|
|
/** @var HookRunner */
|
|
|
|
|
private $hookRunner;
|
2022-05-15 17:08:20 +00:00
|
|
|
/** @var string */
|
|
|
|
|
private $loadScript;
|
|
|
|
|
/** @var int */
|
|
|
|
|
private $maxageVersioned;
|
|
|
|
|
/** @var int */
|
|
|
|
|
private $maxageUnversioned;
|
|
|
|
|
/** @var bool */
|
|
|
|
|
private $useFileCache;
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
|
2023-03-27 23:21:06 +00:00
|
|
|
/** @var Module[] Map of (module name => Module) */
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
private $modules = [];
|
2019-08-01 19:53:31 +00:00
|
|
|
/** @var array[] Map of (module name => associative info array) */
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
private $moduleInfos = [];
|
2022-07-13 01:32:24 +00:00
|
|
|
/** @var string[] List of module names that contain QUnit tests */
|
|
|
|
|
private $testModuleNames = [];
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
/** @var string[] Map of (source => path); E.g. [ 'source-id' => 'http://.../load.php' ] */
|
|
|
|
|
private $sources = [];
|
|
|
|
|
/** @var array Errors accumulated during a respond() call. Exposed for testing. */
|
2016-02-17 09:09:32 +00:00
|
|
|
protected $errors = [];
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
/**
|
|
|
|
|
* @var string[] Buffer for extra response headers during a makeModuleResponse() call.
|
|
|
|
|
* Exposed for testing.
|
|
|
|
|
*/
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
protected $extraHeaders = [];
|
2019-06-29 04:50:31 +00:00
|
|
|
/** @var array Map of (module-variant => buffered DependencyStore updates) */
|
|
|
|
|
private $depStoreUpdateBuffer = [];
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
/**
|
|
|
|
|
* @var array Styles that are skin-specific and supplement or replace the
|
2020-03-09 20:12:45 +00:00
|
|
|
* default skinStyles of a FileModule. See $wgResourceModuleSkinStyles.
|
|
|
|
|
*/
|
|
|
|
|
private $moduleSkinStyles = [];
|
|
|
|
|
|
2010-09-29 19:04:04 +00:00
|
|
|
/**
|
2022-05-15 17:08:20 +00:00
|
|
|
* @internal For ServiceWiring only (TODO: Make stable as part of T32956).
|
|
|
|
|
* @param Config $config Generic pass-through for use by extension callbacks
|
|
|
|
|
* and other MediaWiki-specific module classes.
|
2018-06-26 21:14:43 +00:00
|
|
|
* @param LoggerInterface|null $logger [optional]
|
2019-06-29 04:50:31 +00:00
|
|
|
* @param DependencyStore|null $tracker [optional]
|
2022-05-15 17:08:20 +00:00
|
|
|
* @param array $params [optional]
|
|
|
|
|
* - loadScript: URL path to the load.php entrypoint.
|
|
|
|
|
* Default: `'/load.php'`.
|
|
|
|
|
* - maxageVersioned: HTTP cache max-age in seconds for URLs with a "version" parameter.
|
|
|
|
|
* This applies to most load.php responses, and may have a long duration (e.g. weeks or
|
|
|
|
|
* months), because a change in the module bundle will naturally produce a different URL
|
|
|
|
|
* and thus automatically bust the CDN and web browser caches.
|
|
|
|
|
* Default: 30 days.
|
|
|
|
|
* - maxageUnversioned: HTTP cache max-age in seconds for URLs without a "version" parameter.
|
|
|
|
|
* This should have a short duration (e.g. minutes), and affects the startup manifest which
|
|
|
|
|
* controls how quickly changes (in the module registry, dependency tree, or module content)
|
|
|
|
|
* will propagate to clients.
|
|
|
|
|
* Default: 5 minutes.
|
|
|
|
|
* - useFileCache: Enable use of MediaWiki's FileCache feature.
|
|
|
|
|
* See also $wgUseFileCache and ResourceFileCache.
|
|
|
|
|
* Default: `false`.
|
2010-09-29 19:04:04 +00:00
|
|
|
*/
|
2019-06-29 04:50:31 +00:00
|
|
|
public function __construct(
|
2021-03-18 01:55:53 +00:00
|
|
|
Config $config,
|
2019-06-29 04:50:31 +00:00
|
|
|
LoggerInterface $logger = null,
|
2022-05-15 17:08:20 +00:00
|
|
|
DependencyStore $tracker = null,
|
|
|
|
|
array $params = []
|
2019-06-29 04:50:31 +00:00
|
|
|
) {
|
2022-05-15 17:08:20 +00:00
|
|
|
$this->loadScript = $params['loadScript'] ?? '/load.php';
|
|
|
|
|
$this->maxageVersioned = $params['maxageVersioned'] ?? 30 * 24 * 60 * 60;
|
|
|
|
|
$this->maxageUnversioned = $params['maxageUnversioned'] ?? 5 * 60;
|
|
|
|
|
$this->useFileCache = $params['useFileCache'] ?? false;
|
|
|
|
|
|
2014-08-07 10:25:56 +00:00
|
|
|
$this->config = $config;
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
$this->logger = $logger ?: new NullLogger();
|
2014-08-07 10:25:56 +00:00
|
|
|
|
resourceloader: Improve wgResourceLoaderMaxage docs, minor clean up
The docs for wgResourceLoaderMaxage still described the "server"
and "client" subkeys, which have not existed since MW 1.35. This
was essentially a new configuration structure, add the `@since`
annotation to reflect this.
Clean up the ResourceLoader class and group together related class
members in a more logical way. Currently going for what I see various
other core components do:
* Constants: public, then private.
* Static: public, then private.
* Members: public (none), then ctor-assigned/injected stuff, then
those with defaults that start as-is.
Make most protected members private, except for those intentionally
made protected for use in tests. This class is not meant to be
extended, is not marked as stable for that purpose, and Codesearch
shows no extensions that do so.
Remove unused internal '$testModuleNames' field. This was removed in
5f47d994bc and accidentally reintroduced (unused) with 440dfcf6d87,
presumably due to a bad rebase.
Bug: T32956
Change-Id: I041a320d05c9e5f30ac9cc9270ce82c4d19a957f
2021-11-13 23:34:50 +00:00
|
|
|
$services = MediaWikiServices::getInstance();
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$this->hookContainer = $services->getHookContainer();
|
|
|
|
|
$this->hookRunner = new HookRunner( $this->hookContainer );
|
|
|
|
|
|
2011-07-26 21:10:34 +00:00
|
|
|
// Add 'local' source first
|
2022-05-15 17:08:20 +00:00
|
|
|
$this->addSource( 'local', $this->loadScript );
|
2011-07-26 21:10:34 +00:00
|
|
|
|
2019-04-06 20:41:36 +00:00
|
|
|
// Special module that always exists
|
2022-05-06 09:09:56 +00:00
|
|
|
$this->register( 'startup', [ 'class' => StartUpModule::class ] );
|
2019-04-06 20:41:36 +00:00
|
|
|
|
2020-02-10 23:18:09 +00:00
|
|
|
$this->setMessageBlobStore(
|
|
|
|
|
new MessageBlobStore( $this, $this->logger, $services->getMainWANObjectCache() )
|
|
|
|
|
);
|
2019-06-29 04:50:31 +00:00
|
|
|
|
|
|
|
|
$tracker = $tracker ?: new KeyValueDependencyStore( new HashBagOStuff() );
|
|
|
|
|
$this->setDependencyStore( $tracker );
|
2010-09-29 19:04:04 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2014-08-07 10:25:56 +00:00
|
|
|
/**
|
|
|
|
|
* @return Config
|
|
|
|
|
*/
|
|
|
|
|
public function getConfig() {
|
|
|
|
|
return $this->config;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-10 03:12:24 +00:00
|
|
|
/**
|
|
|
|
|
* @since 1.26
|
|
|
|
|
* @param LoggerInterface $logger
|
|
|
|
|
*/
|
2015-06-04 03:52:45 +00:00
|
|
|
public function setLogger( LoggerInterface $logger ) {
|
|
|
|
|
$this->logger = $logger;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-10 03:12:24 +00:00
|
|
|
/**
|
|
|
|
|
* @since 1.27
|
|
|
|
|
* @return LoggerInterface
|
|
|
|
|
*/
|
|
|
|
|
public function getLogger() {
|
|
|
|
|
return $this->logger;
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-29 04:24:31 +00:00
|
|
|
/**
|
2015-05-14 19:05:47 +00:00
|
|
|
* @since 1.26
|
|
|
|
|
* @return MessageBlobStore
|
|
|
|
|
*/
|
|
|
|
|
public function getMessageBlobStore() {
|
|
|
|
|
return $this->blobStore;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2015-03-29 04:24:31 +00:00
|
|
|
* @since 1.25
|
2015-05-14 19:05:47 +00:00
|
|
|
* @param MessageBlobStore $blobStore
|
2015-03-29 04:24:31 +00:00
|
|
|
*/
|
|
|
|
|
public function setMessageBlobStore( MessageBlobStore $blobStore ) {
|
|
|
|
|
$this->blobStore = $blobStore;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-29 04:50:31 +00:00
|
|
|
/**
|
|
|
|
|
* @since 1.35
|
|
|
|
|
* @param DependencyStore $tracker
|
|
|
|
|
*/
|
|
|
|
|
public function setDependencyStore( DependencyStore $tracker ) {
|
|
|
|
|
$this->depStore = $tracker;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-09 20:12:45 +00:00
|
|
|
/**
|
|
|
|
|
* @internal For use by ServiceWiring.php
|
|
|
|
|
* @param array $moduleSkinStyles
|
|
|
|
|
*/
|
|
|
|
|
public function setModuleSkinStyles( array $moduleSkinStyles ) {
|
|
|
|
|
$this->moduleSkinStyles = $moduleSkinStyles;
|
|
|
|
|
}
|
|
|
|
|
|
2010-09-04 04:00:09 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Register a module with the ResourceLoader system.
|
2011-06-17 16:05:05 +00:00
|
|
|
*
|
2020-11-27 02:47:45 +00:00
|
|
|
* @see $wgResourceModules for the available options.
|
2019-07-11 17:09:23 +00:00
|
|
|
* @param string|array[] $name Module name as a string or, array of module info arrays
|
|
|
|
|
* keyed by name.
|
|
|
|
|
* @param array|null $info Module info array. When using the first parameter to register
|
|
|
|
|
* multiple modules at once, this parameter is optional.
|
2020-02-21 00:26:07 +00:00
|
|
|
* @throws InvalidArgumentException If a module name contains illegal characters (pipes or commas)
|
2019-07-11 17:09:23 +00:00
|
|
|
* @throws InvalidArgumentException If the module info is not an array
|
2010-09-04 04:00:09 +00:00
|
|
|
*/
|
2020-02-21 00:26:07 +00:00
|
|
|
public function register( $name, array $info = null ) {
|
2010-09-04 04:00:09 +00:00
|
|
|
// Allow multiple modules to be registered in one call
|
2016-02-17 09:09:32 +00:00
|
|
|
$registrations = is_array( $name ) ? $name : [ $name => $info ];
|
2011-11-19 16:02:26 +00:00
|
|
|
foreach ( $registrations as $name => $info ) {
|
2015-10-26 18:23:43 +00:00
|
|
|
// Warn on duplicate registrations
|
2011-11-19 16:02:26 +00:00
|
|
|
if ( isset( $this->moduleInfos[$name] ) ) {
|
|
|
|
|
// A module has already been registered by this name
|
2015-10-27 07:44:47 +00:00
|
|
|
$this->logger->warning(
|
|
|
|
|
'ResourceLoader duplicate registration warning. ' .
|
|
|
|
|
'Another module has already been registered as ' . $name
|
|
|
|
|
);
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2011-06-17 16:05:05 +00:00
|
|
|
|
2019-07-11 17:09:23 +00:00
|
|
|
// Check validity
|
2012-05-09 21:10:33 +00:00
|
|
|
if ( !self::isValidModuleName( $name ) ) {
|
2020-02-21 00:26:07 +00:00
|
|
|
throw new InvalidArgumentException( "ResourceLoader module name '$name' is invalid, "
|
2014-05-10 08:39:37 +00:00
|
|
|
. "see ResourceLoader::isValidModuleName()" );
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
}
|
2019-07-11 17:09:23 +00:00
|
|
|
if ( !is_array( $info ) ) {
|
|
|
|
|
throw new InvalidArgumentException(
|
|
|
|
|
'Invalid module info for "' . $name . '": expected array, got ' . gettype( $info )
|
2014-04-03 23:09:09 +00:00
|
|
|
);
|
2011-11-19 16:02:26 +00:00
|
|
|
}
|
2014-06-26 14:29:31 +00:00
|
|
|
|
2019-07-11 17:09:23 +00:00
|
|
|
// Attach module
|
|
|
|
|
$this->moduleInfos[$name] = $info;
|
2010-09-29 23:57:53 +00:00
|
|
|
}
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2019-04-17 14:17:15 +00:00
|
|
|
/**
|
|
|
|
|
* @internal For use by ServiceWiring only
|
2019-07-30 15:06:35 +00:00
|
|
|
* @codeCoverageIgnore
|
2019-04-17 14:17:15 +00:00
|
|
|
*/
|
2021-07-22 03:11:47 +00:00
|
|
|
public function registerTestModules(): void {
|
2019-01-18 20:21:35 +00:00
|
|
|
$extRegistry = ExtensionRegistry::getInstance();
|
2022-11-29 03:13:52 +00:00
|
|
|
$testModules = $extRegistry->getAttribute( 'QUnitTestModules' );
|
2012-01-03 18:33:26 +00:00
|
|
|
|
2022-07-13 01:32:24 +00:00
|
|
|
$testModuleNames = [];
|
2019-07-30 15:06:35 +00:00
|
|
|
foreach ( $testModules as $name => &$module ) {
|
|
|
|
|
// Turn any single-module dependency into an array
|
2019-02-27 15:48:58 +00:00
|
|
|
if ( isset( $module['dependencies'] ) && is_string( $module['dependencies'] ) ) {
|
2019-02-20 12:55:51 +00:00
|
|
|
$module['dependencies'] = [ $module['dependencies'] ];
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-13 01:32:24 +00:00
|
|
|
// Ensure the testrunner loads before any tests
|
2019-10-04 17:43:38 +00:00
|
|
|
$module['dependencies'][] = 'mediawiki.qunit-testrunner';
|
2012-01-03 18:33:26 +00:00
|
|
|
|
2022-07-13 01:32:24 +00:00
|
|
|
// Keep track of the modules to load on SpecialJavaScriptTest
|
|
|
|
|
$testModuleNames[] = $name;
|
2019-07-30 15:06:35 +00:00
|
|
|
}
|
2014-02-05 05:17:48 +00:00
|
|
|
|
2022-07-13 01:32:24 +00:00
|
|
|
// Core test modules (their names have further precedence).
|
2022-05-15 17:08:20 +00:00
|
|
|
$testModules = ( include MW_INSTALL_PATH . '/tests/qunit/QUnitTestResources.php' ) + $testModules;
|
2022-07-13 01:32:24 +00:00
|
|
|
$testModuleNames[] = 'test.MediaWiki';
|
2012-01-03 18:33:26 +00:00
|
|
|
|
2019-07-30 15:06:35 +00:00
|
|
|
$this->register( $testModules );
|
2022-07-13 01:32:24 +00:00
|
|
|
$this->testModuleNames = $testModuleNames;
|
2012-01-03 18:33:26 +00:00
|
|
|
}
|
|
|
|
|
|
2011-07-26 21:10:34 +00:00
|
|
|
/**
|
|
|
|
|
* Add a foreign source of modules.
|
2011-10-14 08:06:54 +00:00
|
|
|
*
|
2015-11-20 00:48:01 +00:00
|
|
|
* Source IDs are typically the same as the Wiki ID or database name (e.g. lowercase a-z).
|
|
|
|
|
*
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param array|string $sources Source ID (string), or [ id1 => loadUrl, id2 => loadUrl, ... ]
|
2018-06-26 21:14:43 +00:00
|
|
|
* @param string|array|null $loadUrl load.php url (string), or array with loadUrl key for
|
2014-09-13 06:30:48 +00:00
|
|
|
* backwards-compatibility.
|
2020-02-21 00:26:07 +00:00
|
|
|
* @throws InvalidArgumentException If array-form $loadUrl lacks a 'loadUrl' key.
|
2011-07-26 21:10:34 +00:00
|
|
|
*/
|
2020-02-21 00:26:07 +00:00
|
|
|
public function addSource( $sources, $loadUrl = null ) {
|
|
|
|
|
if ( !is_array( $sources ) ) {
|
|
|
|
|
$sources = [ $sources => $loadUrl ];
|
|
|
|
|
}
|
|
|
|
|
foreach ( $sources as $id => $source ) {
|
|
|
|
|
// Disallow duplicates
|
|
|
|
|
if ( isset( $this->sources[$id] ) ) {
|
|
|
|
|
throw new RuntimeException( 'Cannot register source ' . $id . ' twice' );
|
2011-07-26 21:10:34 +00:00
|
|
|
}
|
|
|
|
|
|
2020-02-21 00:26:07 +00:00
|
|
|
// Support: MediaWiki 1.24 and earlier
|
|
|
|
|
if ( is_array( $source ) ) {
|
|
|
|
|
if ( !isset( $source['loadScript'] ) ) {
|
|
|
|
|
throw new InvalidArgumentException( 'Each source must have a "loadScript" key' );
|
|
|
|
|
}
|
|
|
|
|
$source = $source['loadScript'];
|
2011-07-26 21:10:34 +00:00
|
|
|
}
|
2014-08-25 08:02:48 +00:00
|
|
|
|
2020-02-21 00:26:07 +00:00
|
|
|
$this->sources[$id] = $source;
|
2011-07-26 21:10:34 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2020-10-28 10:01:33 +00:00
|
|
|
* @return string[]
|
2010-09-04 04:00:09 +00:00
|
|
|
*/
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
public function getModuleNames() {
|
|
|
|
|
return array_keys( $this->moduleInfos );
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2012-10-19 20:03:05 +00:00
|
|
|
|
2012-10-26 15:42:13 +00:00
|
|
|
/**
|
2022-07-13 01:32:24 +00:00
|
|
|
* Get a list of modules with QUnit tests.
|
2014-03-07 16:50:57 +00:00
|
|
|
*
|
2019-07-30 15:06:35 +00:00
|
|
|
* @internal For use by SpecialJavaScriptTest only
|
2020-10-28 10:01:33 +00:00
|
|
|
* @return string[]
|
2019-07-30 15:06:35 +00:00
|
|
|
* @codeCoverageIgnore
|
2012-01-03 18:33:26 +00:00
|
|
|
*/
|
2019-07-30 15:06:35 +00:00
|
|
|
public function getTestSuiteModuleNames() {
|
2022-07-13 01:32:24 +00:00
|
|
|
return $this->testModuleNames;
|
2012-01-03 18:33:26 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2015-01-30 21:36:52 +00:00
|
|
|
/**
|
|
|
|
|
* Check whether a ResourceLoader module is registered
|
|
|
|
|
*
|
|
|
|
|
* @since 1.25
|
|
|
|
|
* @param string $name
|
|
|
|
|
* @return bool
|
|
|
|
|
*/
|
|
|
|
|
public function isModuleRegistered( $name ) {
|
|
|
|
|
return isset( $this->moduleInfos[$name] );
|
|
|
|
|
}
|
|
|
|
|
|
2010-09-04 04:00:09 +00:00
|
|
|
/**
|
2022-05-06 09:09:56 +00:00
|
|
|
* Get the Module object for a given module name.
|
2010-09-05 13:31:34 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* If an array of module parameters exists but a Module object has not yet
|
|
|
|
|
* been instantiated, this method will instantiate and cache that object such that
|
2014-04-03 23:09:09 +00:00
|
|
|
* subsequent calls simply return the same object.
|
|
|
|
|
*
|
2013-03-11 17:15:01 +00:00
|
|
|
* @param string $name Module name
|
2022-05-06 09:09:56 +00:00
|
|
|
* @return Module|null If module has been registered, return a
|
|
|
|
|
* Module instance. Otherwise, return null.
|
2010-09-04 04:00:09 +00:00
|
|
|
*/
|
2010-09-29 19:04:04 +00:00
|
|
|
public function getModule( $name ) {
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
if ( !isset( $this->modules[$name] ) ) {
|
|
|
|
|
if ( !isset( $this->moduleInfos[$name] ) ) {
|
|
|
|
|
// No such module
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2019-07-11 17:09:23 +00:00
|
|
|
// Construct the requested module object
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
$info = $this->moduleInfos[$name];
|
2019-07-11 17:09:23 +00:00
|
|
|
if ( isset( $info['factory'] ) ) {
|
2022-05-06 09:09:56 +00:00
|
|
|
/** @var Module $object */
|
2017-05-04 16:10:28 +00:00
|
|
|
$object = call_user_func( $info['factory'], $info );
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
} else {
|
2022-05-06 09:09:56 +00:00
|
|
|
$class = $info['class'] ?? FileModule::class;
|
|
|
|
|
/** @var Module $object */
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
$object = new $class( $info );
|
|
|
|
|
}
|
2019-07-11 17:09:23 +00:00
|
|
|
$object->setConfig( $this->getConfig() );
|
|
|
|
|
$object->setLogger( $this->logger );
|
Hooks::run() call site migration
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
2020-03-19 02:42:09 +00:00
|
|
|
$object->setHookContainer( $this->hookContainer );
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
$object->setName( $name );
|
2019-06-29 04:50:31 +00:00
|
|
|
$object->setDependencyAccessCallbacks(
|
|
|
|
|
[ $this, 'loadModuleDependenciesInternal' ],
|
|
|
|
|
[ $this, 'saveModuleDependenciesInternal' ]
|
|
|
|
|
);
|
2021-08-11 18:53:15 +00:00
|
|
|
$object->setSkinStylesOverride( $this->moduleSkinStyles );
|
* Made Resources.php return a pure-data array instead of an ugly mix of data and code. This allows the class code to be lazy-loaded with the autoloader, for a performance advantage especially on non-APC installs. And using the convention where if the class is omitted, ResourceLoaderFileModule is assumed, the registration code becomes shorter and simpler.
* Modified ResourceLoader to lazy-initialise module objects, for a further performance advantage.
* Deleted ResourceLoader::getModules(), provided getModuleNames() instead. Although the startup module needs this functionality, it's slow to generate, so to avoid misuse, it's better to provide a foolproof fast interface and let the startup module do the slow thing itself.
* Modified ResourceLoader::register() to optionally accept an info array instead of an object.
* Added $wgResourceModules, allowing extensions to efficiently define their own resource loader modules. The trouble with hooks is that they contain code, and code is slow. We've been through all this before with i18n. Hooks are useful as a performance tool only if you call them very rarely.
* Moved ResourceLoader settings to their own section in DefaultSettings.php
* Added options to ResourceLoaderFileModule equivalent to the $localBasePath and $remoteBasePath parameters, to allow it to be instantiated via the new array style. Also added remoteExtPath, which allows modules to be registered before $wgExtensionAssetsPath is known.
* Added OutputPage::getResourceLoader(), mostly for debugging.
* The time saving at the moment is about 5ms per request with no extensions, which is significant already with 6 load.php requests for a cold cache page view. This is a much more scalable interface; the relative saving will grow as more extensions are added which use this interface, especially for non-APC installs.
Although the interface is backwards compatible, extension updates will follow in a subsequent commit.
2010-11-19 10:41:06 +00:00
|
|
|
$this->modules[$name] = $object;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $this->modules[$name];
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2022-05-12 23:04:44 +00:00
|
|
|
/**
|
|
|
|
|
* Load information stored in the database and dependency tracking store about modules
|
|
|
|
|
*
|
|
|
|
|
* @param string[] $moduleNames
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context ResourceLoader-specific context of the request
|
2022-05-12 23:04:44 +00:00
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
public function preloadModuleInfo( array $moduleNames, Context $context ) {
|
2022-05-12 23:04:44 +00:00
|
|
|
// Load all tracked indirect file dependencies for the modules
|
2022-05-06 09:09:56 +00:00
|
|
|
$vary = Module::getVary( $context );
|
2022-05-12 23:04:44 +00:00
|
|
|
$entitiesByModule = [];
|
|
|
|
|
foreach ( $moduleNames as $moduleName ) {
|
|
|
|
|
$entitiesByModule[$moduleName] = "$moduleName|$vary";
|
|
|
|
|
}
|
|
|
|
|
$depsByEntity = $this->depStore->retrieveMulti(
|
|
|
|
|
self::RL_DEP_STORE_PREFIX,
|
|
|
|
|
$entitiesByModule
|
|
|
|
|
);
|
|
|
|
|
// Inject the indirect file dependencies for all the modules
|
|
|
|
|
foreach ( $moduleNames as $moduleName ) {
|
|
|
|
|
$module = $this->getModule( $moduleName );
|
|
|
|
|
if ( $module ) {
|
|
|
|
|
$entity = $entitiesByModule[$moduleName];
|
|
|
|
|
$deps = $depsByEntity[$entity];
|
2022-05-06 09:09:56 +00:00
|
|
|
$paths = Module::expandRelativePaths( $deps['paths'] );
|
2022-05-12 23:04:44 +00:00
|
|
|
$module->setFileDependencies( $context, $paths );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-16 22:13:26 +00:00
|
|
|
// Batched version of WikiModule::getTitleInfo
|
2022-05-12 23:04:44 +00:00
|
|
|
$dbr = wfGetDB( DB_REPLICA );
|
2022-05-06 09:09:56 +00:00
|
|
|
WikiModule::preloadTitleInfo( $context, $dbr, $moduleNames );
|
2022-05-12 23:04:44 +00:00
|
|
|
|
|
|
|
|
// Prime in-object cache for message blobs for modules with messages
|
|
|
|
|
$modulesWithMessages = [];
|
|
|
|
|
foreach ( $moduleNames as $moduleName ) {
|
|
|
|
|
$module = $this->getModule( $moduleName );
|
|
|
|
|
if ( $module && $module->getMessages() ) {
|
|
|
|
|
$modulesWithMessages[$moduleName] = $module;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// Prime in-object cache for message blobs for modules with messages
|
|
|
|
|
$lang = $context->getLanguage();
|
|
|
|
|
$store = $this->getMessageBlobStore();
|
|
|
|
|
$blobs = $store->getBlobs( $modulesWithMessages, $lang );
|
|
|
|
|
foreach ( $blobs as $moduleName => $blob ) {
|
|
|
|
|
$modulesWithMessages[$moduleName]->setMessageBlob( $blob, $lang );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-29 04:50:31 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* @internal Exposed for letting getModule() pass the callable to DependencyStore
|
2021-11-26 15:21:17 +00:00
|
|
|
* @param string $moduleName
|
2019-06-29 04:50:31 +00:00
|
|
|
* @param string $variant Language/skin variant
|
|
|
|
|
* @return string[] List of absolute file paths
|
|
|
|
|
*/
|
|
|
|
|
public function loadModuleDependenciesInternal( $moduleName, $variant ) {
|
|
|
|
|
$deps = $this->depStore->retrieve( self::RL_DEP_STORE_PREFIX, "$moduleName|$variant" );
|
|
|
|
|
|
2022-05-06 09:09:56 +00:00
|
|
|
return Module::expandRelativePaths( $deps['paths'] );
|
2019-06-29 04:50:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* @internal Exposed for letting getModule() pass the callable to DependencyStore
|
2021-11-26 15:21:17 +00:00
|
|
|
* @param string $moduleName
|
2019-06-29 04:50:31 +00:00
|
|
|
* @param string $variant Language/skin variant
|
|
|
|
|
* @param string[] $paths List of relative paths referenced during computation
|
|
|
|
|
* @param string[] $priorPaths List of relative paths tracked in the dependency store
|
|
|
|
|
*/
|
|
|
|
|
public function saveModuleDependenciesInternal( $moduleName, $variant, $paths, $priorPaths ) {
|
|
|
|
|
$hasPendingUpdate = (bool)$this->depStoreUpdateBuffer;
|
|
|
|
|
$entity = "$moduleName|$variant";
|
|
|
|
|
|
|
|
|
|
if ( array_diff( $paths, $priorPaths ) || array_diff( $priorPaths, $paths ) ) {
|
|
|
|
|
// Dependency store needs to be updated with the new path list
|
|
|
|
|
if ( $paths ) {
|
|
|
|
|
$deps = $this->depStore->newEntityDependencies( $paths, time() );
|
|
|
|
|
$this->depStoreUpdateBuffer[$entity] = $deps;
|
|
|
|
|
} else {
|
|
|
|
|
$this->depStoreUpdateBuffer[$entity] = null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
ResourceLoader: Remove DependencyStore::renew
== Background
When file dependency information is lost, the startup module computes
a hash that is based on an incomplete summary of bundled resources.
This means it arrives at a "wrong" hash. Once a browser actually asks
for that version of the module, though, we rediscover the dependency
information, and subsequent startup responses will include arrive once
again at the same correct hash. These 5-minute windows of time where
the browser cache of anyone visiting is churned over are not great,
and so we try to avoid them.
The status quo is the dedicated module_deps table in core with no
expiry. This means a potential concern is building up gargage over
time for modules and extensions that no longer exist or are no longer
deployed on that wiki. In practice this has not been much of an issue,
we haven't run the cleanupRemovedModules.php or purgeModuleDeps.php
scripts in years. Once in 2017 to fix corrupt rows (T158105), and
once in 2020 to estimate needed space if we had expiries
<https://phabricator.wikimedia.org/T113916#6142457>.
Hence we're moving to mainstash via KeyValueDepStore, and not to
memcached. But for that we might as well start using experies.
To not compromise on losing dep info regularly and causing avoidable
browser cache for modules that are hot and very much still existing,
we adopted `renew()` in 5282a0296 when drafting KeyValueDepStore, so that
we keep moving the TTL of active rows forward and let the rest naturally
expire.
== Problem
The changeTTL writes are so heavy and undebounced, that it fully
saturates the hardware disk, unable to keep up simply with the amount
of streaming append-only writes to disk.
https://phabricator.wikimedia.org/T312902
== Future
Perhaps we can make this work if SqlBagOStuff in "MainStash" mode
was more efficient and lenient around changeTTL. E.g. rather than
simultanously ensure presence of the row itself for perfect eventual
consistency, maybe it could just be a light "touch" to ensure the
TTL of any such row has a given minimum TTL.
Alternatively, if we don't make it part of the generalised
SqlBag/MainStash interface but something speciifc to KeyValueDepStore,
we could also do something several orders of magnitudes more efficient,
such as only touching it once a day or once a week, instead of several
hundred times a second after every read performing a write that
amplifies the read back into a full row write, with thus a very large
and repetative binlog.
== This change
As interim measure, I propose we remove renew() and instead increase
the TTL from 1 week to 1 year. This is still shorter than "indefinite"
which is what the module_deps table does in the status quo, and that
was never an issue in practice in terms of space. This is because
the list of modules modules is quite stable. It's limited to modules
that are both file-backed (so no gadgets) and also have non-trivial
file dependencies (such as styles.less -> foo.css -> bar.svg).
== Impact
The installer and update.php (DatabaseUpdater) already clear
`module_deps` and `objectcache` so this is a non-issue for third
parties.
For WMF, it means that the maintenance script we never ran, can
be removed as it will now automatically clean up this stuff after
a year of inactivity, with a small cache churn cost to pay at that
time.
Bug: T113916
Bug: T312902
Change-Id: Ie11bdfdcf5e6724bc19ac24e4353aaea316029fd
2022-07-11 21:20:22 +00:00
|
|
|
// If paths were unchanged, leave the dependency store unchanged also.
|
|
|
|
|
// The entry will eventually expire, after which we will briefly issue an incomplete
|
|
|
|
|
// version hash for a 5-min startup window, the module then recomputes and rediscovers
|
|
|
|
|
// the paths and arrive at the same module version hash once again. It will churn
|
|
|
|
|
// part of the browser cache once, for clients connecting during that window.
|
|
|
|
|
|
2019-06-29 04:50:31 +00:00
|
|
|
if ( !$hasPendingUpdate ) {
|
|
|
|
|
DeferredUpdates::addCallableUpdate( function () {
|
|
|
|
|
$updatesByEntity = $this->depStoreUpdateBuffer;
|
ResourceLoader: Remove DependencyStore::renew
== Background
When file dependency information is lost, the startup module computes
a hash that is based on an incomplete summary of bundled resources.
This means it arrives at a "wrong" hash. Once a browser actually asks
for that version of the module, though, we rediscover the dependency
information, and subsequent startup responses will include arrive once
again at the same correct hash. These 5-minute windows of time where
the browser cache of anyone visiting is churned over are not great,
and so we try to avoid them.
The status quo is the dedicated module_deps table in core with no
expiry. This means a potential concern is building up gargage over
time for modules and extensions that no longer exist or are no longer
deployed on that wiki. In practice this has not been much of an issue,
we haven't run the cleanupRemovedModules.php or purgeModuleDeps.php
scripts in years. Once in 2017 to fix corrupt rows (T158105), and
once in 2020 to estimate needed space if we had expiries
<https://phabricator.wikimedia.org/T113916#6142457>.
Hence we're moving to mainstash via KeyValueDepStore, and not to
memcached. But for that we might as well start using experies.
To not compromise on losing dep info regularly and causing avoidable
browser cache for modules that are hot and very much still existing,
we adopted `renew()` in 5282a0296 when drafting KeyValueDepStore, so that
we keep moving the TTL of active rows forward and let the rest naturally
expire.
== Problem
The changeTTL writes are so heavy and undebounced, that it fully
saturates the hardware disk, unable to keep up simply with the amount
of streaming append-only writes to disk.
https://phabricator.wikimedia.org/T312902
== Future
Perhaps we can make this work if SqlBagOStuff in "MainStash" mode
was more efficient and lenient around changeTTL. E.g. rather than
simultanously ensure presence of the row itself for perfect eventual
consistency, maybe it could just be a light "touch" to ensure the
TTL of any such row has a given minimum TTL.
Alternatively, if we don't make it part of the generalised
SqlBag/MainStash interface but something speciifc to KeyValueDepStore,
we could also do something several orders of magnitudes more efficient,
such as only touching it once a day or once a week, instead of several
hundred times a second after every read performing a write that
amplifies the read back into a full row write, with thus a very large
and repetative binlog.
== This change
As interim measure, I propose we remove renew() and instead increase
the TTL from 1 week to 1 year. This is still shorter than "indefinite"
which is what the module_deps table does in the status quo, and that
was never an issue in practice in terms of space. This is because
the list of modules modules is quite stable. It's limited to modules
that are both file-backed (so no gadgets) and also have non-trivial
file dependencies (such as styles.less -> foo.css -> bar.svg).
== Impact
The installer and update.php (DatabaseUpdater) already clear
`module_deps` and `objectcache` so this is a non-issue for third
parties.
For WMF, it means that the maintenance script we never ran, can
be removed as it will now automatically clean up this stuff after
a year of inactivity, with a small cache churn cost to pay at that
time.
Bug: T113916
Bug: T312902
Change-Id: Ie11bdfdcf5e6724bc19ac24e4353aaea316029fd
2022-07-11 21:20:22 +00:00
|
|
|
$this->depStoreUpdateBuffer = [];
|
2019-06-29 04:50:31 +00:00
|
|
|
$cache = ObjectCache::getLocalClusterInstance();
|
|
|
|
|
|
|
|
|
|
$scopeLocks = [];
|
|
|
|
|
$depsByEntity = [];
|
|
|
|
|
$entitiesUnreg = [];
|
|
|
|
|
foreach ( $updatesByEntity as $entity => $update ) {
|
2020-05-18 22:52:20 +00:00
|
|
|
$lockKey = $cache->makeKey( 'rl-deps', $entity );
|
|
|
|
|
$scopeLocks[$entity] = $cache->getScopedLock( $lockKey, 0 );
|
2019-06-29 04:50:31 +00:00
|
|
|
if ( !$scopeLocks[$entity] ) {
|
2020-05-18 22:52:20 +00:00
|
|
|
// avoid duplicate write request slams (T124649)
|
|
|
|
|
// the lock must be specific to the current wiki (T247028)
|
|
|
|
|
continue;
|
2021-08-17 20:51:43 +00:00
|
|
|
}
|
|
|
|
|
if ( $update === null ) {
|
2019-06-29 04:50:31 +00:00
|
|
|
$entitiesUnreg[] = $entity;
|
|
|
|
|
} else {
|
|
|
|
|
$depsByEntity[$entity] = $update;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$ttl = self::RL_MODULE_DEP_TTL;
|
|
|
|
|
$this->depStore->storeMulti( self::RL_DEP_STORE_PREFIX, $depsByEntity, $ttl );
|
|
|
|
|
$this->depStore->remove( self::RL_DEP_STORE_PREFIX, $entitiesUnreg );
|
|
|
|
|
} );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-26 21:10:34 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Get the list of sources.
|
2011-10-14 08:06:54 +00:00
|
|
|
*
|
2016-08-13 01:10:40 +00:00
|
|
|
* @return array Like [ id => load.php url, ... ]
|
2011-07-26 21:10:34 +00:00
|
|
|
*/
|
|
|
|
|
public function getSources() {
|
|
|
|
|
return $this->sources;
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 02:57:40 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Get the URL to the load.php endpoint for the given ResourceLoader source.
|
2014-06-28 02:57:40 +00:00
|
|
|
*
|
|
|
|
|
* @since 1.24
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param string $source Source ID
|
2014-06-28 02:57:40 +00:00
|
|
|
* @return string
|
2020-02-21 00:26:07 +00:00
|
|
|
* @throws UnexpectedValueException If the source ID was not registered
|
2014-06-28 02:57:40 +00:00
|
|
|
*/
|
|
|
|
|
public function getLoadScript( $source ) {
|
|
|
|
|
if ( !isset( $this->sources[$source] ) ) {
|
2020-02-21 00:26:07 +00:00
|
|
|
throw new UnexpectedValueException( "Unknown source '$source'" );
|
2014-06-28 02:57:40 +00:00
|
|
|
}
|
2014-08-25 08:02:48 +00:00
|
|
|
return $this->sources[$source];
|
2014-06-28 02:57:40 +00:00
|
|
|
}
|
|
|
|
|
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
/**
|
2022-05-06 09:09:56 +00:00
|
|
|
* @internal For use by StartUpModule only.
|
2019-07-29 16:15:23 +00:00
|
|
|
*/
|
2020-05-15 21:36:51 +00:00
|
|
|
public const HASH_LENGTH = 5;
|
2019-07-29 16:15:23 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create a hash for module versioning purposes.
|
|
|
|
|
*
|
|
|
|
|
* This hash is used in three ways:
|
|
|
|
|
*
|
|
|
|
|
* - To differentiate between the current version and a past version
|
|
|
|
|
* of a module by the same name.
|
|
|
|
|
*
|
|
|
|
|
* In the cache key of localStorage in the browser (mw.loader.store).
|
|
|
|
|
* This store keeps only one version of any given module. As long as the
|
|
|
|
|
* next version the client encounters has a different hash from the last
|
|
|
|
|
* version it saw, it will correctly discard it in favour of a network fetch.
|
|
|
|
|
*
|
|
|
|
|
* A browser may evict a site's storage container for any reason (e.g. when
|
|
|
|
|
* the user hasn't visited a site for some time, and/or when the device is
|
|
|
|
|
* low on storage space). Anecdotally it seems devices rarely keep unused
|
|
|
|
|
* storage beyond 2 weeks on mobile devices and 4 weeks on desktop.
|
|
|
|
|
* But, there is no hard limit or expiration on localStorage.
|
|
|
|
|
* ResourceLoader's Client also clears localStorage when the user changes
|
|
|
|
|
* their language preference or when they (temporarily) use Debug Mode.
|
|
|
|
|
*
|
|
|
|
|
* The only hard factors that reduce the range of possible versions are
|
|
|
|
|
* 1) the name and existence of a given module, and
|
|
|
|
|
* 2) the TTL for mw.loader.store, and
|
|
|
|
|
* 3) the `$wgResourceLoaderStorageVersion` configuration variable.
|
|
|
|
|
*
|
|
|
|
|
* - To identify a batch response of modules from load.php in an HTTP cache.
|
|
|
|
|
*
|
|
|
|
|
* When fetching modules in a batch from load.php, a combined hash
|
|
|
|
|
* is created by the JS code, and appended as query parameter.
|
|
|
|
|
*
|
|
|
|
|
* In cache proxies (e.g. Varnish, Nginx) and in the browser's HTTP cache,
|
|
|
|
|
* these urls are used to identify other previously cached responses.
|
|
|
|
|
* The range of possible versions a given version has to be unique amongst
|
|
|
|
|
* is determined by the maximum duration each response is stored for, which
|
|
|
|
|
* is controlled by `$wgResourceLoaderMaxage['versioned']`.
|
|
|
|
|
*
|
|
|
|
|
* - To detect race conditions between multiple web servers in a MediaWiki
|
|
|
|
|
* deployment of which some have the newer version and some still the older
|
|
|
|
|
* version.
|
|
|
|
|
*
|
|
|
|
|
* An HTTP request from a browser for the Startup manifest may be responded
|
|
|
|
|
* to by a server with the newer version. The browser may then use that to
|
|
|
|
|
* request a given module, which may then be responded to by a server with
|
|
|
|
|
* the older version. To avoid caching this for too long (which would pollute
|
|
|
|
|
* all other users without repairing itself), the combined hash that the JS
|
|
|
|
|
* client adds to the url is verified by the server (in ::sendResponseHeaders).
|
|
|
|
|
* If they don't match, we instruct cache proxies and clients to not cache
|
|
|
|
|
* this response as long as they normally would. This is also the reason
|
|
|
|
|
* that the algorithm used here in PHP must match the one used in JS.
|
|
|
|
|
*
|
|
|
|
|
* The fnv132 digest creates a 32-bit integer, which goes upto 4 Giga and
|
|
|
|
|
* needs up to 7 chars in base 36.
|
|
|
|
|
* Within 7 characters, base 36 can count up to 78,364,164,096 (78 Giga),
|
|
|
|
|
* (but with fnv132 we'd use very little of this range, mostly padding).
|
|
|
|
|
* Within 6 characters, base 36 can count up to 2,176,782,336 (2 Giga).
|
|
|
|
|
* Within 5 characters, base 36 can count up to 60,466,176 (60 Mega).
|
|
|
|
|
*
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* @since 1.26
|
|
|
|
|
* @param string $value
|
|
|
|
|
* @return string Hash
|
|
|
|
|
*/
|
|
|
|
|
public static function makeHash( $value ) {
|
resourceloader: Replace SHA1 with 32-bit FNV-1 as hash function
SHA-1 is not secure enough to be used as a cryptographic hash function, and its
implementation in JavaScript is too long and too slow for it to be a good
general-purpose hash function. And we currently throw away most of the work:
SHA-1 produces 160-bit hash values, of which we keep 48.
Although the JavaScript implementation is not exported, SHA-1 is a well-known
hash function, and I'm willing to bet that sooner or later someone will move to
make it accessible to other modules, at which point usage will start to spread.
For ResourceLoader, the qualities we're looking for in a hash function are:
* Already implemented in PHP
* Easy to implement in JavaScript
* Fast
* Collision-resistant
The requirement that hashes be cheap to compute in JavaScript narrows the field
to 32-bit hash functions, because in JavaScript bitwise operators treat their
operands as 32 bits, and arithmetic uses double-precision floats, which have a
total precision of 53 bits. It's possible to work around these limitations, but
it's a lot of extra work.
The best match I found is the 32-bit variant of FNV-1, which is available in
PHP as of version 5.4 (as 'fnv1a32'). The fnv132 JavaScript function is
around ten times faster and eight times shorter than sha1.
Change-Id: I1e4fb08d17948538d96f241b2464d594fdc14578
2016-06-22 22:32:58 +00:00
|
|
|
$hash = hash( 'fnv132', $value );
|
2019-07-29 16:15:23 +00:00
|
|
|
// The base_convert will pad it (if too short),
|
|
|
|
|
// then substr() will trim it (if too long).
|
|
|
|
|
return substr(
|
2022-05-06 09:09:56 +00:00
|
|
|
\Wikimedia\base_convert( $hash, 16, 36, self::HASH_LENGTH ),
|
2019-07-29 16:15:23 +00:00
|
|
|
0,
|
|
|
|
|
self::HASH_LENGTH
|
|
|
|
|
);
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
}
|
|
|
|
|
|
2016-12-03 03:57:42 +00:00
|
|
|
/**
|
|
|
|
|
* Add an error to the 'errors' array and log it.
|
|
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @internal For use by StartUpModule.
|
2016-12-03 03:57:42 +00:00
|
|
|
* @since 1.29
|
|
|
|
|
* @param Exception $e
|
|
|
|
|
* @param string $msg
|
|
|
|
|
* @param array $context
|
|
|
|
|
*/
|
resourceloader: Use 'enableModuleContentVersion' for startup module
This significantly simplifies the getVersionHash implementation for
StartupModule, and fixes a couple of bugs.
Previously, the startup module's E-Tag was determined by the
'getDefinitionSummary' method, which combined the E-Tag values
from all registered modules, plus what we thought is all information
used by 'getScript' (config vars, embedded script files, list
of base modules, ...)
However, this were various things part of the manifest that it
forgot about, including:
* Changes to the list of dependencies of a module.
* Changes to the name of module.
* Changes to the cache group of module.
* Adding or removing a foreign module source (mw.loader.addSource).
These are all quite rare, and when they do change, they usually
also involve a change that *was* tracked already. But, sometimes
they don't and that's when bugs happened.
Instead of the tracking array of getDefinitionSummary, we now
use the 'enableModuleContentVersion' option for StartupModule,
which simply calls the actual getScript() method and hashes that.
Of note: When an exception happens with the version computation of
any individual module, we catch it, log it, and continue with the
rest. Previously, the first time such error was discovered at
run-time would be in the getCombinedVersion() call from
StartupModule::getAllModuleHashes(). That public getCombinedVersion()
method of ResourceLoader had the benefit of also outputting details
of that exception in the HTTP response output. In order to keep that
behaviour, I made outputErrorAndLog() public so that StartupModule
can call it directly now. This is covered by
ResourceLoaderTest::testMakeModuleResponseStartupError.
Bug: T201686
Change-Id: I8e8d3a2cd2ccd68d2d78e988bcdd0d77fbcbf1d4
2018-08-30 02:52:39 +00:00
|
|
|
public function outputErrorAndLog( Exception $e, $msg, array $context = [] ) {
|
2016-12-03 03:57:42 +00:00
|
|
|
MWExceptionHandler::logException( $e );
|
|
|
|
|
$this->logger->warning(
|
|
|
|
|
$msg,
|
|
|
|
|
$context + [ 'exception' => $e ]
|
|
|
|
|
);
|
|
|
|
|
$this->errors[] = self::formatExceptionNoComment( $e );
|
|
|
|
|
}
|
|
|
|
|
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
/**
|
|
|
|
|
* Helper method to get and combine versions of multiple modules.
|
|
|
|
|
*
|
|
|
|
|
* @since 1.26
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
2017-08-11 16:09:41 +00:00
|
|
|
* @param string[] $moduleNames List of known module names
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* @return string Hash
|
|
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
public function getCombinedVersion( Context $context, array $moduleNames ) {
|
2016-09-02 22:44:59 +00:00
|
|
|
if ( !$moduleNames ) {
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
return '';
|
|
|
|
|
}
|
2016-02-10 17:13:38 +00:00
|
|
|
$hashes = array_map( function ( $module ) use ( $context ) {
|
resourceloader: Don't let module exception break startup
When getScript (or some other method used in a module response)
throws an error, only that module fails (by outputting mw.loader.state
instead of mw.loader.implement). Other modules will work.
This has always been the case and is working fine. For example,
"load.php?modules=foo|bar", where 'foo' throws, will return:
```js
/* exception message: .. */
mw.loader.implement('bar', ..)
mw.loader.state('foo', 'error')
```
The problem, however, is that during the generation of the startup
module, we iterate over all other modules. In 2011, the
getVersionHash method (then: getModifiedTime) was fairly simple
and unlikely to throw errors.
Nowadays, some modules use enableModuleContentVersion which will
involve the same code path as for regular module responses.
The try/catch in ResourceLoader::makeModuleResponse() suffices
for the case of loading modules other than startup. But when
loading the startup module, and an exception happens in getVersionHash,
then the entire startup response is replaced with an exception comment.
Example case:
* A file not existing for a FileModule subclass that uses
enableModuleContentVersion.
* A database error from a data module, like CiteDataModule or
CNChoiceData.
Changes:
* Ensure E-Tag is still useful while an error happens in production
because we respond with 200 OK and one error isn't the same as
another.
Fixed by try/catch in getCombinedVersion.
* Ensure start manifest isn't disrupted by one broken module.
Fixed by try/catch in StartupModule::getModuleRegistrations().
Tests:
* testMakeModuleResponseError: The case that already worked fined.
* testMakeModuleResponseStartupError: The case fixed in this commit.
* testGetCombinedVersion: The case fixed in this commit for E-Tag.
Bug: T152266
Change-Id: Ice4ede5ea594bf3fa591134bc9382bd9c24e2f39
2016-12-03 00:48:14 +00:00
|
|
|
try {
|
|
|
|
|
return $this->getModule( $module )->getVersionHash( $context );
|
2022-02-01 01:11:09 +00:00
|
|
|
} catch ( TimeoutException $e ) {
|
|
|
|
|
throw $e;
|
resourceloader: Don't let module exception break startup
When getScript (or some other method used in a module response)
throws an error, only that module fails (by outputting mw.loader.state
instead of mw.loader.implement). Other modules will work.
This has always been the case and is working fine. For example,
"load.php?modules=foo|bar", where 'foo' throws, will return:
```js
/* exception message: .. */
mw.loader.implement('bar', ..)
mw.loader.state('foo', 'error')
```
The problem, however, is that during the generation of the startup
module, we iterate over all other modules. In 2011, the
getVersionHash method (then: getModifiedTime) was fairly simple
and unlikely to throw errors.
Nowadays, some modules use enableModuleContentVersion which will
involve the same code path as for regular module responses.
The try/catch in ResourceLoader::makeModuleResponse() suffices
for the case of loading modules other than startup. But when
loading the startup module, and an exception happens in getVersionHash,
then the entire startup response is replaced with an exception comment.
Example case:
* A file not existing for a FileModule subclass that uses
enableModuleContentVersion.
* A database error from a data module, like CiteDataModule or
CNChoiceData.
Changes:
* Ensure E-Tag is still useful while an error happens in production
because we respond with 200 OK and one error isn't the same as
another.
Fixed by try/catch in getCombinedVersion.
* Ensure start manifest isn't disrupted by one broken module.
Fixed by try/catch in StartupModule::getModuleRegistrations().
Tests:
* testMakeModuleResponseError: The case that already worked fined.
* testMakeModuleResponseStartupError: The case fixed in this commit.
* testGetCombinedVersion: The case fixed in this commit for E-Tag.
Bug: T152266
Change-Id: Ice4ede5ea594bf3fa591134bc9382bd9c24e2f39
2016-12-03 00:48:14 +00:00
|
|
|
} catch ( Exception $e ) {
|
resourceloader: Use 'enableModuleContentVersion' for startup module
This significantly simplifies the getVersionHash implementation for
StartupModule, and fixes a couple of bugs.
Previously, the startup module's E-Tag was determined by the
'getDefinitionSummary' method, which combined the E-Tag values
from all registered modules, plus what we thought is all information
used by 'getScript' (config vars, embedded script files, list
of base modules, ...)
However, this were various things part of the manifest that it
forgot about, including:
* Changes to the list of dependencies of a module.
* Changes to the name of module.
* Changes to the cache group of module.
* Adding or removing a foreign module source (mw.loader.addSource).
These are all quite rare, and when they do change, they usually
also involve a change that *was* tracked already. But, sometimes
they don't and that's when bugs happened.
Instead of the tracking array of getDefinitionSummary, we now
use the 'enableModuleContentVersion' option for StartupModule,
which simply calls the actual getScript() method and hashes that.
Of note: When an exception happens with the version computation of
any individual module, we catch it, log it, and continue with the
rest. Previously, the first time such error was discovered at
run-time would be in the getCombinedVersion() call from
StartupModule::getAllModuleHashes(). That public getCombinedVersion()
method of ResourceLoader had the benefit of also outputting details
of that exception in the HTTP response output. In order to keep that
behaviour, I made outputErrorAndLog() public so that StartupModule
can call it directly now. This is covered by
ResourceLoaderTest::testMakeModuleResponseStartupError.
Bug: T201686
Change-Id: I8e8d3a2cd2ccd68d2d78e988bcdd0d77fbcbf1d4
2018-08-30 02:52:39 +00:00
|
|
|
// If modules fail to compute a version, don't fail the request (T152266)
|
|
|
|
|
// and still compute versions of other modules.
|
2016-12-03 03:57:42 +00:00
|
|
|
$this->outputErrorAndLog( $e,
|
resourceloader: Don't let module exception break startup
When getScript (or some other method used in a module response)
throws an error, only that module fails (by outputting mw.loader.state
instead of mw.loader.implement). Other modules will work.
This has always been the case and is working fine. For example,
"load.php?modules=foo|bar", where 'foo' throws, will return:
```js
/* exception message: .. */
mw.loader.implement('bar', ..)
mw.loader.state('foo', 'error')
```
The problem, however, is that during the generation of the startup
module, we iterate over all other modules. In 2011, the
getVersionHash method (then: getModifiedTime) was fairly simple
and unlikely to throw errors.
Nowadays, some modules use enableModuleContentVersion which will
involve the same code path as for regular module responses.
The try/catch in ResourceLoader::makeModuleResponse() suffices
for the case of loading modules other than startup. But when
loading the startup module, and an exception happens in getVersionHash,
then the entire startup response is replaced with an exception comment.
Example case:
* A file not existing for a FileModule subclass that uses
enableModuleContentVersion.
* A database error from a data module, like CiteDataModule or
CNChoiceData.
Changes:
* Ensure E-Tag is still useful while an error happens in production
because we respond with 200 OK and one error isn't the same as
another.
Fixed by try/catch in getCombinedVersion.
* Ensure start manifest isn't disrupted by one broken module.
Fixed by try/catch in StartupModule::getModuleRegistrations().
Tests:
* testMakeModuleResponseError: The case that already worked fined.
* testMakeModuleResponseStartupError: The case fixed in this commit.
* testGetCombinedVersion: The case fixed in this commit for E-Tag.
Bug: T152266
Change-Id: Ice4ede5ea594bf3fa591134bc9382bd9c24e2f39
2016-12-03 00:48:14 +00:00
|
|
|
'Calculating version for "{module}" failed: {exception}',
|
|
|
|
|
[
|
|
|
|
|
'module' => $module,
|
|
|
|
|
]
|
|
|
|
|
);
|
|
|
|
|
return '';
|
|
|
|
|
}
|
2016-09-02 22:44:59 +00:00
|
|
|
}, $moduleNames );
|
|
|
|
|
return self::makeHash( implode( '', $hashes ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get the expected value of the 'version' query parameter.
|
|
|
|
|
*
|
|
|
|
|
* This is used by respond() to set a short Cache-Control header for requests with
|
|
|
|
|
* information newer than the current server has. This avoids pollution of edge caches.
|
|
|
|
|
* Typically during deployment. (T117587)
|
|
|
|
|
*
|
|
|
|
|
* This MUST match return value of `mw.loader#getCombinedVersion()` client-side.
|
|
|
|
|
*
|
|
|
|
|
* @since 1.28
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
2021-08-28 02:45:57 +00:00
|
|
|
* @param string[] $modules
|
2016-09-02 22:44:59 +00:00
|
|
|
* @return string Hash
|
|
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
public function makeVersionQuery( Context $context, array $modules ) {
|
2016-09-02 22:44:59 +00:00
|
|
|
// As of MediaWiki 1.28, the server and client use the same algorithm for combining
|
|
|
|
|
// version hashes. There is no technical reason for this to be same, and for years the
|
|
|
|
|
// implementations differed. If getCombinedVersion in PHP (used for StartupModule and
|
|
|
|
|
// E-Tag headers) differs in the future from getCombinedVersion in JS (used for 'version'
|
|
|
|
|
// query parameter), then this method must continue to match the JS one.
|
2019-09-26 17:34:17 +00:00
|
|
|
$filtered = [];
|
|
|
|
|
foreach ( $modules as $name ) {
|
2016-09-02 22:44:59 +00:00
|
|
|
if ( !$this->getModule( $name ) ) {
|
|
|
|
|
// If a versioned request contains a missing module, the version is a mismatch
|
|
|
|
|
// as the client considered a module (and version) we don't have.
|
|
|
|
|
return '';
|
|
|
|
|
}
|
2019-09-26 17:34:17 +00:00
|
|
|
$filtered[] = $name;
|
2016-09-02 22:44:59 +00:00
|
|
|
}
|
2019-09-26 17:34:17 +00:00
|
|
|
return $this->getCombinedVersion( $context, $filtered );
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
}
|
|
|
|
|
|
2010-09-05 13:31:34 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Output a response to a load request, including the content-type header.
|
2010-09-04 04:00:09 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context Context in which a response should be formed
|
2010-09-04 04:00:09 +00:00
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
public function respond( Context $context ) {
|
2010-12-10 17:06:00 +00:00
|
|
|
// Buffer output to catch warnings. Normally we'd use ob_clean() on the
|
|
|
|
|
// top-level output buffer to clear warnings, but that breaks when ob_gzhandler
|
|
|
|
|
// is used: ob_clean() will clear the GZIP header in that case and it won't come
|
|
|
|
|
// back for subsequent output, resulting in invalid GZIP. So we have to wrap
|
|
|
|
|
// the whole thing in our own output buffer to be sure the active buffer
|
|
|
|
|
// doesn't use ob_gzhandler.
|
2016-10-13 05:34:26 +00:00
|
|
|
// See https://bugs.php.net/bug.php?id=36514
|
2010-12-10 17:06:00 +00:00
|
|
|
ob_start();
|
2010-09-13 23:19:05 +00:00
|
|
|
|
2023-03-31 02:05:27 +00:00
|
|
|
$this->errors = [];
|
2021-10-02 18:02:07 +00:00
|
|
|
$responseTime = $this->measureResponseTime();
|
2023-03-01 20:16:39 +00:00
|
|
|
ProfilingContext::singleton()->init( MW_ENTRY_POINT, 'respond' );
|
2017-10-17 01:48:54 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Find out which modules are missing and instantiate the others
|
|
|
|
|
$modules = [];
|
|
|
|
|
$missing = [];
|
|
|
|
|
foreach ( $context->getModules() as $name ) {
|
|
|
|
|
$module = $this->getModule( $name );
|
|
|
|
|
if ( $module ) {
|
|
|
|
|
// Do not allow private modules to be loaded from the web.
|
|
|
|
|
// This is a security issue, see T36907.
|
|
|
|
|
if ( $module->getGroup() === Module::GROUP_PRIVATE ) {
|
|
|
|
|
// Not a serious error, just means something is trying to access it (T101806)
|
|
|
|
|
$this->logger->debug( "Request for private module '$name' denied" );
|
|
|
|
|
$this->errors[] = "Cannot build private module \"$name\"";
|
|
|
|
|
continue;
|
2012-03-22 19:52:37 +00:00
|
|
|
}
|
2022-07-28 03:45:24 +00:00
|
|
|
$modules[$name] = $module;
|
|
|
|
|
} else {
|
|
|
|
|
$missing[] = $name;
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2022-07-28 03:45:24 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
try {
|
|
|
|
|
// Preload for getCombinedVersion() and for batch makeModuleResponse()
|
|
|
|
|
$this->preloadModuleInfo( array_keys( $modules ), $context );
|
|
|
|
|
} catch ( TimeoutException $e ) {
|
|
|
|
|
throw $e;
|
|
|
|
|
} catch ( Exception $e ) {
|
|
|
|
|
$this->outputErrorAndLog( $e, 'Preloading module info failed: {exception}' );
|
|
|
|
|
}
|
2010-09-23 21:23:51 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Combine versions to propagate cache invalidation
|
2022-07-28 03:56:28 +00:00
|
|
|
$versionHash = $this->getCombinedVersion( $context, array_keys( $modules ) );
|
2010-10-20 00:22:25 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// See RFC 2616 § 3.11 Entity Tags
|
|
|
|
|
// https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11
|
|
|
|
|
$etag = 'W/"' . $versionHash . '"';
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Try the client-side cache first
|
|
|
|
|
if ( $this->tryRespondNotModified( $context, $etag ) ) {
|
|
|
|
|
return; // output handled (buffers cleared)
|
|
|
|
|
}
|
2011-10-01 04:15:07 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Use file cache if enabled and available...
|
|
|
|
|
if ( $this->useFileCache ) {
|
|
|
|
|
$fileCache = ResourceFileCache::newFromContext( $context );
|
|
|
|
|
if ( $this->tryRespondFromFileCache( $fileCache, $context, $etag ) ) {
|
|
|
|
|
return; // output handled
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
}
|
2022-07-28 03:45:24 +00:00
|
|
|
} else {
|
|
|
|
|
$fileCache = null;
|
|
|
|
|
}
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Generate a response
|
|
|
|
|
$response = $this->makeModuleResponse( $context, $modules, $missing );
|
2011-10-01 04:15:07 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Capture any PHP warnings from the output buffer and append them to the
|
|
|
|
|
// error list if we're in debug mode.
|
|
|
|
|
if ( $context->getDebug() ) {
|
|
|
|
|
$warnings = ob_get_contents();
|
|
|
|
|
if ( strlen( $warnings ) ) {
|
|
|
|
|
$this->errors[] = $warnings;
|
2015-11-01 19:56:20 +00:00
|
|
|
}
|
2022-07-28 03:45:24 +00:00
|
|
|
}
|
2014-11-11 19:50:44 +00:00
|
|
|
|
2022-07-28 03:45:24 +00:00
|
|
|
// Consider saving the response to file cache (unless there are errors).
|
|
|
|
|
if ( $fileCache && !$this->errors && $missing === [] &&
|
|
|
|
|
ResourceFileCache::useFileCache( $context ) ) {
|
|
|
|
|
if ( $fileCache->isCacheWorthy() ) {
|
|
|
|
|
// There were enough hits, save the response to the cache
|
|
|
|
|
$fileCache->saveText( $response );
|
|
|
|
|
} else {
|
|
|
|
|
$fileCache->incrMissesRecent( $context->getRequest() );
|
2011-10-02 17:53:33 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
$this->sendResponseHeaders( $context, $etag, (bool)$this->errors, $this->extraHeaders );
|
2013-01-15 23:32:10 +00:00
|
|
|
|
2012-04-16 19:17:02 +00:00
|
|
|
// Remove the output buffer and output the response
|
|
|
|
|
ob_end_clean();
|
2014-11-11 20:00:17 +00:00
|
|
|
|
|
|
|
|
if ( $context->getImageObj() && $this->errors ) {
|
|
|
|
|
// We can't show both the error messages and the response when it's an image.
|
2015-09-26 20:32:31 +00:00
|
|
|
$response = implode( "\n\n", $this->errors );
|
2014-11-11 20:00:17 +00:00
|
|
|
} elseif ( $this->errors ) {
|
2015-09-15 03:17:47 +00:00
|
|
|
$errorText = implode( "\n\n", $this->errors );
|
|
|
|
|
$errorResponse = self::makeComment( $errorText );
|
|
|
|
|
if ( $context->shouldIncludeScripts() ) {
|
2019-09-10 06:07:57 +00:00
|
|
|
$errorResponse .= 'if (window.console && console.error) { console.error('
|
2019-09-09 15:50:13 +00:00
|
|
|
. $context->encodeJson( $errorText )
|
2019-09-10 06:07:57 +00:00
|
|
|
. "); }\n";
|
2014-11-11 20:00:17 +00:00
|
|
|
}
|
2015-09-15 03:17:47 +00:00
|
|
|
|
|
|
|
|
// Prepend error info to the response
|
|
|
|
|
$response = $errorResponse . $response;
|
2014-11-11 20:00:17 +00:00
|
|
|
}
|
|
|
|
|
|
2021-08-28 08:40:44 +00:00
|
|
|
// @phan-suppress-next-line SecurityCheck-XSS
|
2012-04-16 19:17:02 +00:00
|
|
|
echo $response;
|
2011-10-01 04:15:07 +00:00
|
|
|
}
|
|
|
|
|
|
2021-10-02 18:02:07 +00:00
|
|
|
/**
|
|
|
|
|
* Send stats about the time used to build the response
|
|
|
|
|
* @return ScopedCallback
|
|
|
|
|
*/
|
|
|
|
|
protected function measureResponseTime() {
|
|
|
|
|
$statStart = $_SERVER['REQUEST_TIME_FLOAT'];
|
|
|
|
|
return new ScopedCallback( static function () use ( $statStart ) {
|
|
|
|
|
$statTiming = microtime( true ) - $statStart;
|
|
|
|
|
$stats = MediaWikiServices::getInstance()->getStatsdDataFactory();
|
|
|
|
|
$stats->timing( 'resourceloader.responseTime', $statTiming * 1000 );
|
2017-10-17 01:48:54 +00:00
|
|
|
} );
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-01 04:15:07 +00:00
|
|
|
/**
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* Send main response headers to the client.
|
|
|
|
|
*
|
|
|
|
|
* Deals with Content-Type, CORS (for stylesheets), and caching.
|
|
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* @param string $etag ETag header value
|
2014-11-11 20:00:17 +00:00
|
|
|
* @param bool $errors Whether there are errors in the response
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
* @param string[] $extra Array of extra HTTP response headers
|
2011-10-01 04:15:07 +00:00
|
|
|
*/
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
protected function sendResponseHeaders(
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context, $etag, $errors, array $extra = []
|
2021-07-22 03:11:47 +00:00
|
|
|
): void {
|
2019-06-29 04:50:31 +00:00
|
|
|
HeaderCallback::warnIfHeadersSent();
|
2022-05-15 20:36:52 +00:00
|
|
|
|
2023-05-11 17:54:05 +00:00
|
|
|
if ( $errors ) {
|
|
|
|
|
$maxage = self::MAXAGE_RECOVER;
|
|
|
|
|
} elseif (
|
|
|
|
|
$context->getVersion() !== null
|
|
|
|
|
&& $context->getVersion() !== $this->makeVersionQuery( $context, $context->getModules() )
|
2016-09-02 22:44:59 +00:00
|
|
|
) {
|
2022-05-15 20:36:52 +00:00
|
|
|
// If we need to self-correct, set a very short cache expiry
|
|
|
|
|
// to basically just debounce CDN traffic. This applies to:
|
|
|
|
|
// - Internal errors, e.g. due to misconfiguration.
|
|
|
|
|
// - Version mismatch, e.g. due to deployment race (T117587, T47877).
|
2023-05-05 02:21:12 +00:00
|
|
|
$this->logger->info( 'Client and server registry version out of sync' );
|
2022-05-15 20:36:52 +00:00
|
|
|
$maxage = self::MAXAGE_RECOVER;
|
|
|
|
|
} elseif ( $context->getVersion() === null ) {
|
|
|
|
|
// Resources that can't set a version, should have their updates propagate to
|
|
|
|
|
// clients quickly. This applies to shared resources linked from HTML, such as
|
|
|
|
|
// the startup module and stylesheets.
|
2022-05-15 17:08:20 +00:00
|
|
|
$maxage = $this->maxageUnversioned;
|
2011-10-01 04:15:07 +00:00
|
|
|
} else {
|
2022-05-15 20:36:52 +00:00
|
|
|
// When a version is set, use a long expiry because changes
|
2023-03-27 23:21:06 +00:00
|
|
|
// will naturally miss the cache by using a different URL.
|
2022-05-15 17:08:20 +00:00
|
|
|
$maxage = $this->maxageVersioned;
|
2011-10-01 04:15:07 +00:00
|
|
|
}
|
2014-11-11 19:50:44 +00:00
|
|
|
if ( $context->getImageObj() ) {
|
2014-11-11 20:00:17 +00:00
|
|
|
// Output different headers if we're outputting textual errors.
|
2014-11-11 19:50:44 +00:00
|
|
|
if ( $errors ) {
|
|
|
|
|
header( 'Content-Type: text/plain; charset=utf-8' );
|
|
|
|
|
} else {
|
|
|
|
|
$context->getImageObj()->sendResponseHeaders( $context );
|
|
|
|
|
}
|
|
|
|
|
} elseif ( $context->getOnly() === 'styles' ) {
|
2011-04-01 20:48:50 +00:00
|
|
|
header( 'Content-Type: text/css; charset=utf-8' );
|
2013-04-21 14:38:23 +00:00
|
|
|
header( 'Access-Control-Allow-Origin: *' );
|
2010-11-03 07:58:03 +00:00
|
|
|
} else {
|
2011-04-01 20:48:50 +00:00
|
|
|
header( 'Content-Type: text/javascript; charset=utf-8' );
|
2010-11-03 07:58:03 +00:00
|
|
|
}
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
// See RFC 2616 § 14.19 ETag
|
2016-10-13 05:34:26 +00:00
|
|
|
// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.19
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
header( 'ETag: ' . $etag );
|
2010-11-01 20:48:30 +00:00
|
|
|
if ( $context->getDebug() ) {
|
2011-01-19 19:31:14 +00:00
|
|
|
// Do not cache debug responses
|
|
|
|
|
header( 'Cache-Control: private, no-cache, must-revalidate' );
|
|
|
|
|
header( 'Pragma: no-cache' );
|
2010-11-01 20:48:30 +00:00
|
|
|
} else {
|
2022-10-27 22:20:37 +00:00
|
|
|
// T132418: When a resource expires mid-way a browsing session, prefer to renew it in
|
|
|
|
|
// the background instead of blocking the next page load (eg. startup module, or CSS).
|
|
|
|
|
$staleDirective = ( $maxage > self::MAXAGE_RECOVER
|
|
|
|
|
? ", stale-while-revalidate=" . min( 60, intval( $maxage / 2 ) )
|
|
|
|
|
: ''
|
|
|
|
|
);
|
|
|
|
|
header( "Cache-Control: public, max-age=$maxage, s-maxage=$maxage" . $staleDirective );
|
2019-12-01 01:58:30 +00:00
|
|
|
header( 'Expires: ' . ConvertibleTimestamp::convert( TS_RFC2822, time() + $maxage ) );
|
2010-11-01 20:48:30 +00:00
|
|
|
}
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
foreach ( $extra as $header ) {
|
|
|
|
|
header( $header );
|
|
|
|
|
}
|
2011-10-01 04:15:07 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2011-10-01 04:15:07 +00:00
|
|
|
/**
|
2022-01-09 17:44:44 +00:00
|
|
|
* Respond with HTTP 304 Not Modified if appropriate.
|
2014-03-07 16:50:57 +00:00
|
|
|
*
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* If there's an If-None-Match header, respond with a 304 appropriately
|
2011-10-01 04:15:07 +00:00
|
|
|
* and clear out the output buffer. If the client cache is too old then do nothing.
|
2014-03-07 16:50:57 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* @param string $etag ETag header value
|
|
|
|
|
* @return bool True if HTTP 304 was sent and output handled
|
2011-10-01 04:15:07 +00:00
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
protected function tryRespondNotModified( Context $context, $etag ) {
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
// See RFC 2616 § 14.26 If-None-Match
|
2016-10-13 05:34:26 +00:00
|
|
|
// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
$clientKeys = $context->getRequest()->getHeader( 'If-None-Match', WebRequest::GETHEADER_LIST );
|
2011-02-12 23:41:28 +00:00
|
|
|
// Never send 304s in debug mode
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
if ( $clientKeys !== false && !$context->getDebug() && in_array( $etag, $clientKeys ) ) {
|
|
|
|
|
// There's another bug in ob_gzhandler (see also the comment at
|
|
|
|
|
// the top of this function) that causes it to gzip even empty
|
|
|
|
|
// responses, meaning it's impossible to produce a truly empty
|
|
|
|
|
// response (because the gzip header is always there). This is
|
|
|
|
|
// a problem because 304 responses have to be completely empty
|
|
|
|
|
// per the HTTP spec, and Firefox behaves buggily when they're not.
|
2016-10-13 05:34:26 +00:00
|
|
|
// See also https://bugs.php.net/bug.php?id=51579
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
// To work around this, we tear down all output buffering before
|
|
|
|
|
// sending the 304.
|
|
|
|
|
wfResetOutputBuffers( /* $resetGzipEncoding = */ true );
|
|
|
|
|
|
2015-06-01 14:31:52 +00:00
|
|
|
HttpStatus::header( 304 );
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
|
|
|
|
|
$this->sendResponseHeaders( $context, $etag, false );
|
|
|
|
|
return true;
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2011-10-01 04:15:07 +00:00
|
|
|
return false;
|
2010-09-24 22:10:25 +00:00
|
|
|
}
|
|
|
|
|
|
2011-10-02 17:53:33 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Send out code for a response from file cache if possible.
|
2011-10-02 17:53:33 +00:00
|
|
|
*
|
2014-03-07 16:50:57 +00:00
|
|
|
* @param ResourceFileCache $fileCache Cache object for this request URL
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context Context in which to generate a response
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
* @param string $etag ETag header value
|
2011-10-02 17:53:33 +00:00
|
|
|
* @return bool If this found a cache file and handled the response
|
|
|
|
|
*/
|
|
|
|
|
protected function tryRespondFromFileCache(
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
ResourceFileCache $fileCache,
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context,
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
$etag
|
2011-10-02 17:53:33 +00:00
|
|
|
) {
|
|
|
|
|
// Buffer output to catch warnings.
|
|
|
|
|
ob_start();
|
|
|
|
|
// Get the maximum age the cache can be
|
2020-01-09 23:48:34 +00:00
|
|
|
$maxage = $context->getVersion() === null
|
2022-05-15 17:08:20 +00:00
|
|
|
? $this->maxageUnversioned
|
|
|
|
|
: $this->maxageVersioned;
|
2011-10-02 17:53:33 +00:00
|
|
|
// Minimum timestamp the cache file must have
|
2019-12-01 01:58:30 +00:00
|
|
|
$minTime = time() - $maxage;
|
|
|
|
|
$good = $fileCache->isCacheGood( ConvertibleTimestamp::convert( TS_MW, $minTime ) );
|
2011-10-02 17:53:33 +00:00
|
|
|
if ( !$good ) {
|
|
|
|
|
try { // RL always hits the DB on file cache miss...
|
2016-09-05 19:55:19 +00:00
|
|
|
wfGetDB( DB_REPLICA );
|
2013-04-27 12:02:08 +00:00
|
|
|
} catch ( DBConnectionError $e ) { // ...check if we need to fallback to cache
|
2011-10-02 17:53:33 +00:00
|
|
|
$good = $fileCache->isCacheGood(); // cache existence check
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ( $good ) {
|
|
|
|
|
$ts = $fileCache->cacheTimestamp();
|
2015-05-12 01:18:31 +00:00
|
|
|
// Send content type and cache headers
|
resourceloader: Replace timestamp system with version hashing
Modules now track their version via getVersionHash() instead of getModifiedTime().
== Background ==
While some resources have observeable timestamps (e.g. files stored on disk),
many other resources do not. E.g. config variables, and module definitions.
For static file modules, one can e.g. revert one of more files in a module to a
previous version and not affect the max timestamp.
Wiki modules include pages only if they exist. The user module supports common.js
and skin.js. By default neither exists. If a user has both, and then the
less-recently modified one is deleted, the max-timestamp remains unchanged.
For client-side caching, batch requests use "Math.max" on the relevant timestamps.
Again, if a module changes but another module is more recent (e.g. out-of-order
deployment, or out-of-order discovery), the change would not result in a cache miss.
More scenarios can be found in the associated Phabricator tasks.
== Version hash ==
Previously we virtually mapped these variables to a timestamp by storing the current
time alongside a hash of the value in ObjectCache. Considering the number of
possible request contexts (wikis * modules * users * skins * languages) this doesn't
work well. It results in needless cache invalidation when the first time observation
is purged due to LRU algorithms. It also has other minor bugs leading to fewer
cache hits.
All modules automatically get the benefits of version hashing with this change.
The old getDefinitionMtime() and getHashMtime() have been replaced with dummies
that return 1. These functions are often called from getModifiedTime() in subclasses.
For backward-compatibility, their respective values (definition summary and hash)
are now included in getVersionHash directly.
As examples, the following modules have been updated to use getVersionHash directly.
Other modules still work fine and can be updated later.
* ResourceLoaderFileModule
* ResourceLoaderEditToolbarModule
* ResourceLoaderStartUpModule
* ResourceLoaderWikiModule
The presence of hashes in place of timestamps increases the startup module size on
a default MediaWiki install from 4.4k to 5.8k (after gzip and minification).
== ETag ==
Since timestamps are no longer tracked, we need a different way to implement caching
for cache proxies (e.g. Varnish) and web browsers. Previously we used the
Last-Modified header (in combination with Cache-Control and Expires).
Instead of Last-Modified (and If-Modified-Since), we use ETag (and If-None-Match).
Entity tags (new in HTTP/1.1) are much stricter than Last-Modified by default.
They instruct browsers to allow usage of partial Range requests. Since our responses
are dynamically generated, we need to use the Weak version of ETag.
While this sounds bad, it's no different than Last-Modified. As reassured by
RFC 2616 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.3> the
specified behaviour behind Last-Modified follows the same "Weak" caching logic as
Entity tags. It's just that entity tags are capable of a stricter mode (whereas
Last-Modified is inherently weak).
== File cache ==
If $wgUseFileCache is enabled, ResourceLoader uses ResourceFileCache to cache
load.php responses. While the blind TTL handling (during the allowed expiry period)
is still maxage/timestamp based, tryRespondNotModified() now requires the caller to
know the expected ETag.
For this to work, the FileCache handling had to be moved from the top of
ResoureLoader::respond() to after the expected ETag is computed.
This also allows us to remove the duplicate tryRespondNotModified() handling since
that's is already handled by ResourceLoader::respond() meanwhile.
== Misc ==
* Remove redundant modifiedTime cache in ResourceLoaderFileModule.
* Change bugzilla references to Phabricator.
* Centralised inclusion of wgCacheEpoch using getDefinitionSummary. Previously this
logic was duplicated in each place the modified timestamp was used.
* It's easy to forget calling the parent class in getDefinitionSummary().
Previously this method only tracked 'class' by default. As such, various
extensions hardcoded that one value instead of calling the parent and extending
the array. To better prevent this in the future, getVersionHash() now asserts
that the '_cacheEpoch' property made it through.
* tests: Don't use getDefinitionSummary() as an API.
Fix ResourceLoaderWikiModuleTest to call getPages properly.
* In tests, the default timestamp used to be 1388534400000 (which is the unix time
of 20140101000000; the unit tests' CacheEpoch). The new version hash of these
modules is "XyCC+PSK", which is the base64 encoded prefix of the SHA1 digest of:
'{"_class":"ResourceLoaderTestModule","_cacheEpoch":"20140101000000"}'
* Add sha1.js library for client-side hash generation.
Compared various different implementations for code size (after minfication/gzip),
and speed (when used for short hexidecimal strings).
https://jsperf.com/sha1-implementations
- CryptoJS <https://code.google.com/p/crypto-js/#SHA-1> (min+gzip: 2.5k)
http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js
Chrome: 45k, Firefox: 89k, Safari: 92k
- jsSHA <https://github.com/Caligatio/jsSHA>
https://github.com/Caligatio/jsSHA/blob/3c1d4f2e/src/sha1.js (min+gzip: 1.8k)
Chrome: 65k, Firefox: 53k, Safari: 69k
- phpjs-sha1 <https://github.com/kvz/phpjs> (RL min+gzip: 0.8k)
https://github.com/kvz/phpjs/blob/1eaab15d/functions/strings/sha1.js
Chrome: 200k, Firefox: 280k, Safari: 78k
Modern browsers implement the HTML5 Crypto API. However, this API is asynchronous,
only enabled when on HTTPS in Chromium, and is quite low-level. It requires boilerplate
code to actually use with TextEncoder, ArrayBuffer and Uint32Array. Due this being
needed in the module loader, we'd have to load the fallback regardless. Considering
this is not used in a critical path for performance, it's not worth shipping two
implementations for this optimisation.
May also resolve:
* T44094
* T90411
* T94810
Bug: T94074
Change-Id: Ibb292d2416839327d1807a66c78fd96dac0637d0
2015-04-29 22:53:24 +00:00
|
|
|
$this->sendResponseHeaders( $context, $etag, false );
|
2015-05-12 01:18:31 +00:00
|
|
|
$response = $fileCache->fetchText();
|
2011-12-17 05:02:15 +00:00
|
|
|
// Capture any PHP warnings from the output buffer and append them to the
|
|
|
|
|
// response in a comment if we're in debug mode.
|
2015-11-01 19:56:20 +00:00
|
|
|
if ( $context->getDebug() ) {
|
|
|
|
|
$warnings = ob_get_contents();
|
|
|
|
|
if ( strlen( $warnings ) ) {
|
|
|
|
|
$response = self::makeComment( $warnings ) . $response;
|
|
|
|
|
}
|
2011-12-17 05:02:15 +00:00
|
|
|
}
|
2011-10-02 17:53:33 +00:00
|
|
|
// Remove the output buffer and output the response
|
|
|
|
|
ob_end_clean();
|
|
|
|
|
echo $response . "\n/* Cached {$ts} */";
|
|
|
|
|
return true; // cache hit
|
|
|
|
|
}
|
|
|
|
|
// Clear buffer
|
|
|
|
|
ob_end_clean();
|
|
|
|
|
|
|
|
|
|
return false; // cache miss
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-11 07:11:17 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Generate a CSS or JS comment block.
|
|
|
|
|
*
|
|
|
|
|
* Only use this for public data, not error message details.
|
2013-08-11 07:11:17 +00:00
|
|
|
*
|
2014-03-07 16:50:57 +00:00
|
|
|
* @param string $text
|
2013-08-11 07:11:17 +00:00
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
public static function makeComment( $text ) {
|
2012-03-22 19:52:37 +00:00
|
|
|
$encText = str_replace( '*/', '* /', $text );
|
|
|
|
|
return "/*\n$encText\n*/\n";
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-16 23:20:26 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Handle exception display.
|
2013-08-16 23:20:26 +00:00
|
|
|
*
|
2020-06-14 18:40:02 +00:00
|
|
|
* @param Throwable $e Exception to be shown to the user
|
2014-11-11 20:00:17 +00:00
|
|
|
* @return string Sanitized text in a CSS/JS comment that can be returned to the user
|
2013-08-16 23:20:26 +00:00
|
|
|
*/
|
2020-06-14 18:40:02 +00:00
|
|
|
public static function formatException( Throwable $e ) {
|
2014-11-11 20:00:17 +00:00
|
|
|
return self::makeComment( self::formatExceptionNoComment( $e ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Handle exception display.
|
|
|
|
|
*
|
|
|
|
|
* @since 1.25
|
2020-06-14 18:40:02 +00:00
|
|
|
* @param Throwable $e Exception to be shown to the user
|
2014-11-11 20:00:17 +00:00
|
|
|
* @return string Sanitized text that can be returned to the user
|
|
|
|
|
*/
|
2020-06-14 18:40:02 +00:00
|
|
|
protected static function formatExceptionNoComment( Throwable $e ) {
|
2022-05-19 12:57:14 +00:00
|
|
|
if ( !MWExceptionRenderer::shouldShowExceptionDetails() ) {
|
2015-09-23 16:36:10 +00:00
|
|
|
return MWExceptionHandler::getPublicLogMessage( $e );
|
2013-08-16 23:20:26 +00:00
|
|
|
}
|
2015-09-15 18:35:13 +00:00
|
|
|
|
2016-12-03 03:57:42 +00:00
|
|
|
return MWExceptionHandler::getLogMessage( $e ) .
|
|
|
|
|
"\nBacktrace:\n" .
|
|
|
|
|
MWExceptionHandler::getRedactedTraceAsString( $e );
|
2013-08-16 23:20:26 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-19 20:45:02 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Generate code for a response.
|
2011-06-17 16:05:05 +00:00
|
|
|
*
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
* Calling this method also populates the `errors` and `headers` members,
|
|
|
|
|
* later used by respond().
|
|
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context Context in which to generate a response
|
|
|
|
|
* @param Module[] $modules List of module objects keyed by module name
|
2015-09-28 19:18:46 +00:00
|
|
|
* @param string[] $missing List of requested module names that are unregistered (optional)
|
2013-10-17 10:33:26 +00:00
|
|
|
* @return string Response data
|
2010-10-19 20:45:02 +00:00
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
public function makeModuleResponse( Context $context,
|
2016-02-17 09:09:32 +00:00
|
|
|
array $modules, array $missing = []
|
2013-04-02 20:28:40 +00:00
|
|
|
) {
|
2019-01-09 16:24:36 +00:00
|
|
|
if ( $modules === [] && $missing === [] ) {
|
2015-03-15 01:52:45 +00:00
|
|
|
return <<<MESSAGE
|
|
|
|
|
/* This file is the Web entry point for MediaWiki's ResourceLoader:
|
2014-01-17 07:43:31 +00:00
|
|
|
<https://www.mediawiki.org/wiki/ResourceLoader>. In this request,
|
2015-03-15 01:52:45 +00:00
|
|
|
no modules were requested. Max made me put this here. */
|
|
|
|
|
MESSAGE;
|
2010-12-10 17:21:09 +00:00
|
|
|
}
|
2011-06-17 16:05:05 +00:00
|
|
|
|
2014-11-11 19:50:44 +00:00
|
|
|
$image = $context->getImageObj();
|
|
|
|
|
if ( $image ) {
|
|
|
|
|
$data = $image->getImageData( $context );
|
2014-11-11 20:00:17 +00:00
|
|
|
if ( $data === false ) {
|
|
|
|
|
$data = '';
|
|
|
|
|
$this->errors[] = 'Image generation failed';
|
|
|
|
|
}
|
2014-11-11 19:50:44 +00:00
|
|
|
return $data;
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-22 01:44:17 +00:00
|
|
|
$states = [];
|
2013-10-17 10:33:26 +00:00
|
|
|
foreach ( $missing as $name ) {
|
|
|
|
|
$states[$name] = 'missing';
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-25 23:55:13 +00:00
|
|
|
$only = $context->getOnly();
|
|
|
|
|
$filter = $only === 'styles' ? 'minify-css' : 'minify-js';
|
|
|
|
|
$debug = (bool)$context->getDebug();
|
2015-10-01 00:26:46 +00:00
|
|
|
|
2022-06-22 01:44:17 +00:00
|
|
|
$out = '';
|
2010-09-24 22:10:25 +00:00
|
|
|
foreach ( $modules as $name => $module ) {
|
2010-12-23 20:14:18 +00:00
|
|
|
try {
|
2015-05-14 19:05:47 +00:00
|
|
|
$content = $module->getModuleContent( $context );
|
2016-09-12 20:52:10 +00:00
|
|
|
$implementKey = $name . '@' . $module->getVersionHash( $context );
|
2015-10-01 00:26:46 +00:00
|
|
|
$strContent = '';
|
2010-12-23 20:14:18 +00:00
|
|
|
|
resourceloader: Add support for modules sending preload headers
ResourceLoaderModule objects gain a new method getPreloadLinks() which
returns an array with the meta data required to build a Link rel=preload
header according to the current draft for W3C Preload.
<https://w3c.github.io/preload/>
Another implementation of this is already in use in OutputPage for
preloading the logo image.
This array is formatted by the ResourceLoaderModule::getHeaders method,
which is implemented as "final" at this time, thus restricting use to
the Link rel=preload header.
Headers are exposed and process-cached, like all other content
(scripts, styles, etc.), through ResourceLoaderModule::getModuleContent,
and aggregated by ResoureLoader::makeModuleResponse.
I had hoped for the getPreloadLinks to be stateless (not vary on $context).
Whether something should be preloaded and what, should not vary on the
skin or language. However, while that conceptually holds true, the exact
url for any given resource may still vary. Even the main use case for this
feature (T164299, preloading base modules request) require $context to pass
down skin and lang to the load.php url.
Add full test coverage and example documentation.
Bug: T164299
Change-Id: I2bfe0796ceaa0c82579c501f5b10e931f2175681
2017-07-18 02:36:01 +00:00
|
|
|
if ( isset( $content['headers'] ) ) {
|
|
|
|
|
$this->extraHeaders = array_merge( $this->extraHeaders, $content['headers'] );
|
|
|
|
|
}
|
|
|
|
|
|
2010-12-23 20:14:18 +00:00
|
|
|
// Append output
|
2021-09-25 23:55:13 +00:00
|
|
|
switch ( $only ) {
|
2010-12-23 20:14:18 +00:00
|
|
|
case 'scripts':
|
2015-05-14 19:05:47 +00:00
|
|
|
$scripts = $content['scripts'];
|
2011-05-14 12:15:58 +00:00
|
|
|
if ( is_string( $scripts ) ) {
|
2011-07-28 05:48:57 +00:00
|
|
|
// Load scripts raw...
|
2015-10-01 00:26:46 +00:00
|
|
|
$strContent = $scripts;
|
2011-06-17 16:05:05 +00:00
|
|
|
} elseif ( is_array( $scripts ) ) {
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
// ...except when $scripts is an array of URLs or an associative array
|
2019-09-09 15:50:13 +00:00
|
|
|
$strContent = self::makeLoaderImplementScript(
|
|
|
|
|
$implementKey,
|
|
|
|
|
$scripts,
|
|
|
|
|
[],
|
2023-03-31 06:29:42 +00:00
|
|
|
null,
|
2019-09-09 15:50:13 +00:00
|
|
|
[]
|
|
|
|
|
);
|
2011-05-14 12:15:58 +00:00
|
|
|
}
|
2010-12-23 20:14:18 +00:00
|
|
|
break;
|
|
|
|
|
case 'styles':
|
2015-05-14 19:05:47 +00:00
|
|
|
$styles = $content['styles'];
|
2018-08-14 07:56:35 +00:00
|
|
|
// We no longer separate into media, they are all combined now with
|
ResourceLoader: Refactor style loading
Fixes:
* bug 31676: Work around IE stylesheet limit.
* bug 35562: @import styles broken in modules that combine
multiple stylesheets.
* bug 40498: Don't output empty "@media print { }" blocks.
* bug 40500: Don't ignore media-type for urls in debug mode.
Approach:
* Re-use the same <style> tag so that we stay under the 31
stylesheet limit in IE. Unless the to-be-added css text from
the being-loaded module contains @import, in which case we do
create a new <style> tag and then re-use that one from that
point on (bug 31676).
* Return stylesheets as arrays, instead of a concatenated string.
This fixes bug 35562, because @import only works when at the
top of a stylesheet. By not unconditionally concatenating files
within a module on the server side already, @import will work
in e.g. module 'site' that contains 2 wiki pages.
This is normalized in ResourceLoader::makeCombinedStyles(),
so far only ResourceLoaderWikiModule makes use of this.
Misc. clean up and bug fixes:
* Reducing usage of jQuery() and mw.html.element() where
native DOM would be very simple and faster. Aside from
simplicity and speed, this is also working towards a more
stand-alone ResourceLoader.
* Trim server output a little bit more
- Redundant new line after minify-css (it is now an array, so
no need to keep space afterwards)
- Redundant semi-colon after minify-js if it ends in a colon
* Allow space in styleTest.css.php
* Clean up and extend unit tests to cover for these features
and bug fixes.
* Don't set styleEl.rel = 'stylesheet'; that has no business
on a <style> tag.
* Fix bug in mw.loader's addStyleTag(). It turns out IE6
has an odd security measure that does not allow manipulation
of elements (at least style tags) that are created by a
different script (even if that script was served from the same
domain/origin etc.). We didn't ran into this before because
we only created new style tags, never appended to them. Now
that we do, this came up. Took a while to figure out because
it was created by mediawiki.js but it calls jQuery which did
the actual dom insertion. Odd thing is, we load jquery.js and
mediawiki.js in the same request even...
Without this all css-url related mw.loader tests would fail
in IE6.
* mediawiki.js and mediawiki.test.js now pass jshint again.
Tested (and passing qunit/?module=mediawiki; 123 of 123):
* Chrome 14, 21
* Firefox 3.0, 3.6, 4, 7, 14, 15, 16beta
* IE 6, 7, 8, 9
* Safari 4.0, 5.0, 5.1
* Opera 10.0, 11.1, 11.5, 11.6, 12.0, 12.5beta
* iPhone 3GS / iOS 3.0 / Mobile Safari 4.0
iPhone 4 / iOS 4.0.1 / Mobile Safari 4.0.5
iPhone 4S / iOS 6.0 Beta / Mobile Safari 6.0
Change-Id: I3e8227ddb87fd9441071ca935439fc6467751dab
2012-07-25 21:20:21 +00:00
|
|
|
// custom media type groups into @media .. {} sections as part of the css string.
|
|
|
|
|
// Module returns either an empty array or a numerical array with css strings.
|
2015-10-01 00:26:46 +00:00
|
|
|
$strContent = isset( $styles['css'] ) ? implode( '', $styles['css'] ) : '';
|
2010-12-23 20:14:18 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2017-10-06 22:17:58 +00:00
|
|
|
$scripts = $content['scripts'] ?? '';
|
2016-09-15 04:01:09 +00:00
|
|
|
if ( is_string( $scripts ) ) {
|
|
|
|
|
if ( $name === 'site' || $name === 'user' ) {
|
|
|
|
|
// Legacy scripts that run in the global scope without a closure.
|
2021-10-09 01:53:18 +00:00
|
|
|
// mw.loader.implement will use eval if scripts is a string.
|
2016-09-15 04:01:09 +00:00
|
|
|
// Minify manually here, because general response minification is
|
|
|
|
|
// not effective due it being a string literal, not a function.
|
2021-09-25 23:55:13 +00:00
|
|
|
if ( !$debug ) {
|
2016-09-15 04:01:09 +00:00
|
|
|
$scripts = self::filter( 'minify-js', $scripts ); // T107377
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2023-07-13 15:44:35 +00:00
|
|
|
$scripts = new HtmlJsCode( $scripts );
|
2016-09-15 04:01:09 +00:00
|
|
|
}
|
|
|
|
|
}
|
2015-10-01 00:26:46 +00:00
|
|
|
$strContent = self::makeLoaderImplementScript(
|
2016-09-12 20:52:10 +00:00
|
|
|
$implementKey,
|
2016-09-15 04:01:09 +00:00
|
|
|
$scripts,
|
2017-10-06 22:17:58 +00:00
|
|
|
$content['styles'] ?? [],
|
2023-07-13 15:44:35 +00:00
|
|
|
isset( $content['messagesBlob'] ) ? new HtmlJsCode( $content['messagesBlob'] ) : null,
|
2017-10-06 22:17:58 +00:00
|
|
|
$content['templates'] ?? []
|
2012-06-13 23:50:13 +00:00
|
|
|
);
|
2010-12-23 20:14:18 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2015-10-01 00:26:46 +00:00
|
|
|
|
2022-06-22 01:44:17 +00:00
|
|
|
if ( $debug ) {
|
|
|
|
|
// In debug mode, separate each response by a new line.
|
|
|
|
|
// For example, between 'mw.loader.implement();' statements.
|
|
|
|
|
$strContent = self::ensureNewline( $strContent );
|
|
|
|
|
} else {
|
resourceloader: Restore minification of embedded 'user.options'
== Why and what ==
It is important that we don't cache the result of minifying the
`user.options` blob, because it varies on every page (details below).
But, it is okay to minify it.
Today, we don't minify it because the only content of this blob is
one line of JSON, and that JSON is already generated without spaces.
I would like to start minifying it so that:
1. The "mw.loader.implement" wrapper will get minified. Right now
we maintain a copy of the wrapper that is minified by hand. In the
next patch, I will remove this, which will introduce whitespace
for "user.options" unless we enable the minifier.
2. We can remove more complexity and state internally without worrying
about whether it will still be minified.
3. We can make the output even smaller by not having to preserve the
`/*nomin*/` instruction behind. This instruction is used today
mainly for cases where minification might break the output, so it
is important to preserve in case it is concatenated and passed to
the minifier a second time later. But, for user options we don't
need this protection, and so we can save a few bytes by removing
this instruction at the same time.
== Background ==
Act 1
In 2014, with task T84960, we determined that caching of `user.tokens`
minification is problematic for system stability and also not useful.
* This module contains security tokens that are different for every
pageview and for every user. This means every time we generate a
web response, we have different tokens, and thus generate different
<script> content, and thus there is no use of caching the result,
because we would never use it. The next time we get a different
script, and will have to minify it again. That's okay, it's small
and takes no time at all to minify.
* If we stored it in the cache, it would not only be useless, it would
also compromise the effectiveness of the php-apcu cache for all other
parts of MediaWiki, because when APCu is full, it will have to delete
unrelated caches to make space, thus causing more calculations to
be repeated in other places.
In commit 6fa48939 (I6016e4b0) we simply changed the script generation
to disable caching when minifying the private 'user.tokens'
module, which solved the task.
Act 2
In 2015, with commit b7eb243d92 (Id6f514206), the minification logic
was changed from "per response" to "per module within response",
and as part of that the logic was also generalised from being just
for `user.tokens` to be for "private modules", which is essentially
the same (since user.tokens is the most common private module), but
was preparation for a few other things:
* Some extensions (like AdvancedSearch) also create their own private
modules and thus benefit from this automatically.
* In later years we would add support for previewing user scripts
and gadgets, which turns a public module temporarily into a private
one to be able to execute it with the previewed script content.
These also don't need to be cached, and this correctly disabled
caching for those.
* We have "user.options", which is similar to "user.tokens", but does
not change on every page view. It does not need to be cached
because it is so small that is about as fast to just minify it
than to go through the cost of hashing, keying and querying the
cache.
* We have merged `user.tokens` into `user.options`.
Act 3
Then, with commit ca30efa30 (Ic1d802ee20) this was automation was
removed in favour of the FILTER_NOMIN instruction which disabled both
caching *and* minification. The was accepted because we realized that
we don't need minification for the "user.options" blob because it is
just one line of JSON, and the JSON is already generated without
whitespace.
Change-Id: I6d125fc89d8964325ec068a0746b00810e155858
2021-10-09 00:48:48 +00:00
|
|
|
$strContent = self::filter( $filter, $strContent, [
|
|
|
|
|
// Important: Do not cache minifications of embedded modules
|
|
|
|
|
// This is especially for the private 'user.options' module,
|
|
|
|
|
// which varies on every pageview and would explode the cache (T84960)
|
|
|
|
|
'cache' => !$module->shouldEmbedModule( $context )
|
|
|
|
|
] );
|
2015-10-01 00:26:46 +00:00
|
|
|
}
|
|
|
|
|
|
2021-09-25 23:55:13 +00:00
|
|
|
if ( $only === 'scripts' ) {
|
2017-06-28 02:51:03 +00:00
|
|
|
// Use a linebreak between module scripts (T162719)
|
2021-07-20 10:10:21 +00:00
|
|
|
$out .= self::ensureNewline( $strContent );
|
2017-06-28 02:51:03 +00:00
|
|
|
} else {
|
|
|
|
|
$out .= $strContent;
|
|
|
|
|
}
|
2022-02-01 01:11:09 +00:00
|
|
|
} catch ( TimeoutException $e ) {
|
|
|
|
|
throw $e;
|
2010-12-23 20:14:18 +00:00
|
|
|
} catch ( Exception $e ) {
|
2016-12-03 03:57:42 +00:00
|
|
|
$this->outputErrorAndLog( $e, 'Generating module package failed: {exception}' );
|
2010-10-20 00:22:25 +00:00
|
|
|
|
2013-10-17 10:33:26 +00:00
|
|
|
// Respond to client with error-state instead of module implementation
|
|
|
|
|
$states[$name] = 'error';
|
2010-12-23 20:14:18 +00:00
|
|
|
unset( $modules[$name] );
|
|
|
|
|
}
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2010-09-24 18:49:19 +00:00
|
|
|
// Update module states
|
resourceloader: Remove support for raw modules
Being a raw module means that when it is requested from load.php with
"only=scripts" set, then the output is *not* wrapped in an
'mw.loader.implement' closure *and* there no 'mw.loader.state()' appendix.
Instead, it is served "raw".
Before 2018, the modules 'mediawiki' and 'jquery' were raw modules.
They were needed before the client could define 'mw.loader.implement', and
could never be valid dependencies. Module 'mediawiki' merged to 'startup',
and 'jquery' became a regular module (T192623). Based on the architecture
of modules being deliverable bundles, it doesn't make sense for there to
ever be raw modules again. Anything that 'startup' needs should be bundled
with it. Anything else is a regular module.
On top of that, we never actually needed this feature because specifying
the 'only=scripts' and 'raw=1' parameters does the same thing.
The only special bit about marking modules (not requests) as "raw" was that
it allowed the client to forget to specify "raw=1" and the server would
automatically omit the 'mw.loader.state()' appendix based on whether the
module is marked as raw. As of Ie4564ec8e26ad53f2, the two remaining use
cases for raw responses now specify the 'raw=1' request parameter, and we
can get rid of the "raw module" feature and all the complexity around it.
== Startup module
In the startup module there was an interesting use of isRaw() that has
little to do with the above. The "ATTENTION" warning there applies to the
startup module only, not raw modules in general. This is now fixed by
explicitly checking for StartupModule.
Above that warning, it talked about saving bytes, which was an optimisation
given that "raw" modules don't communicate with mw.loader, they also don't
need to be registered there because even if mw.loader would try to load
them, the server would never inform mw.loader about the module having
arrived. There are now no longer any such modules.
Bug: T201483
Change-Id: I8839036e7b2b76919b6cd3aa42ccfde4d1247899
2019-06-13 18:41:56 +00:00
|
|
|
if ( $context->shouldIncludeScripts() && !$context->getRaw() ) {
|
2021-09-25 23:55:13 +00:00
|
|
|
if ( $modules && $only === 'scripts' ) {
|
2013-10-17 10:33:26 +00:00
|
|
|
// Set the state of modules loaded as only scripts to ready as
|
|
|
|
|
// they don't have an mw.loader.implement wrapper that sets the state
|
|
|
|
|
foreach ( $modules as $name => $module ) {
|
|
|
|
|
$states[$name] = 'ready';
|
|
|
|
|
}
|
2010-09-24 18:49:19 +00:00
|
|
|
}
|
2013-10-17 10:33:26 +00:00
|
|
|
|
|
|
|
|
// Set the state of modules we didn't respond to with mw.loader.implement
|
resourceloader: Remove support for raw modules
Being a raw module means that when it is requested from load.php with
"only=scripts" set, then the output is *not* wrapped in an
'mw.loader.implement' closure *and* there no 'mw.loader.state()' appendix.
Instead, it is served "raw".
Before 2018, the modules 'mediawiki' and 'jquery' were raw modules.
They were needed before the client could define 'mw.loader.implement', and
could never be valid dependencies. Module 'mediawiki' merged to 'startup',
and 'jquery' became a regular module (T192623). Based on the architecture
of modules being deliverable bundles, it doesn't make sense for there to
ever be raw modules again. Anything that 'startup' needs should be bundled
with it. Anything else is a regular module.
On top of that, we never actually needed this feature because specifying
the 'only=scripts' and 'raw=1' parameters does the same thing.
The only special bit about marking modules (not requests) as "raw" was that
it allowed the client to forget to specify "raw=1" and the server would
automatically omit the 'mw.loader.state()' appendix based on whether the
module is marked as raw. As of Ie4564ec8e26ad53f2, the two remaining use
cases for raw responses now specify the 'raw=1' request parameter, and we
can get rid of the "raw module" feature and all the complexity around it.
== Startup module
In the startup module there was an interesting use of isRaw() that has
little to do with the above. The "ATTENTION" warning there applies to the
startup module only, not raw modules in general. This is now fixed by
explicitly checking for StartupModule.
Above that warning, it talked about saving bytes, which was an optimisation
given that "raw" modules don't communicate with mw.loader, they also don't
need to be registered there because even if mw.loader would try to load
them, the server would never inform mw.loader about the module having
arrived. There are now no longer any such modules.
Bug: T201483
Change-Id: I8839036e7b2b76919b6cd3aa42ccfde4d1247899
2019-06-13 18:41:56 +00:00
|
|
|
if ( $states ) {
|
2019-09-09 15:50:13 +00:00
|
|
|
$stateScript = self::makeLoaderStateScript( $context, $states );
|
2021-09-25 23:55:13 +00:00
|
|
|
if ( !$debug ) {
|
2015-10-01 18:05:08 +00:00
|
|
|
$stateScript = self::filter( 'minify-js', $stateScript );
|
2015-10-01 00:26:46 +00:00
|
|
|
}
|
2017-06-28 02:51:03 +00:00
|
|
|
// Use a linebreak between module script and state script (T162719)
|
2021-07-20 10:10:21 +00:00
|
|
|
$out = self::ensureNewline( $out ) . $stateScript;
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2019-03-29 20:12:24 +00:00
|
|
|
} elseif ( $states ) {
|
|
|
|
|
$this->errors[] = 'Problematic modules: '
|
2023-03-23 18:20:59 +00:00
|
|
|
// Silently ignore invalid UTF-8 injected via 'modules' query
|
|
|
|
|
// Don't issue server-side warnings for client errors. (T331641)
|
2023-03-09 16:49:12 +00:00
|
|
|
// phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
|
|
|
|
|
. @$context->encodeJson( $states );
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2010-09-04 12:53:01 +00:00
|
|
|
|
2014-11-11 20:00:17 +00:00
|
|
|
return $out;
|
2010-09-04 04:00:09 +00:00
|
|
|
}
|
2010-10-20 00:22:25 +00:00
|
|
|
|
2017-06-28 02:51:03 +00:00
|
|
|
/**
|
|
|
|
|
* Ensure the string is either empty or ends in a line break
|
2019-07-27 09:26:58 +00:00
|
|
|
* @internal
|
2017-06-28 02:51:03 +00:00
|
|
|
* @param string $str
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
2019-07-27 09:26:58 +00:00
|
|
|
public static function ensureNewline( $str ) {
|
2017-06-28 02:51:03 +00:00
|
|
|
$end = substr( $str, -1 );
|
2019-04-07 10:08:17 +00:00
|
|
|
if ( $end === false || $end === '' || $end === "\n" ) {
|
2017-06-28 02:51:03 +00:00
|
|
|
return $str;
|
|
|
|
|
}
|
|
|
|
|
return $str . "\n";
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-06 23:20:16 +00:00
|
|
|
/**
|
|
|
|
|
* Get names of modules that use a certain message.
|
|
|
|
|
*
|
|
|
|
|
* @param string $messageKey
|
2020-02-21 00:26:07 +00:00
|
|
|
* @return string[] List of module names
|
2015-11-06 23:20:16 +00:00
|
|
|
*/
|
|
|
|
|
public function getModulesByMessage( $messageKey ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$moduleNames = [];
|
2015-11-06 23:20:16 +00:00
|
|
|
foreach ( $this->getModuleNames() as $moduleName ) {
|
|
|
|
|
$module = $this->getModule( $moduleName );
|
|
|
|
|
if ( in_array( $messageKey, $module->getMessages() ) ) {
|
|
|
|
|
$moduleNames[] = $moduleName;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $moduleNames;
|
|
|
|
|
}
|
|
|
|
|
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
/**
|
2014-03-07 16:50:57 +00:00
|
|
|
* Return JS code that calls mw.loader.implement with given module properties.
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*
|
2023-03-31 06:29:42 +00:00
|
|
|
* @param string $name Module name used as implement key (format "`[name]@[version]`")
|
2023-07-13 15:44:35 +00:00
|
|
|
* @param HtmlJsCode|array|string|string[] $scripts
|
|
|
|
|
* - HtmlJsCode: Concatenated scripts to be wrapped in a closure
|
|
|
|
|
* - array: Package files array containing HtmlJsCode for individual JS files,
|
2023-03-31 06:29:42 +00:00
|
|
|
* as produced by Module::getScript().
|
|
|
|
|
* - string: Script contents to eval in global scope (for site/user scripts).
|
|
|
|
|
* - string[]: List of URLs (for debug mode).
|
|
|
|
|
* @param array<string,string|array<string,string[]>> $styles
|
|
|
|
|
* Under optional key "css", there is a concatenated CSS string.
|
|
|
|
|
* Under optional key "url", there is an array by media type withs URLs to stylesheets (for debug mode).
|
|
|
|
|
* These come from Module::getStyles(), formatted by Module:buildContent().
|
2023-07-13 15:44:35 +00:00
|
|
|
* @param HtmlJsCode|null $messages An already JSON-encoded map from message keys to values,
|
|
|
|
|
* wrapped in an HtmlJsCode object.
|
2023-03-31 06:29:42 +00:00
|
|
|
* @param array<string,string> $templates Map from template name to template source.
|
2017-06-08 13:11:13 +00:00
|
|
|
* @return string JavaScript code
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*/
|
2019-09-09 15:50:13 +00:00
|
|
|
private static function makeLoaderImplementScript(
|
2023-02-05 19:21:50 +00:00
|
|
|
$name, $scripts, $styles, $messages, $templates
|
2014-10-10 00:07:14 +00:00
|
|
|
) {
|
2023-07-13 15:44:35 +00:00
|
|
|
if ( $scripts instanceof HtmlJsCode ) {
|
2019-01-29 03:33:14 +00:00
|
|
|
if ( $scripts->value === '' ) {
|
|
|
|
|
$scripts = null;
|
2018-01-29 23:30:23 +00:00
|
|
|
} else {
|
2023-07-13 15:44:35 +00:00
|
|
|
$scripts = new HtmlJsCode( "function ( $, jQuery, require, module ) {\n{$scripts->value}\n}" );
|
2018-01-29 23:30:23 +00:00
|
|
|
}
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
} elseif ( is_array( $scripts ) && isset( $scripts['files'] ) ) {
|
|
|
|
|
$files = $scripts['files'];
|
2022-09-21 19:05:03 +00:00
|
|
|
foreach ( $files as &$file ) {
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
// $file is changed (by reference) from a descriptor array to the content of the file
|
|
|
|
|
// All of these essentially do $file = $file['content'];, some just have wrapping around it
|
|
|
|
|
if ( $file['type'] === 'script' ) {
|
2019-07-27 09:26:58 +00:00
|
|
|
// Ensure that the script has a newline at the end to close any comment in the
|
|
|
|
|
// last line.
|
|
|
|
|
$content = self::ensureNewline( $file['content'] );
|
2022-02-17 04:31:24 +00:00
|
|
|
// Provide CJS `exports` (in addition to CJS2 `module.exports`) to package modules (T284511).
|
|
|
|
|
// $/jQuery are simply used as globals instead.
|
|
|
|
|
// TODO: Remove $/jQuery param from traditional module closure too (and bump caching)
|
2023-07-13 15:44:35 +00:00
|
|
|
$file = new HtmlJsCode( "function ( require, module, exports ) {\n$content}" );
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
} else {
|
|
|
|
|
$file = $file['content'];
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-07-13 15:44:35 +00:00
|
|
|
$scripts = HtmlJsCode::encodeObject( [
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
'main' => $scripts['main'],
|
2023-07-13 15:44:35 +00:00
|
|
|
'files' => HtmlJsCode::encodeObject( $files, true )
|
2021-10-09 00:23:32 +00:00
|
|
|
], true );
|
2016-09-15 04:01:09 +00:00
|
|
|
} elseif ( !is_string( $scripts ) && !is_array( $scripts ) ) {
|
2020-02-21 00:26:07 +00:00
|
|
|
throw new InvalidArgumentException( 'Script must be a string or an array of URLs' );
|
2010-09-24 18:49:19 +00:00
|
|
|
}
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
|
2014-12-09 01:17:53 +00:00
|
|
|
// mw.loader.implement requires 'styles', 'messages' and 'templates' to be objects (not
|
|
|
|
|
// arrays). json_encode considers empty arrays to be numerical and outputs "[]" instead
|
|
|
|
|
// of "{}". Force them to objects.
|
2016-02-17 09:09:32 +00:00
|
|
|
$module = [
|
2014-12-09 01:17:53 +00:00
|
|
|
$name,
|
|
|
|
|
$scripts,
|
2015-06-17 20:01:00 +00:00
|
|
|
(object)$styles,
|
2023-03-31 06:29:42 +00:00
|
|
|
$messages ?? (object)[],
|
ResourceLoader: Add support for packageFiles
Package files are files that are part of a module, but are not
immediately executed when the module executes. Instead, they are
lazy-excecuted when require() is called on them. Package files can be
scripts (JS) or data (JSON), and can be real files on the file system,
or virtual files generated by a callback.
Using virtual data files, server-side data and config variables can be
bundled with a module. Support for file-based require() allows us to
import npm modules into ResourceLoader more easily.
The require function passed to each script execution context, which was
previously a reference to the global mw.loader.require() function, is
changed to one that is scoped to the module and the file being executed.
This is needed to support relative paths: require( '../foo.js' ) can
mean a different file depending on the path of the calling file.
The results of require()ing each file (i.e. the value of module.exports
after executing it) are stored, and calling require() on the same file a
second time won't execute it again, but will return the stored value.
Miscellaneous changes:
- Add XmlJsCode::encodeObject(), which combines an associative array of
XmlJsCode objects into one larger XmlJsCode object. This is needed for
encoding the packageFiles parameter in mw.loader.implement() calls.
Bug: T133462
Change-Id: I78cc86e626de0720397718cd2bed8ed279579112
2018-11-03 00:53:17 +00:00
|
|
|
(object)$templates
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2014-12-09 01:17:53 +00:00
|
|
|
self::trimArray( $module );
|
|
|
|
|
|
2021-10-09 00:23:32 +00:00
|
|
|
// We use pretty output unconditionally to make this method simpler.
|
|
|
|
|
// Minification is taken care of closer to the output.
|
|
|
|
|
return Xml::encodeJsCall( 'mw.loader.implement', $module, true );
|
2010-09-24 18:49:19 +00:00
|
|
|
}
|
|
|
|
|
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
/**
|
2011-06-17 16:05:05 +00:00
|
|
|
* Combines an associative array mapping media type to CSS into a
|
2012-07-10 12:48:06 +00:00
|
|
|
* single stylesheet with "@media" blocks.
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param array<string,string|string[]> $stylePairs Map from media type to CSS string(s)
|
|
|
|
|
* @return string[] CSS strings
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*/
|
2014-06-04 19:30:14 +00:00
|
|
|
public static function makeCombinedStyles( array $stylePairs ) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$out = [];
|
ResourceLoader: Refactor style loading
Fixes:
* bug 31676: Work around IE stylesheet limit.
* bug 35562: @import styles broken in modules that combine
multiple stylesheets.
* bug 40498: Don't output empty "@media print { }" blocks.
* bug 40500: Don't ignore media-type for urls in debug mode.
Approach:
* Re-use the same <style> tag so that we stay under the 31
stylesheet limit in IE. Unless the to-be-added css text from
the being-loaded module contains @import, in which case we do
create a new <style> tag and then re-use that one from that
point on (bug 31676).
* Return stylesheets as arrays, instead of a concatenated string.
This fixes bug 35562, because @import only works when at the
top of a stylesheet. By not unconditionally concatenating files
within a module on the server side already, @import will work
in e.g. module 'site' that contains 2 wiki pages.
This is normalized in ResourceLoader::makeCombinedStyles(),
so far only ResourceLoaderWikiModule makes use of this.
Misc. clean up and bug fixes:
* Reducing usage of jQuery() and mw.html.element() where
native DOM would be very simple and faster. Aside from
simplicity and speed, this is also working towards a more
stand-alone ResourceLoader.
* Trim server output a little bit more
- Redundant new line after minify-css (it is now an array, so
no need to keep space afterwards)
- Redundant semi-colon after minify-js if it ends in a colon
* Allow space in styleTest.css.php
* Clean up and extend unit tests to cover for these features
and bug fixes.
* Don't set styleEl.rel = 'stylesheet'; that has no business
on a <style> tag.
* Fix bug in mw.loader's addStyleTag(). It turns out IE6
has an odd security measure that does not allow manipulation
of elements (at least style tags) that are created by a
different script (even if that script was served from the same
domain/origin etc.). We didn't ran into this before because
we only created new style tags, never appended to them. Now
that we do, this came up. Took a while to figure out because
it was created by mediawiki.js but it calls jQuery which did
the actual dom insertion. Odd thing is, we load jquery.js and
mediawiki.js in the same request even...
Without this all css-url related mw.loader tests would fail
in IE6.
* mediawiki.js and mediawiki.test.js now pass jshint again.
Tested (and passing qunit/?module=mediawiki; 123 of 123):
* Chrome 14, 21
* Firefox 3.0, 3.6, 4, 7, 14, 15, 16beta
* IE 6, 7, 8, 9
* Safari 4.0, 5.0, 5.1
* Opera 10.0, 11.1, 11.5, 11.6, 12.0, 12.5beta
* iPhone 3GS / iOS 3.0 / Mobile Safari 4.0
iPhone 4 / iOS 4.0.1 / Mobile Safari 4.0.5
iPhone 4S / iOS 6.0 Beta / Mobile Safari 6.0
Change-Id: I3e8227ddb87fd9441071ca935439fc6467751dab
2012-07-25 21:20:21 +00:00
|
|
|
foreach ( $stylePairs as $media => $styles ) {
|
2022-05-06 09:09:56 +00:00
|
|
|
// FileModule::getStyle can return the styles as a string or an
|
|
|
|
|
// array of strings. This is to allow separation in the front-end.
|
2013-04-02 20:28:40 +00:00
|
|
|
$styles = (array)$styles;
|
ResourceLoader: Refactor style loading
Fixes:
* bug 31676: Work around IE stylesheet limit.
* bug 35562: @import styles broken in modules that combine
multiple stylesheets.
* bug 40498: Don't output empty "@media print { }" blocks.
* bug 40500: Don't ignore media-type for urls in debug mode.
Approach:
* Re-use the same <style> tag so that we stay under the 31
stylesheet limit in IE. Unless the to-be-added css text from
the being-loaded module contains @import, in which case we do
create a new <style> tag and then re-use that one from that
point on (bug 31676).
* Return stylesheets as arrays, instead of a concatenated string.
This fixes bug 35562, because @import only works when at the
top of a stylesheet. By not unconditionally concatenating files
within a module on the server side already, @import will work
in e.g. module 'site' that contains 2 wiki pages.
This is normalized in ResourceLoader::makeCombinedStyles(),
so far only ResourceLoaderWikiModule makes use of this.
Misc. clean up and bug fixes:
* Reducing usage of jQuery() and mw.html.element() where
native DOM would be very simple and faster. Aside from
simplicity and speed, this is also working towards a more
stand-alone ResourceLoader.
* Trim server output a little bit more
- Redundant new line after minify-css (it is now an array, so
no need to keep space afterwards)
- Redundant semi-colon after minify-js if it ends in a colon
* Allow space in styleTest.css.php
* Clean up and extend unit tests to cover for these features
and bug fixes.
* Don't set styleEl.rel = 'stylesheet'; that has no business
on a <style> tag.
* Fix bug in mw.loader's addStyleTag(). It turns out IE6
has an odd security measure that does not allow manipulation
of elements (at least style tags) that are created by a
different script (even if that script was served from the same
domain/origin etc.). We didn't ran into this before because
we only created new style tags, never appended to them. Now
that we do, this came up. Took a while to figure out because
it was created by mediawiki.js but it calls jQuery which did
the actual dom insertion. Odd thing is, we load jquery.js and
mediawiki.js in the same request even...
Without this all css-url related mw.loader tests would fail
in IE6.
* mediawiki.js and mediawiki.test.js now pass jshint again.
Tested (and passing qunit/?module=mediawiki; 123 of 123):
* Chrome 14, 21
* Firefox 3.0, 3.6, 4, 7, 14, 15, 16beta
* IE 6, 7, 8, 9
* Safari 4.0, 5.0, 5.1
* Opera 10.0, 11.1, 11.5, 11.6, 12.0, 12.5beta
* iPhone 3GS / iOS 3.0 / Mobile Safari 4.0
iPhone 4 / iOS 4.0.1 / Mobile Safari 4.0.5
iPhone 4S / iOS 6.0 Beta / Mobile Safari 6.0
Change-Id: I3e8227ddb87fd9441071ca935439fc6467751dab
2012-07-25 21:20:21 +00:00
|
|
|
foreach ( $styles as $style ) {
|
|
|
|
|
$style = trim( $style );
|
2017-02-20 22:44:19 +00:00
|
|
|
// Don't output an empty "@media print { }" block (T42498)
|
2022-06-22 01:44:17 +00:00
|
|
|
if ( $style === '' ) {
|
|
|
|
|
continue;
|
ResourceLoader: Refactor style loading
Fixes:
* bug 31676: Work around IE stylesheet limit.
* bug 35562: @import styles broken in modules that combine
multiple stylesheets.
* bug 40498: Don't output empty "@media print { }" blocks.
* bug 40500: Don't ignore media-type for urls in debug mode.
Approach:
* Re-use the same <style> tag so that we stay under the 31
stylesheet limit in IE. Unless the to-be-added css text from
the being-loaded module contains @import, in which case we do
create a new <style> tag and then re-use that one from that
point on (bug 31676).
* Return stylesheets as arrays, instead of a concatenated string.
This fixes bug 35562, because @import only works when at the
top of a stylesheet. By not unconditionally concatenating files
within a module on the server side already, @import will work
in e.g. module 'site' that contains 2 wiki pages.
This is normalized in ResourceLoader::makeCombinedStyles(),
so far only ResourceLoaderWikiModule makes use of this.
Misc. clean up and bug fixes:
* Reducing usage of jQuery() and mw.html.element() where
native DOM would be very simple and faster. Aside from
simplicity and speed, this is also working towards a more
stand-alone ResourceLoader.
* Trim server output a little bit more
- Redundant new line after minify-css (it is now an array, so
no need to keep space afterwards)
- Redundant semi-colon after minify-js if it ends in a colon
* Allow space in styleTest.css.php
* Clean up and extend unit tests to cover for these features
and bug fixes.
* Don't set styleEl.rel = 'stylesheet'; that has no business
on a <style> tag.
* Fix bug in mw.loader's addStyleTag(). It turns out IE6
has an odd security measure that does not allow manipulation
of elements (at least style tags) that are created by a
different script (even if that script was served from the same
domain/origin etc.). We didn't ran into this before because
we only created new style tags, never appended to them. Now
that we do, this came up. Took a while to figure out because
it was created by mediawiki.js but it calls jQuery which did
the actual dom insertion. Odd thing is, we load jquery.js and
mediawiki.js in the same request even...
Without this all css-url related mw.loader tests would fail
in IE6.
* mediawiki.js and mediawiki.test.js now pass jshint again.
Tested (and passing qunit/?module=mediawiki; 123 of 123):
* Chrome 14, 21
* Firefox 3.0, 3.6, 4, 7, 14, 15, 16beta
* IE 6, 7, 8, 9
* Safari 4.0, 5.0, 5.1
* Opera 10.0, 11.1, 11.5, 11.6, 12.0, 12.5beta
* iPhone 3GS / iOS 3.0 / Mobile Safari 4.0
iPhone 4 / iOS 4.0.1 / Mobile Safari 4.0.5
iPhone 4S / iOS 6.0 Beta / Mobile Safari 6.0
Change-Id: I3e8227ddb87fd9441071ca935439fc6467751dab
2012-07-25 21:20:21 +00:00
|
|
|
}
|
2022-06-22 01:44:17 +00:00
|
|
|
// Transform the media type based on request params and config
|
|
|
|
|
// The way that this relies on $wgRequest to propagate request params is slightly evil
|
|
|
|
|
$media = OutputPage::transformCssMedia( $media );
|
|
|
|
|
|
|
|
|
|
if ( $media === '' || $media == 'all' ) {
|
|
|
|
|
$out[] = $style;
|
|
|
|
|
} elseif ( is_string( $media ) ) {
|
|
|
|
|
$out[] = "@media $media {\n" . str_replace( "\n", "\n\t", "\t" . $style ) . "}";
|
|
|
|
|
}
|
|
|
|
|
// else: skip
|
2011-01-07 20:22:50 +00:00
|
|
|
}
|
2010-09-24 18:49:19 +00:00
|
|
|
}
|
|
|
|
|
return $out;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-15 20:51:43 +00:00
|
|
|
/**
|
|
|
|
|
* Wrapper around json_encode that avoids needless escapes,
|
|
|
|
|
* and pretty-prints in debug mode.
|
|
|
|
|
*
|
2019-09-04 17:13:11 +00:00
|
|
|
* @param mixed $data
|
2019-09-10 06:07:57 +00:00
|
|
|
* @return string|false JSON string, false on error
|
2018-09-15 20:51:43 +00:00
|
|
|
*/
|
2023-03-06 01:54:47 +00:00
|
|
|
private static function encodeJsonForScript( $data ) {
|
2018-09-15 20:51:43 +00:00
|
|
|
// Keep output as small as possible by disabling needless escape modes
|
|
|
|
|
// that PHP uses by default.
|
|
|
|
|
// However, while most module scripts are only served on HTTP responses
|
|
|
|
|
// for JavaScript, some modules can also be embedded in the HTML as inline
|
|
|
|
|
// scripts. This, and the fact that we sometimes need to export strings
|
|
|
|
|
// containing user-generated content and labels that may genuinely contain
|
|
|
|
|
// a sequences like "</script>", we need to encode either '/' or '<'.
|
|
|
|
|
// By default PHP escapes '/'. Let's escape '<' instead which is less common
|
|
|
|
|
// and allows URLs to mostly remain readable.
|
|
|
|
|
$jsonFlags = JSON_UNESCAPED_SLASHES |
|
|
|
|
|
JSON_UNESCAPED_UNICODE |
|
|
|
|
|
JSON_HEX_TAG |
|
|
|
|
|
JSON_HEX_AMP;
|
|
|
|
|
if ( self::inDebugMode() ) {
|
|
|
|
|
$jsonFlags |= JSON_PRETTY_PRINT;
|
|
|
|
|
}
|
|
|
|
|
return json_encode( $data, $jsonFlags );
|
|
|
|
|
}
|
|
|
|
|
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
/**
|
2023-03-23 18:20:59 +00:00
|
|
|
* Format a JS call to mw.loader.state()
|
2011-05-21 17:45:20 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @internal For use by StartUpModule
|
|
|
|
|
* @param Context $context
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param array<string,string> $states
|
2017-06-08 13:11:13 +00:00
|
|
|
* @return string JavaScript code
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*/
|
2019-09-09 15:50:13 +00:00
|
|
|
public static function makeLoaderStateScript(
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context, array $states
|
2019-09-09 15:50:13 +00:00
|
|
|
) {
|
2019-07-16 00:15:32 +00:00
|
|
|
return 'mw.loader.state('
|
2023-03-23 18:20:59 +00:00
|
|
|
// Silently ignore invalid UTF-8 injected via 'modules' query
|
|
|
|
|
// Don't issue server-side warnings for client errors. (T331641)
|
|
|
|
|
// phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
|
|
|
|
|
. @$context->encodeJson( $states )
|
2019-07-16 00:15:32 +00:00
|
|
|
. ');';
|
2010-09-24 18:49:19 +00:00
|
|
|
}
|
2010-09-24 22:10:25 +00:00
|
|
|
|
2014-12-09 01:17:53 +00:00
|
|
|
private static function isEmptyObject( stdClass $obj ) {
|
2023-03-24 03:21:20 +00:00
|
|
|
foreach ( $obj as $value ) {
|
2014-12-09 01:17:53 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-09 00:29:19 +00:00
|
|
|
/**
|
|
|
|
|
* Remove empty values from the end of an array.
|
|
|
|
|
*
|
|
|
|
|
* Values considered empty:
|
|
|
|
|
*
|
|
|
|
|
* - null
|
2016-09-12 10:06:37 +00:00
|
|
|
* - []
|
2023-07-13 15:44:35 +00:00
|
|
|
* - new HtmlJsCode( '{}' )
|
2020-02-28 15:13:53 +00:00
|
|
|
* - new stdClass()
|
|
|
|
|
* - (object)[]
|
2014-12-09 00:29:19 +00:00
|
|
|
*
|
2019-11-23 22:28:57 +00:00
|
|
|
* @param array &$array
|
2014-12-09 00:29:19 +00:00
|
|
|
*/
|
2021-07-22 03:11:47 +00:00
|
|
|
private static function trimArray( array &$array ): void {
|
2014-12-09 00:29:19 +00:00
|
|
|
$i = count( $array );
|
|
|
|
|
while ( $i-- ) {
|
2014-12-09 01:17:53 +00:00
|
|
|
if ( $array[$i] === null
|
2016-02-17 09:09:32 +00:00
|
|
|
|| $array[$i] === []
|
2023-07-13 15:44:35 +00:00
|
|
|
|| ( $array[$i] instanceof HtmlJsCode && $array[$i]->value === '{}' )
|
2014-12-09 01:17:53 +00:00
|
|
|
|| ( $array[$i] instanceof stdClass && self::isEmptyObject( $array[$i] ) )
|
|
|
|
|
) {
|
2014-12-09 00:29:19 +00:00
|
|
|
unset( $array[$i] );
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Format JS code which calls `mw.loader.register()` with the given parameters.
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*
|
2018-09-15 21:31:18 +00:00
|
|
|
* @par Example
|
|
|
|
|
* @code
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*
|
2019-09-09 15:50:13 +00:00
|
|
|
* ResourceLoader::makeLoaderRegisterScript( $context, [
|
2016-08-13 01:10:40 +00:00
|
|
|
* [ $name1, $version1, $dependencies1, $group1, $source1, $skip1 ],
|
|
|
|
|
* [ $name2, $version2, $dependencies1, $group2, $source2, $skip2 ],
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
* ...
|
2016-08-13 01:10:40 +00:00
|
|
|
* ] ):
|
2018-09-15 21:31:18 +00:00
|
|
|
* @endcode
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @internal For use by StartUpModule only
|
|
|
|
|
* @param Context $context
|
2019-10-11 14:31:51 +00:00
|
|
|
* @param array[] $modules Array of module registration arrays, each containing
|
2018-09-15 21:31:18 +00:00
|
|
|
* - string: module name
|
|
|
|
|
* - string: module version
|
|
|
|
|
* - array|null: List of dependencies (optional)
|
|
|
|
|
* - string|null: Module group (optional)
|
|
|
|
|
* - string|null: Name of foreign module source, or 'local' (optional)
|
|
|
|
|
* - string|null: Script body of a skip function (optional)
|
2019-10-11 14:31:51 +00:00
|
|
|
* @phan-param array<int,array{0:string,1:string,2?:?array,3?:?string,4?:?string,5?:?string}> $modules
|
2017-06-08 13:11:13 +00:00
|
|
|
* @return string JavaScript code
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*/
|
2019-09-09 15:50:13 +00:00
|
|
|
public static function makeLoaderRegisterScript(
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context, array $modules
|
2019-09-09 15:50:13 +00:00
|
|
|
) {
|
2018-09-15 21:31:18 +00:00
|
|
|
// Optimisation: Transform dependency names into indexes when possible
|
|
|
|
|
// to produce smaller output. They are expanded by mw.loader.register on
|
2021-09-25 09:11:49 +00:00
|
|
|
// the other end.
|
2018-09-15 21:31:18 +00:00
|
|
|
$index = [];
|
2023-06-10 20:53:54 +00:00
|
|
|
foreach ( $modules as $i => $module ) {
|
2014-10-25 00:18:24 +00:00
|
|
|
// Build module name index
|
2018-09-15 21:31:18 +00:00
|
|
|
$index[$module[0]] = $i;
|
|
|
|
|
}
|
|
|
|
|
foreach ( $modules as &$module ) {
|
|
|
|
|
if ( isset( $module[2] ) ) {
|
|
|
|
|
foreach ( $module[2] as &$dependency ) {
|
|
|
|
|
if ( isset( $index[$dependency] ) ) {
|
|
|
|
|
// Replace module name in dependency list with index
|
|
|
|
|
$dependency = $index[$dependency];
|
2014-10-25 00:18:24 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-06-10 20:53:54 +00:00
|
|
|
self::trimArray( $module );
|
2018-09-15 21:31:18 +00:00
|
|
|
}
|
2014-10-25 00:18:24 +00:00
|
|
|
|
2019-07-16 00:15:32 +00:00
|
|
|
return 'mw.loader.register('
|
2019-09-09 15:50:13 +00:00
|
|
|
. $context->encodeJson( $modules )
|
2019-07-16 00:15:32 +00:00
|
|
|
. ');';
|
2011-07-26 21:10:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Format JS code which calls `mw.loader.addSource()` with the given parameters.
|
2011-10-14 08:06:54 +00:00
|
|
|
*
|
2019-09-09 15:50:13 +00:00
|
|
|
* - ResourceLoader::makeLoaderSourcesScript( $context,
|
|
|
|
|
* [ $id1 => $loadUrl, $id2 => $loadUrl, ... ]
|
|
|
|
|
* );
|
2011-07-26 21:10:34 +00:00
|
|
|
* Register sources with the given IDs and properties.
|
2011-10-14 08:06:54 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @internal For use by StartUpModule only
|
|
|
|
|
* @param Context $context
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param array<string,string> $sources
|
2017-06-08 13:11:13 +00:00
|
|
|
* @return string JavaScript code
|
2011-07-26 21:10:34 +00:00
|
|
|
*/
|
2019-09-09 15:50:13 +00:00
|
|
|
public static function makeLoaderSourcesScript(
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context, array $sources
|
2019-09-09 15:50:13 +00:00
|
|
|
) {
|
2019-07-16 00:15:32 +00:00
|
|
|
return 'mw.loader.addSource('
|
2019-09-09 15:50:13 +00:00
|
|
|
. $context->encodeJson( $sources )
|
2019-07-16 00:15:32 +00:00
|
|
|
. ');';
|
2010-09-24 21:03:29 +00:00
|
|
|
}
|
2010-09-24 22:10:25 +00:00
|
|
|
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Wrap JavaScript code to run after the startup module.
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*
|
2013-03-11 17:15:01 +00:00
|
|
|
* @param string $script JavaScript code
|
2017-06-08 13:11:13 +00:00
|
|
|
* @return string JavaScript code
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*/
|
2010-09-24 22:10:25 +00:00
|
|
|
public static function makeLoaderConditionalScript( $script ) {
|
2018-08-07 18:45:10 +00:00
|
|
|
// Adds a function to lazy-created RLQ
|
2019-04-14 01:15:55 +00:00
|
|
|
return '(RLQ=window.RLQ||[]).push(function(){' .
|
2016-02-18 16:33:15 +00:00
|
|
|
trim( $script ) . '});';
|
2010-09-24 22:10:25 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-07 18:45:10 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Wrap JavaScript code to run after a required module.
|
2018-08-07 18:45:10 +00:00
|
|
|
*
|
|
|
|
|
* @since 1.32
|
|
|
|
|
* @param string|string[] $modules Module name(s)
|
|
|
|
|
* @param string $script JavaScript code
|
|
|
|
|
* @return string JavaScript code
|
|
|
|
|
*/
|
|
|
|
|
public static function makeInlineCodeWithModule( $modules, $script ) {
|
|
|
|
|
// Adds an array to lazy-created RLQ
|
2019-04-14 01:15:55 +00:00
|
|
|
return '(RLQ=window.RLQ||[]).push(['
|
2018-09-15 20:51:43 +00:00
|
|
|
. self::encodeJsonForScript( $modules ) . ','
|
2018-08-07 18:45:10 +00:00
|
|
|
. 'function(){' . trim( $script ) . '}'
|
|
|
|
|
. ']);';
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-25 04:48:02 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Make an HTML script that runs given JS code after startup and base modules.
|
2015-03-25 04:48:02 +00:00
|
|
|
*
|
2018-03-02 01:12:03 +00:00
|
|
|
* The code will be wrapped in a closure, and it will be executed by ResourceLoader's
|
|
|
|
|
* startup module if the client has adequate support for MediaWiki JavaScript code.
|
2015-03-25 04:48:02 +00:00
|
|
|
*
|
|
|
|
|
* @param string $script JavaScript code
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param string|null $nonce Content-Security-Policy nonce
|
|
|
|
|
* (from `OutputPage->getCSP()->getNonce()`)
|
2018-05-24 13:10:48 +00:00
|
|
|
* @return string|WrappedString HTML
|
2015-03-25 04:48:02 +00:00
|
|
|
*/
|
Initial support for Content Security Policy, disabled by default
The primary goal here is a defense in depth measure to
stop an attacker who found a bug in the parser allowing
them to insert malicious attributes.
This wouldn't stop someone who could insert a full
script tag (since at current it can't distinguish between
malicious and legit user js). It also would not prevent
DOM-based or reflected XSS for anons, as the nonce value
is guessable for anons when receiving a response cached
by varnish. However, the limited protection of just stopping
stored XSS where the attacker only has control of attributes,
is still a big win in my opinion. (But it wouldn't prevent
someone who has that type of xss from abusing things like
data-ooui attribute).
This will likely break many gadgets. Its expected that any
sort of rollout on Wikimedia will be done very slowly, with
lots of testing and the report-only option to begin with.
This is behind feature flags that are off by default, so
merging this patch should not cause any change in default
behaviour.
This may break some extensions (The most obvious one
is charinsert (See fe648d41005), but will probably need
some testing in report-only mode to see if anything else breaks)
This uses the unsafe-eval option of CSP, in order to
support RL's local storage thingy. For better security,
we may want to remove some of the sillier uses of eval
(e.g. jquery.ui.datepicker.js).
For more info, see spec: https://www.w3.org/TR/CSP2/
Additionally see:
https://www.mediawiki.org/wiki/Requests_for_comment/Content-Security-Policy
Bug: T135963
Change-Id: I80f6f469ba4c0b608385483457df96ccb7429ae5
2016-02-29 04:13:10 +00:00
|
|
|
public static function makeInlineScript( $script, $nonce = null ) {
|
2015-03-25 04:48:02 +00:00
|
|
|
$js = self::makeLoaderConditionalScript( $script );
|
Initial support for Content Security Policy, disabled by default
The primary goal here is a defense in depth measure to
stop an attacker who found a bug in the parser allowing
them to insert malicious attributes.
This wouldn't stop someone who could insert a full
script tag (since at current it can't distinguish between
malicious and legit user js). It also would not prevent
DOM-based or reflected XSS for anons, as the nonce value
is guessable for anons when receiving a response cached
by varnish. However, the limited protection of just stopping
stored XSS where the attacker only has control of attributes,
is still a big win in my opinion. (But it wouldn't prevent
someone who has that type of xss from abusing things like
data-ooui attribute).
This will likely break many gadgets. Its expected that any
sort of rollout on Wikimedia will be done very slowly, with
lots of testing and the report-only option to begin with.
This is behind feature flags that are off by default, so
merging this patch should not cause any change in default
behaviour.
This may break some extensions (The most obvious one
is charinsert (See fe648d41005), but will probably need
some testing in report-only mode to see if anything else breaks)
This uses the unsafe-eval option of CSP, in order to
support RL's local storage thingy. For better security,
we may want to remove some of the sillier uses of eval
(e.g. jquery.ui.datepicker.js).
For more info, see spec: https://www.w3.org/TR/CSP2/
Additionally see:
https://www.mediawiki.org/wiki/Requests_for_comment/Content-Security-Policy
Bug: T135963
Change-Id: I80f6f469ba4c0b608385483457df96ccb7429ae5
2016-02-29 04:13:10 +00:00
|
|
|
$escNonce = '';
|
|
|
|
|
if ( $nonce === null ) {
|
|
|
|
|
wfWarn( __METHOD__ . " did not get nonce. Will break CSP" );
|
|
|
|
|
} elseif ( $nonce !== false ) {
|
|
|
|
|
// If it was false, CSP is disabled, so no nonce attribute.
|
|
|
|
|
// Nonce should be only base64 characters, so should be safe,
|
|
|
|
|
// but better to be safely escaped than sorry.
|
|
|
|
|
$escNonce = ' nonce="' . htmlspecialchars( $nonce ) . '"';
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-31 00:13:04 +00:00
|
|
|
return new WrappedString(
|
Initial support for Content Security Policy, disabled by default
The primary goal here is a defense in depth measure to
stop an attacker who found a bug in the parser allowing
them to insert malicious attributes.
This wouldn't stop someone who could insert a full
script tag (since at current it can't distinguish between
malicious and legit user js). It also would not prevent
DOM-based or reflected XSS for anons, as the nonce value
is guessable for anons when receiving a response cached
by varnish. However, the limited protection of just stopping
stored XSS where the attacker only has control of attributes,
is still a big win in my opinion. (But it wouldn't prevent
someone who has that type of xss from abusing things like
data-ooui attribute).
This will likely break many gadgets. Its expected that any
sort of rollout on Wikimedia will be done very slowly, with
lots of testing and the report-only option to begin with.
This is behind feature flags that are off by default, so
merging this patch should not cause any change in default
behaviour.
This may break some extensions (The most obvious one
is charinsert (See fe648d41005), but will probably need
some testing in report-only mode to see if anything else breaks)
This uses the unsafe-eval option of CSP, in order to
support RL's local storage thingy. For better security,
we may want to remove some of the sillier uses of eval
(e.g. jquery.ui.datepicker.js).
For more info, see spec: https://www.w3.org/TR/CSP2/
Additionally see:
https://www.mediawiki.org/wiki/Requests_for_comment/Content-Security-Policy
Bug: T135963
Change-Id: I80f6f469ba4c0b608385483457df96ccb7429ae5
2016-02-29 04:13:10 +00:00
|
|
|
Html::inlineScript( $js, $nonce ),
|
2019-04-14 01:15:55 +00:00
|
|
|
"<script$escNonce>(RLQ=window.RLQ||[]).push(function(){",
|
2016-02-18 16:33:15 +00:00
|
|
|
'});</script>'
|
2015-07-31 00:13:04 +00:00
|
|
|
);
|
2015-03-25 04:48:02 +00:00
|
|
|
}
|
|
|
|
|
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Return JS code which will set the MediaWiki configuration array to
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
* the given value.
|
|
|
|
|
*
|
2013-03-11 17:15:01 +00:00
|
|
|
* @param array $configuration List of configuration values keyed by variable name
|
2017-06-08 13:11:13 +00:00
|
|
|
* @return string JavaScript code
|
2018-10-09 20:43:56 +00:00
|
|
|
* @throws Exception
|
* Introduced Xml::encodeJsCall(), to replace the awkward repetitive code that was doing the same thing throughout the resource loader with varying degrees of security and correctness.
* Modified Xml::encodeJsVar() to allow it to pass through JS expressions without encoding, using a special object.
* In ResourceLoader::makeModuleResponse(), renamed $messages to $messagesBlob to make it clear that it's JSON-encoded, not an array.
* Fixed MessageBlobStore to store {} for an empty message array instead of [].
* In ResourceLoader::makeMessageSetScript(), fixed call to non-existent function mediaWiki.msg.set.
* For security, changed the calling convention of makeMessageSetScript() and makeLoaderImplementScript() to require explicit object construction of XmlJsCode() before interpreting their input as JS code.
* Documented several ResourceLoader static functions.
* In ResourceLoaderWikiModule, for readability, reduced the indenting level by flipping some if blocks and adding continue statements.
* In makeCustomLoaderScript(), allow non-numeric $version. The only caller I can find is already sending a non-numeric $version, presumably it was broken. Luckily there aren't any loader scripts in existence, I had to make one to test it.
* wfGetDb -> wfGetDB
* Added an extra line break in the startup module output, for readability.
* In ResourceLoaderStartUpModule::getModuleRegistrations(), fixed another assignment expression
2010-11-04 07:53:37 +00:00
|
|
|
*/
|
2016-11-08 21:03:21 +00:00
|
|
|
public static function makeConfigSetScript( array $configuration ) {
|
2019-09-10 06:07:57 +00:00
|
|
|
$json = self::encodeJsonForScript( $configuration );
|
|
|
|
|
if ( $json === false ) {
|
2018-11-07 23:04:50 +00:00
|
|
|
$e = new Exception(
|
2018-10-09 20:43:56 +00:00
|
|
|
'JSON serialization of config data failed. ' .
|
|
|
|
|
'This usually means the config data is not valid UTF-8.'
|
|
|
|
|
);
|
2018-11-07 23:04:50 +00:00
|
|
|
MWExceptionHandler::logException( $e );
|
2019-09-10 06:07:57 +00:00
|
|
|
return 'mw.log.error(' . self::encodeJsonForScript( $e->__toString() ) . ');';
|
2018-10-09 20:43:56 +00:00
|
|
|
}
|
2019-09-10 06:07:57 +00:00
|
|
|
return "mw.config.set($json);";
|
2010-09-24 22:10:25 +00:00
|
|
|
}
|
2011-05-21 17:45:20 +00:00
|
|
|
|
2011-05-05 13:46:47 +00:00
|
|
|
/**
|
|
|
|
|
* Convert an array of module names to a packed query string.
|
2011-06-17 16:05:05 +00:00
|
|
|
*
|
2018-03-01 00:23:02 +00:00
|
|
|
* For example, `[ 'foo.bar', 'foo.baz', 'bar.baz', 'bar.quux' ]`
|
|
|
|
|
* becomes `'foo.bar,baz|bar.baz,quux'`.
|
|
|
|
|
*
|
2019-04-11 20:28:53 +00:00
|
|
|
* This process is reversed by ResourceLoader::expandModuleNames().
|
2018-03-01 00:23:02 +00:00
|
|
|
* See also mw.loader#buildModulesString() which is a port of this, used
|
|
|
|
|
* on the client-side.
|
|
|
|
|
*
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param string[] $modules List of module names (strings)
|
2011-05-05 13:46:47 +00:00
|
|
|
* @return string Packed query string
|
|
|
|
|
*/
|
2019-10-05 07:38:41 +00:00
|
|
|
public static function makePackedModulesString( array $modules ) {
|
2018-03-01 00:23:02 +00:00
|
|
|
$moduleMap = []; // [ prefix => [ suffixes ] ]
|
2011-05-05 13:46:47 +00:00
|
|
|
foreach ( $modules as $module ) {
|
|
|
|
|
$pos = strrpos( $module, '.' );
|
|
|
|
|
$prefix = $pos === false ? '' : substr( $module, 0, $pos );
|
|
|
|
|
$suffix = $pos === false ? $module : substr( $module, $pos + 1 );
|
2018-03-01 00:23:02 +00:00
|
|
|
$moduleMap[$prefix][] = $suffix;
|
2011-05-05 13:46:47 +00:00
|
|
|
}
|
2011-05-21 17:45:20 +00:00
|
|
|
|
2016-02-17 09:09:32 +00:00
|
|
|
$arr = [];
|
2018-03-01 00:23:02 +00:00
|
|
|
foreach ( $moduleMap as $prefix => $suffixes ) {
|
2011-05-05 13:46:47 +00:00
|
|
|
$p = $prefix === '' ? '' : $prefix . '.';
|
|
|
|
|
$arr[] = $p . implode( ',', $suffixes );
|
|
|
|
|
}
|
2018-03-01 00:23:02 +00:00
|
|
|
return implode( '|', $arr );
|
2011-05-05 13:46:47 +00:00
|
|
|
}
|
2011-05-21 17:45:20 +00:00
|
|
|
|
2019-04-11 20:28:53 +00:00
|
|
|
/**
|
|
|
|
|
* Expand a string of the form `jquery.foo,bar|jquery.ui.baz,quux` to
|
|
|
|
|
* an array of module names like `[ 'jquery.foo', 'jquery.bar',
|
|
|
|
|
* 'jquery.ui.baz', 'jquery.ui.quux' ]`.
|
|
|
|
|
*
|
|
|
|
|
* This process is reversed by ResourceLoader::makePackedModulesString().
|
|
|
|
|
*
|
|
|
|
|
* @since 1.33
|
|
|
|
|
* @param string $modules Packed module name list
|
2020-02-21 00:26:07 +00:00
|
|
|
* @return string[] Array of module names
|
2019-04-11 20:28:53 +00:00
|
|
|
*/
|
|
|
|
|
public static function expandModuleNames( $modules ) {
|
|
|
|
|
$retval = [];
|
|
|
|
|
$exploded = explode( '|', $modules );
|
|
|
|
|
foreach ( $exploded as $group ) {
|
|
|
|
|
if ( strpos( $group, ',' ) === false ) {
|
|
|
|
|
// This is not a set of modules in foo.bar,baz notation
|
|
|
|
|
// but a single module
|
|
|
|
|
$retval[] = $group;
|
2022-06-22 01:44:17 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// This is a set of modules in foo.bar,baz notation
|
|
|
|
|
$pos = strrpos( $group, '.' );
|
|
|
|
|
if ( $pos === false ) {
|
|
|
|
|
// Prefixless modules, i.e. without dots
|
|
|
|
|
$retval = array_merge( $retval, explode( ',', $group ) );
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// We have a prefix and a bunch of suffixes
|
|
|
|
|
$prefix = substr( $group, 0, $pos ); // 'foo'
|
|
|
|
|
$suffixes = explode( ',', substr( $group, $pos + 1 ) ); // [ 'bar', 'baz' ]
|
|
|
|
|
foreach ( $suffixes as $suffix ) {
|
|
|
|
|
$retval[] = "$prefix.$suffix";
|
2019-04-11 20:28:53 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $retval;
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-05 20:36:13 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Determine whether debug mode is on.
|
|
|
|
|
*
|
|
|
|
|
* Order of priority is:
|
|
|
|
|
* - 1) Request parameter,
|
|
|
|
|
* - 2) Cookie,
|
|
|
|
|
* - 3) Site configuration.
|
|
|
|
|
*
|
2020-05-22 02:01:42 +00:00
|
|
|
* @return int
|
2010-11-05 20:36:13 +00:00
|
|
|
*/
|
|
|
|
|
public static function inDebugMode() {
|
2014-04-30 21:06:51 +00:00
|
|
|
if ( self::$debugMode === null ) {
|
2022-01-06 18:44:56 +00:00
|
|
|
global $wgRequest;
|
2022-04-10 15:34:45 +00:00
|
|
|
$resourceLoaderDebug = MediaWikiServices::getInstance()->getMainConfig()->get(
|
|
|
|
|
MainConfigNames::ResourceLoaderDebug );
|
2020-05-22 02:01:42 +00:00
|
|
|
$str = $wgRequest->getRawVal( 'debug',
|
2022-01-06 18:44:56 +00:00
|
|
|
$wgRequest->getCookie( 'resourceLoaderDebug', '', $resourceLoaderDebug ? 'true' : '' )
|
2014-04-30 21:06:51 +00:00
|
|
|
);
|
2022-05-06 09:09:56 +00:00
|
|
|
self::$debugMode = Context::debugFromString( $str );
|
2011-05-21 17:45:20 +00:00
|
|
|
}
|
2014-04-30 21:06:51 +00:00
|
|
|
return self::$debugMode;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Reset static members used for caching.
|
|
|
|
|
*
|
|
|
|
|
* Global state and $wgRequest are evil, but we're using it right
|
|
|
|
|
* now and sometimes we need to be able to force ResourceLoader to
|
|
|
|
|
* re-evaluate the context because it has changed (e.g. in the test suite).
|
2018-09-22 16:45:18 +00:00
|
|
|
*
|
|
|
|
|
* @internal For use by unit tests
|
|
|
|
|
* @codeCoverageIgnore
|
2014-04-30 21:06:51 +00:00
|
|
|
*/
|
|
|
|
|
public static function clearCache() {
|
|
|
|
|
self::$debugMode = null;
|
2010-11-05 20:36:13 +00:00
|
|
|
}
|
2011-09-13 20:36:24 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Build a load.php URL
|
2014-06-28 02:57:40 +00:00
|
|
|
*
|
|
|
|
|
* @since 1.24
|
2014-07-24 17:43:25 +00:00
|
|
|
* @param string $source Name of the ResourceLoader source
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
2014-06-28 02:57:40 +00:00
|
|
|
* @param array $extraQuery
|
2015-07-31 02:07:43 +00:00
|
|
|
* @return string URL to load.php. May be protocol-relative if $wgLoadScript is, too.
|
2014-06-28 02:57:40 +00:00
|
|
|
*/
|
2022-05-06 09:09:56 +00:00
|
|
|
public function createLoaderURL( $source, Context $context,
|
2019-10-05 07:38:41 +00:00
|
|
|
array $extraQuery = []
|
2014-06-28 02:57:40 +00:00
|
|
|
) {
|
|
|
|
|
$query = self::createLoaderQuery( $context, $extraQuery );
|
|
|
|
|
$script = $this->getLoadScript( $source );
|
|
|
|
|
|
2015-09-15 20:21:04 +00:00
|
|
|
return wfAppendQuery( $script, $query );
|
2014-06-28 02:57:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Helper for createLoaderURL()
|
|
|
|
|
*
|
|
|
|
|
* @since 1.24
|
|
|
|
|
* @see makeLoaderQuery
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
2014-06-28 02:57:40 +00:00
|
|
|
* @param array $extraQuery
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
2019-10-05 07:38:41 +00:00
|
|
|
protected static function createLoaderQuery(
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context, array $extraQuery = []
|
2019-10-05 07:38:41 +00:00
|
|
|
) {
|
2014-06-28 02:57:40 +00:00
|
|
|
return self::makeLoaderQuery(
|
|
|
|
|
$context->getModules(),
|
|
|
|
|
$context->getLanguage(),
|
|
|
|
|
$context->getSkin(),
|
|
|
|
|
$context->getUser(),
|
|
|
|
|
$context->getVersion(),
|
|
|
|
|
$context->getDebug(),
|
|
|
|
|
$context->getOnly(),
|
|
|
|
|
$context->getRequest()->getBool( 'printable' ),
|
2021-10-09 01:41:15 +00:00
|
|
|
null,
|
2014-06-28 02:57:40 +00:00
|
|
|
$extraQuery
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-13 20:36:24 +00:00
|
|
|
/**
|
|
|
|
|
* Build a query array (array representation of query string) for load.php. Helper
|
2016-07-20 19:43:54 +00:00
|
|
|
* function for createLoaderURL().
|
2013-07-01 18:01:11 +00:00
|
|
|
*
|
2020-02-21 00:26:07 +00:00
|
|
|
* @param string[] $modules
|
2013-07-01 18:01:11 +00:00
|
|
|
* @param string $lang
|
|
|
|
|
* @param string $skin
|
2018-06-26 21:14:43 +00:00
|
|
|
* @param string|null $user
|
|
|
|
|
* @param string|null $version
|
2020-05-22 02:01:42 +00:00
|
|
|
* @param int $debug
|
2018-06-26 21:14:43 +00:00
|
|
|
* @param string|null $only
|
2013-07-01 18:01:11 +00:00
|
|
|
* @param bool $printable
|
2021-10-09 01:41:15 +00:00
|
|
|
* @param bool|null $handheld Unused as of MW 1.38
|
2013-07-01 18:01:11 +00:00
|
|
|
* @param array $extraQuery
|
2011-09-13 20:36:24 +00:00
|
|
|
* @return array
|
|
|
|
|
*/
|
2019-10-05 07:38:41 +00:00
|
|
|
public static function makeLoaderQuery( array $modules, $lang, $skin, $user = null,
|
2022-05-06 09:09:56 +00:00
|
|
|
$version = null, $debug = Context::DEBUG_OFF, $only = null,
|
2021-10-09 01:41:15 +00:00
|
|
|
$printable = false, $handheld = null, array $extraQuery = []
|
2014-05-10 08:39:37 +00:00
|
|
|
) {
|
2016-02-17 09:09:32 +00:00
|
|
|
$query = [
|
2011-09-13 20:36:24 +00:00
|
|
|
'modules' => self::makePackedModulesString( $modules ),
|
2016-02-17 09:09:32 +00:00
|
|
|
];
|
2019-06-10 17:38:05 +00:00
|
|
|
// Keep urls short by omitting query parameters that
|
2022-05-06 09:09:56 +00:00
|
|
|
// match the defaults assumed by Context.
|
2019-06-10 17:38:05 +00:00
|
|
|
// Note: This relies on the defaults either being insignificant or forever constant,
|
|
|
|
|
// as otherwise cached urls could change in meaning when the defaults change.
|
2022-05-06 09:09:56 +00:00
|
|
|
if ( $lang !== Context::DEFAULT_LANG ) {
|
2019-06-10 17:38:05 +00:00
|
|
|
$query['lang'] = $lang;
|
|
|
|
|
}
|
2022-05-06 09:09:56 +00:00
|
|
|
if ( $skin !== Context::DEFAULT_SKIN ) {
|
2019-06-10 17:38:05 +00:00
|
|
|
$query['skin'] = $skin;
|
|
|
|
|
}
|
2022-05-06 09:09:56 +00:00
|
|
|
if ( $debug !== Context::DEBUG_OFF ) {
|
2020-05-22 02:01:42 +00:00
|
|
|
$query['debug'] = strval( $debug );
|
2019-03-08 20:37:12 +00:00
|
|
|
}
|
2011-09-13 20:36:24 +00:00
|
|
|
if ( $user !== null ) {
|
|
|
|
|
$query['user'] = $user;
|
|
|
|
|
}
|
|
|
|
|
if ( $version !== null ) {
|
|
|
|
|
$query['version'] = $version;
|
|
|
|
|
}
|
|
|
|
|
if ( $only !== null ) {
|
|
|
|
|
$query['only'] = $only;
|
|
|
|
|
}
|
|
|
|
|
if ( $printable ) {
|
|
|
|
|
$query['printable'] = 1;
|
|
|
|
|
}
|
|
|
|
|
$query += $extraQuery;
|
2011-10-14 08:06:54 +00:00
|
|
|
|
2011-09-13 20:36:24 +00:00
|
|
|
// Make queries uniform in order
|
|
|
|
|
ksort( $query );
|
|
|
|
|
return $query;
|
|
|
|
|
}
|
2012-05-09 21:10:33 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check a module name for validity.
|
|
|
|
|
*
|
|
|
|
|
* Module names may not contain pipes (|), commas (,) or exclamation marks (!) and can be
|
|
|
|
|
* at most 255 bytes.
|
|
|
|
|
*
|
2013-03-11 17:15:01 +00:00
|
|
|
* @param string $moduleName Module name to check
|
2012-05-09 21:10:33 +00:00
|
|
|
* @return bool Whether $moduleName is a valid module name
|
|
|
|
|
*/
|
|
|
|
|
public static function isValidModuleName( $moduleName ) {
|
2020-10-03 15:09:40 +00:00
|
|
|
$len = strlen( $moduleName );
|
|
|
|
|
return $len <= 255 && strcspn( $moduleName, '!,|', 0, $len ) === $len;
|
2012-05-09 21:10:33 +00:00
|
|
|
}
|
2013-09-28 07:40:03 +00:00
|
|
|
|
|
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Return a LESS compiler that is set up for use with MediaWiki.
|
2013-09-28 07:40:03 +00:00
|
|
|
*
|
2016-01-08 22:09:36 +00:00
|
|
|
* @since 1.27
|
2018-04-10 22:35:49 +00:00
|
|
|
* @param array $vars Associative array of variables that should be used
|
|
|
|
|
* for compilation. Since 1.32, this method no longer automatically includes
|
|
|
|
|
* global LESS vars from ResourceLoader::getLessVars (T191937).
|
2018-05-20 18:32:57 +00:00
|
|
|
* @param array $importDirs Additional directories to look in for @import (since 1.36)
|
2015-09-10 22:22:13 +00:00
|
|
|
* @return Less_Parser
|
2013-09-28 07:40:03 +00:00
|
|
|
*/
|
2018-05-20 18:32:57 +00:00
|
|
|
public function getLessCompiler( array $vars = [], array $importDirs = [] ) {
|
2018-05-19 18:37:21 +00:00
|
|
|
global $IP;
|
2013-10-14 01:34:58 +00:00
|
|
|
// When called from the installer, it is possible that a required PHP extension
|
2017-02-20 22:44:19 +00:00
|
|
|
// is missing (at least for now; see T49564). If this is the case, throw an
|
2013-10-14 01:34:58 +00:00
|
|
|
// exception (caught by the installer) to prevent a fatal error later on.
|
2021-04-08 19:17:42 +00:00
|
|
|
if ( !class_exists( Less_Parser::class ) ) {
|
2023-04-11 01:47:45 +00:00
|
|
|
throw new RuntimeException( 'MediaWiki requires the less.php parser' );
|
2013-10-14 01:34:58 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-20 18:32:57 +00:00
|
|
|
$importDirs[] = "$IP/resources/src/mediawiki.less";
|
|
|
|
|
|
2015-09-10 22:22:13 +00:00
|
|
|
$parser = new Less_Parser;
|
2018-04-10 22:35:49 +00:00
|
|
|
$parser->ModifyVars( $vars );
|
2015-09-10 22:22:13 +00:00
|
|
|
$parser->SetOption( 'relativeUrls', false );
|
|
|
|
|
|
2023-02-07 00:46:33 +00:00
|
|
|
// SetImportDirs expects an array like [ 'path1' => '', 'path2' => '' ]
|
|
|
|
|
$formattedImportDirs = array_fill_keys( $importDirs, '' );
|
|
|
|
|
// Add a callback to the import dirs array for path remapping
|
|
|
|
|
$formattedImportDirs[] = static function ( $path ) {
|
|
|
|
|
global $IP;
|
|
|
|
|
$importMap = [
|
|
|
|
|
'@wikimedia/codex-icons/' => "$IP/resources/lib/codex-icons/",
|
|
|
|
|
'mediawiki.skin.codex-design-tokens/' => "$IP/resources/lib/codex-design-tokens/",
|
2023-02-18 06:49:54 +00:00
|
|
|
'@wikimedia/codex-design-tokens/' => /** @return never */ static function ( $unused_path ) {
|
2023-04-11 01:47:45 +00:00
|
|
|
throw new RuntimeException(
|
2023-02-18 06:49:54 +00:00
|
|
|
'Importing from @wikimedia/codex-design-tokens is not supported. ' .
|
|
|
|
|
"To use the Codex tokens, use `@import 'mediawiki.skin.variables.less';` instead."
|
|
|
|
|
);
|
|
|
|
|
}
|
2023-02-07 00:46:33 +00:00
|
|
|
];
|
|
|
|
|
foreach ( $importMap as $importPath => $substPath ) {
|
2023-03-30 16:53:24 +00:00
|
|
|
if ( str_starts_with( $path, $importPath ) ) {
|
2023-02-07 00:46:33 +00:00
|
|
|
$restOfPath = substr( $path, strlen( $importPath ) );
|
2023-02-18 06:49:54 +00:00
|
|
|
if ( is_callable( $substPath ) ) {
|
|
|
|
|
$resolvedPath = call_user_func( $substPath, $restOfPath );
|
|
|
|
|
} else {
|
|
|
|
|
$filePath = $substPath . $restOfPath;
|
2023-02-07 00:46:33 +00:00
|
|
|
|
2023-02-18 06:49:54 +00:00
|
|
|
$resolvedPath = null;
|
|
|
|
|
if ( file_exists( $filePath ) ) {
|
|
|
|
|
$resolvedPath = $filePath;
|
|
|
|
|
} elseif ( file_exists( "$filePath.less" ) ) {
|
|
|
|
|
$resolvedPath = "$filePath.less";
|
|
|
|
|
}
|
2023-02-07 00:46:33 +00:00
|
|
|
}
|
2023-02-18 06:49:54 +00:00
|
|
|
|
2023-02-07 00:46:33 +00:00
|
|
|
if ( $resolvedPath !== null ) {
|
|
|
|
|
return [
|
|
|
|
|
Less_Environment::normalizePath( $resolvedPath ),
|
|
|
|
|
Less_Environment::normalizePath( dirname( $path ) )
|
|
|
|
|
];
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return [ null, null ];
|
|
|
|
|
};
|
|
|
|
|
$parser->SetImportDirs( $formattedImportDirs );
|
|
|
|
|
|
2015-09-10 22:22:13 +00:00
|
|
|
return $parser;
|
2013-09-28 07:40:03 +00:00
|
|
|
}
|
2020-02-06 20:24:56 +00:00
|
|
|
|
resourceloader: Fix debug mode for RL-to-RL cross-wiki module loads
The native "foreign module source" feature, as used by the GlobalCssJs
extension, did not work correctly in debug mode as the urls returned
by the remote wiki were formatted as "/w/load.php...", which would
be interpreted by the browser relative to the host document, instead
of relative to the parent script.
For example:
1. Page view on en.wikipedia.org.
2. Script call to
meta.wikimedia.org/w/load.php?debug=true&modules=ext.globalCssJs.user&user
This URL is formatted by getScriptURLsForDebug on en.wikipedia.org,
when building the article HTML. It knows the modules is on Meta, and
formats it as such.
So far so good.
3. meta.wikimedia.org responds with an array of urls for sub resources.
That array contained URLs like "/w/load.php...only=scripts".
These were formatted by getScriptURLsForDebug running on Meta,
no longer with a reason to make it a Meta-Wiki URL as it isn't
perceived as cross-wiki. It is indistinguishable from debugging
a Meta-Wiki page view from its perspective.
This patch affects scenario 3 by always expanding it relative to the
current-request's wgServer. We still only do this in debug mode. There
is not yet a need to do this in non-debug mode, and if there was we'd
likely want to find a way to avoid it in the common case to keep
embedded URLs short.
The ResourceLoader::expandUrl() method is similar to the one in
Wikimedia\Minify\CSSMin.
Test Plan:
* view-source:http://mw.localhost:8080/w/load.php?debug=1&modules=site
For Module base class.
Before, the array entries were relative. After, they are full.
* view-source:http://mw.localhost:8080/w/load.php?debug=1&modules=jquery
For FileModule.
Before, the array entries were relative. After, they are full.
* view-source:http://mw.localhost:8080/wiki/Main_Page?debug=true
Unchanged.
* view-source:http://mw.localhost:8080/wiki/Main_Page
Unchanged.
Bug: T255367
Change-Id: I83919744b2677c7fb52b84089ecc60b89957d32a
2021-08-25 02:36:25 +00:00
|
|
|
/**
|
|
|
|
|
* Resolve a possibly relative URL against a base URL.
|
|
|
|
|
*
|
|
|
|
|
* The base URL must have a server and should have a protocol.
|
|
|
|
|
* A protocol-relative base expands to HTTPS.
|
|
|
|
|
*
|
2023-05-30 17:46:07 +00:00
|
|
|
* This is a standalone version of MediaWiki's UrlUtils::expand (T32956).
|
resourceloader: Fix debug mode for RL-to-RL cross-wiki module loads
The native "foreign module source" feature, as used by the GlobalCssJs
extension, did not work correctly in debug mode as the urls returned
by the remote wiki were formatted as "/w/load.php...", which would
be interpreted by the browser relative to the host document, instead
of relative to the parent script.
For example:
1. Page view on en.wikipedia.org.
2. Script call to
meta.wikimedia.org/w/load.php?debug=true&modules=ext.globalCssJs.user&user
This URL is formatted by getScriptURLsForDebug on en.wikipedia.org,
when building the article HTML. It knows the modules is on Meta, and
formats it as such.
So far so good.
3. meta.wikimedia.org responds with an array of urls for sub resources.
That array contained URLs like "/w/load.php...only=scripts".
These were formatted by getScriptURLsForDebug running on Meta,
no longer with a reason to make it a Meta-Wiki URL as it isn't
perceived as cross-wiki. It is indistinguishable from debugging
a Meta-Wiki page view from its perspective.
This patch affects scenario 3 by always expanding it relative to the
current-request's wgServer. We still only do this in debug mode. There
is not yet a need to do this in non-debug mode, and if there was we'd
likely want to find a way to avoid it in the common case to keep
embedded URLs short.
The ResourceLoader::expandUrl() method is similar to the one in
Wikimedia\Minify\CSSMin.
Test Plan:
* view-source:http://mw.localhost:8080/w/load.php?debug=1&modules=site
For Module base class.
Before, the array entries were relative. After, they are full.
* view-source:http://mw.localhost:8080/w/load.php?debug=1&modules=jquery
For FileModule.
Before, the array entries were relative. After, they are full.
* view-source:http://mw.localhost:8080/wiki/Main_Page?debug=true
Unchanged.
* view-source:http://mw.localhost:8080/wiki/Main_Page
Unchanged.
Bug: T255367
Change-Id: I83919744b2677c7fb52b84089ecc60b89957d32a
2021-08-25 02:36:25 +00:00
|
|
|
*
|
|
|
|
|
* @internal For use by core ResourceLoader classes only
|
|
|
|
|
* @param string $base
|
|
|
|
|
* @param string $url
|
|
|
|
|
* @return string URL
|
|
|
|
|
*/
|
|
|
|
|
public function expandUrl( string $base, string $url ): string {
|
|
|
|
|
// Net_URL2::resolve() doesn't allow protocol-relative URLs, but we do.
|
|
|
|
|
$isProtoRelative = strpos( $base, '//' ) === 0;
|
|
|
|
|
if ( $isProtoRelative ) {
|
|
|
|
|
$base = "https:$base";
|
|
|
|
|
}
|
|
|
|
|
// Net_URL2::resolve() takes care of throwing if $base doesn't have a server.
|
|
|
|
|
$baseUrl = new Net_URL2( $base );
|
|
|
|
|
$ret = $baseUrl->resolve( $url );
|
|
|
|
|
if ( $isProtoRelative ) {
|
|
|
|
|
$ret->setScheme( false );
|
|
|
|
|
}
|
|
|
|
|
return $ret->getURL();
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-12 23:04:44 +00:00
|
|
|
/**
|
|
|
|
|
* Run JavaScript or CSS data through a filter, caching the filtered result for future calls.
|
|
|
|
|
*
|
|
|
|
|
* Available filters are:
|
|
|
|
|
*
|
|
|
|
|
* - minify-js
|
|
|
|
|
* - minify-css
|
|
|
|
|
*
|
|
|
|
|
* If $data is empty, only contains whitespace or the filter was unknown,
|
|
|
|
|
* $data is returned unmodified.
|
|
|
|
|
*
|
|
|
|
|
* @param string $filter Name of filter to run
|
|
|
|
|
* @param string $data Text to filter, such as JavaScript or CSS text
|
|
|
|
|
* @param array<string,bool> $options Keys:
|
|
|
|
|
* - (bool) cache: Whether to allow caching this data. Default: true.
|
|
|
|
|
* @return string Filtered data or unfiltered data
|
|
|
|
|
*/
|
|
|
|
|
public static function filter( $filter, $data, array $options = [] ) {
|
|
|
|
|
if ( strpos( $data, self::FILTER_NOMIN ) !== false ) {
|
|
|
|
|
return $data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( isset( $options['cache'] ) && $options['cache'] === false ) {
|
|
|
|
|
return self::applyFilter( $filter, $data ) ?? $data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$stats = MediaWikiServices::getInstance()->getStatsdDataFactory();
|
|
|
|
|
$cache = ObjectCache::getLocalServerInstance( CACHE_ANYTHING );
|
|
|
|
|
|
|
|
|
|
$key = $cache->makeGlobalKey(
|
|
|
|
|
'resourceloader-filter',
|
|
|
|
|
$filter,
|
|
|
|
|
self::CACHE_VERSION,
|
|
|
|
|
md5( $data )
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$incKey = "resourceloader_cache.$filter.hit";
|
|
|
|
|
$result = $cache->getWithSetCallback(
|
|
|
|
|
$key,
|
|
|
|
|
BagOStuff::TTL_DAY,
|
|
|
|
|
function () use ( $filter, $data, &$incKey ) {
|
|
|
|
|
$incKey = "resourceloader_cache.$filter.miss";
|
|
|
|
|
return self::applyFilter( $filter, $data );
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
$stats->increment( $incKey );
|
|
|
|
|
|
2022-12-22 07:17:13 +00:00
|
|
|
// Use $data on cache failure
|
|
|
|
|
return $result ?? $data;
|
2022-05-12 23:04:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param string $filter
|
|
|
|
|
* @param string $data
|
|
|
|
|
* @return string|null
|
|
|
|
|
*/
|
|
|
|
|
private static function applyFilter( $filter, $data ) {
|
|
|
|
|
$data = trim( $data );
|
|
|
|
|
if ( $data ) {
|
|
|
|
|
try {
|
|
|
|
|
$data = ( $filter === 'minify-css' )
|
|
|
|
|
? CSSMin::minify( $data )
|
|
|
|
|
: JavaScriptMinifier::minify( $data );
|
|
|
|
|
} catch ( TimeoutException $e ) {
|
|
|
|
|
throw $e;
|
|
|
|
|
} catch ( Exception $e ) {
|
|
|
|
|
MWExceptionHandler::logException( $e );
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $data;
|
|
|
|
|
}
|
|
|
|
|
|
resourceloader: Bundle `user.defaults` as part of `mediawiki.base`
== Background ==
The `user.options` module is private, and thus has to be embedded in
the page HTML. This data is quite large. For example, on enwiki the
finalized mw.user.options object is about 3KB serialized/compressed
(7KB uncompressed).
The `user.defaults` module is an implementation detail of
`user.options`, and was created to accomplish mainly two things:
* Save significant data transfers by allowing it to be cached
client-side without being part of the article.
* Ensure consistency between articles and allow faster deployment of
changes, by not being part of the cacheable article HTML.
All our pageviews already load `user.defaults`, as a dependency of
the popular `mediawiki.api` and `mediawiki.user` modules. These are
used by `mediawiki.page.ready` (queued on all pages), and on Wikipedia
these are also loaded on all pages by ULS, VisualEditor, EventLogging,
and more.
As such, in practice, bundling "user.defaults" with "mediawiki.base"
will not cause the data to be loaded more often than before.
== What ==
* Add virtual "user.json" package file with the same data that
was previously exported by ResourceLoaderUserDefaultsModule,
and pass it to mw.user.options.set() from base module's entry point.
An alternative way would be to use a "user.js" file, which would
return a generated "mw.user.options.set()" expression. I went
for exporting it as JSON for improved maintainability (reducing
the amount of JS code written in PHP), and because it performs
slightly better. The JS file would implicitly come with a file
closure (tiny bit more bytes), and would then be lazy executed
(tiny bit more time).
The chosen approach allows the browser to compile the JSON
off-the-main-thread ahead of time while the module response downloads.
Then when the module executes, we can reference the JSON object
and use it directly.
* Update internal dependency from `user.options`.
* Remove `user.defaults` module without deprecation. It is an internal
module with no direct use anywhere in Git (Codeseach), and no use
anywhere on-wiki (Global Search).
Change-Id: Id3916f94f75078808951863dea2b3a9c71b0e30c
2021-09-10 21:13:06 +00:00
|
|
|
/**
|
|
|
|
|
* Get user default options to expose to JavaScript on all pages via `mw.user.options`.
|
|
|
|
|
*
|
|
|
|
|
* @internal Exposed for use from Resources.php
|
2022-06-27 16:06:15 +00:00
|
|
|
*
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
2022-06-27 16:06:15 +00:00
|
|
|
* @param HookContainer $hookContainer
|
|
|
|
|
* @param UserOptionsLookup $userOptionsLookup
|
|
|
|
|
*
|
resourceloader: Bundle `user.defaults` as part of `mediawiki.base`
== Background ==
The `user.options` module is private, and thus has to be embedded in
the page HTML. This data is quite large. For example, on enwiki the
finalized mw.user.options object is about 3KB serialized/compressed
(7KB uncompressed).
The `user.defaults` module is an implementation detail of
`user.options`, and was created to accomplish mainly two things:
* Save significant data transfers by allowing it to be cached
client-side without being part of the article.
* Ensure consistency between articles and allow faster deployment of
changes, by not being part of the cacheable article HTML.
All our pageviews already load `user.defaults`, as a dependency of
the popular `mediawiki.api` and `mediawiki.user` modules. These are
used by `mediawiki.page.ready` (queued on all pages), and on Wikipedia
these are also loaded on all pages by ULS, VisualEditor, EventLogging,
and more.
As such, in practice, bundling "user.defaults" with "mediawiki.base"
will not cause the data to be loaded more often than before.
== What ==
* Add virtual "user.json" package file with the same data that
was previously exported by ResourceLoaderUserDefaultsModule,
and pass it to mw.user.options.set() from base module's entry point.
An alternative way would be to use a "user.js" file, which would
return a generated "mw.user.options.set()" expression. I went
for exporting it as JSON for improved maintainability (reducing
the amount of JS code written in PHP), and because it performs
slightly better. The JS file would implicitly come with a file
closure (tiny bit more bytes), and would then be lazy executed
(tiny bit more time).
The chosen approach allows the browser to compile the JSON
off-the-main-thread ahead of time while the module response downloads.
Then when the module executes, we can reference the JSON object
and use it directly.
* Update internal dependency from `user.options`.
* Remove `user.defaults` module without deprecation. It is an internal
module with no direct use anywhere in Git (Codeseach), and no use
anywhere on-wiki (Global Search).
Change-Id: Id3916f94f75078808951863dea2b3a9c71b0e30c
2021-09-10 21:13:06 +00:00
|
|
|
* @return array
|
|
|
|
|
*/
|
2022-06-27 16:06:15 +00:00
|
|
|
public static function getUserDefaults(
|
|
|
|
|
Context $context,
|
|
|
|
|
HookContainer $hookContainer,
|
|
|
|
|
UserOptionsLookup $userOptionsLookup
|
|
|
|
|
): array {
|
|
|
|
|
$defaultOptions = $userOptionsLookup->getDefaultOptions();
|
2022-01-10 04:13:43 +00:00
|
|
|
$keysToExclude = [];
|
2022-06-27 16:06:15 +00:00
|
|
|
$hookRunner = new HookRunner( $hookContainer );
|
2022-01-10 04:13:43 +00:00
|
|
|
$hookRunner->onResourceLoaderExcludeUserOptions( $keysToExclude, $context );
|
|
|
|
|
foreach ( $keysToExclude as $excludedKey ) {
|
|
|
|
|
unset( $defaultOptions[ $excludedKey ] );
|
|
|
|
|
}
|
|
|
|
|
return $defaultOptions;
|
resourceloader: Bundle `user.defaults` as part of `mediawiki.base`
== Background ==
The `user.options` module is private, and thus has to be embedded in
the page HTML. This data is quite large. For example, on enwiki the
finalized mw.user.options object is about 3KB serialized/compressed
(7KB uncompressed).
The `user.defaults` module is an implementation detail of
`user.options`, and was created to accomplish mainly two things:
* Save significant data transfers by allowing it to be cached
client-side without being part of the article.
* Ensure consistency between articles and allow faster deployment of
changes, by not being part of the cacheable article HTML.
All our pageviews already load `user.defaults`, as a dependency of
the popular `mediawiki.api` and `mediawiki.user` modules. These are
used by `mediawiki.page.ready` (queued on all pages), and on Wikipedia
these are also loaded on all pages by ULS, VisualEditor, EventLogging,
and more.
As such, in practice, bundling "user.defaults" with "mediawiki.base"
will not cause the data to be loaded more often than before.
== What ==
* Add virtual "user.json" package file with the same data that
was previously exported by ResourceLoaderUserDefaultsModule,
and pass it to mw.user.options.set() from base module's entry point.
An alternative way would be to use a "user.js" file, which would
return a generated "mw.user.options.set()" expression. I went
for exporting it as JSON for improved maintainability (reducing
the amount of JS code written in PHP), and because it performs
slightly better. The JS file would implicitly come with a file
closure (tiny bit more bytes), and would then be lazy executed
(tiny bit more time).
The chosen approach allows the browser to compile the JSON
off-the-main-thread ahead of time while the module response downloads.
Then when the module executes, we can reference the JSON object
and use it directly.
* Update internal dependency from `user.options`.
* Remove `user.defaults` module without deprecation. It is an internal
module with no direct use anywhere in Git (Codeseach), and no use
anywhere on-wiki (Global Search).
Change-Id: Id3916f94f75078808951863dea2b3a9c71b0e30c
2021-09-10 21:13:06 +00:00
|
|
|
}
|
|
|
|
|
|
2020-02-06 20:24:56 +00:00
|
|
|
/**
|
2020-02-21 00:26:07 +00:00
|
|
|
* Get site configuration settings to expose to JavaScript on all pages via `mw.config`.
|
|
|
|
|
*
|
2020-02-06 20:24:56 +00:00
|
|
|
* @internal Exposed for use from Resources.php
|
2022-05-06 09:09:56 +00:00
|
|
|
* @param Context $context
|
2020-02-06 20:24:56 +00:00
|
|
|
* @param Config $conf
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public static function getSiteConfigSettings(
|
2022-05-06 09:09:56 +00:00
|
|
|
Context $context, Config $conf
|
2021-07-22 03:11:47 +00:00
|
|
|
): array {
|
2023-05-06 20:01:10 +00:00
|
|
|
$services = MediaWikiServices::getInstance();
|
2020-02-21 00:26:07 +00:00
|
|
|
// Namespace related preparation
|
|
|
|
|
// - wgNamespaceIds: Key-value pairs of all localized, canonical and aliases for namespaces.
|
|
|
|
|
// - wgCaseSensitiveNamespaces: Array of namespaces that are case-sensitive.
|
2023-05-06 20:01:10 +00:00
|
|
|
$contLang = $services->getContentLanguage();
|
2020-02-06 20:24:56 +00:00
|
|
|
$namespaceIds = $contLang->getNamespaceIds();
|
|
|
|
|
$caseSensitiveNamespaces = [];
|
2023-05-06 20:01:10 +00:00
|
|
|
$nsInfo = $services->getNamespaceInfo();
|
2020-02-06 20:24:56 +00:00
|
|
|
foreach ( $nsInfo->getCanonicalNamespaces() as $index => $name ) {
|
|
|
|
|
$namespaceIds[$contLang->lc( $name )] = $index;
|
|
|
|
|
if ( !$nsInfo->isCapitalized( $index ) ) {
|
|
|
|
|
$caseSensitiveNamespaces[] = $index;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-10 15:34:45 +00:00
|
|
|
$illegalFileChars = $conf->get( MainConfigNames::IllegalFileChars );
|
2020-02-06 20:24:56 +00:00
|
|
|
|
|
|
|
|
// Build list of variables
|
|
|
|
|
$skin = $context->getSkin();
|
|
|
|
|
|
|
|
|
|
// Start of supported and stable config vars (for use by extensions/gadgets).
|
|
|
|
|
$vars = [
|
|
|
|
|
'debug' => $context->getDebug(),
|
|
|
|
|
'skin' => $skin,
|
2022-04-10 15:34:45 +00:00
|
|
|
'stylepath' => $conf->get( MainConfigNames::StylePath ),
|
|
|
|
|
'wgArticlePath' => $conf->get( MainConfigNames::ArticlePath ),
|
|
|
|
|
'wgScriptPath' => $conf->get( MainConfigNames::ScriptPath ),
|
|
|
|
|
'wgScript' => $conf->get( MainConfigNames::Script ),
|
|
|
|
|
'wgSearchType' => $conf->get( MainConfigNames::SearchType ),
|
|
|
|
|
'wgVariantArticlePath' => $conf->get( MainConfigNames::VariantArticlePath ),
|
|
|
|
|
'wgServer' => $conf->get( MainConfigNames::Server ),
|
|
|
|
|
'wgServerName' => $conf->get( MainConfigNames::ServerName ),
|
2020-02-06 20:24:56 +00:00
|
|
|
'wgUserLanguage' => $context->getLanguage(),
|
|
|
|
|
'wgContentLanguage' => $contLang->getCode(),
|
2020-02-25 01:33:18 +00:00
|
|
|
'wgVersion' => MW_VERSION,
|
2020-02-06 20:24:56 +00:00
|
|
|
'wgFormattedNamespaces' => $contLang->getFormattedNamespaces(),
|
|
|
|
|
'wgNamespaceIds' => $namespaceIds,
|
|
|
|
|
'wgContentNamespaces' => $nsInfo->getContentNamespaces(),
|
2022-04-10 15:34:45 +00:00
|
|
|
'wgSiteName' => $conf->get( MainConfigNames::Sitename ),
|
|
|
|
|
'wgDBname' => $conf->get( MainConfigNames::DBname ),
|
2020-03-03 15:59:33 +00:00
|
|
|
'wgWikiID' => WikiMap::getCurrentWikiId(),
|
2020-02-06 20:24:56 +00:00
|
|
|
'wgCaseSensitiveNamespaces' => $caseSensitiveNamespaces,
|
|
|
|
|
'wgCommentCodePointLimit' => CommentStore::COMMENT_CHARACTER_LIMIT,
|
2022-04-10 15:34:45 +00:00
|
|
|
'wgExtensionAssetsPath' => $conf->get( MainConfigNames::ExtensionAssetsPath ),
|
2020-02-06 20:24:56 +00:00
|
|
|
];
|
|
|
|
|
// End of stable config vars.
|
|
|
|
|
|
|
|
|
|
// Internal variables for use by MediaWiki core and/or ResourceLoader.
|
|
|
|
|
$vars += [
|
|
|
|
|
// @internal For mediawiki.widgets
|
|
|
|
|
'wgUrlProtocols' => wfUrlProtocols(),
|
|
|
|
|
// @internal For mediawiki.page.watch
|
|
|
|
|
// Force object to avoid "empty" associative array from
|
|
|
|
|
// becoming [] instead of {} in JS (T36604)
|
2022-04-10 15:34:45 +00:00
|
|
|
'wgActionPaths' => (object)$conf->get( MainConfigNames::ActionPaths ),
|
2020-02-06 20:24:56 +00:00
|
|
|
// @internal For mediawiki.language
|
2022-04-10 15:34:45 +00:00
|
|
|
'wgTranslateNumerals' => $conf->get( MainConfigNames::TranslateNumerals ),
|
2020-02-06 20:24:56 +00:00
|
|
|
// @internal For mediawiki.Title
|
2022-04-10 15:34:45 +00:00
|
|
|
'wgExtraSignatureNamespaces' => $conf->get( MainConfigNames::ExtraSignatureNamespaces ),
|
2020-02-06 20:24:56 +00:00
|
|
|
'wgLegalTitleChars' => Title::convertByteClassToUnicodeClass( Title::legalChars() ),
|
|
|
|
|
'wgIllegalFileChars' => Title::convertByteClassToUnicodeClass( $illegalFileChars ),
|
|
|
|
|
];
|
|
|
|
|
|
2023-05-11 18:51:19 +00:00
|
|
|
( new HookRunner( $services->getHookContainer() ) )
|
2023-05-06 20:01:10 +00:00
|
|
|
->onResourceLoaderGetConfigVars( $vars, $skin, $conf );
|
2020-02-06 20:24:56 +00:00
|
|
|
|
|
|
|
|
return $vars;
|
|
|
|
|
}
|
2023-03-31 02:05:27 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @internal For testing
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public function getErrors() {
|
|
|
|
|
return $this->errors;
|
|
|
|
|
}
|
2010-09-17 11:45:49 +00:00
|
|
|
}
|
2022-05-06 09:09:56 +00:00
|
|
|
|
|
|
|
|
class_alias( ResourceLoader::class, 'ResourceLoader' );
|
