This post is part of the IndieWeb Challenge to ship something every day of December!
Today I worked on the long-standing project to upgrade our wiki to a recent MediaWiki version.
I started by taking a snapshot of the database and restoring it to my laptop, then installed the latest MediaWiki version there. After running through the MediaWiki upgrade scripts, I had to test each extension we use, and either update it or drop it. I documented this progress on the upgrade page, and trimmed down the extension list to just the ones we absolutely need. I published these in a new repository so they're now tracked in version control: https://github.com/indieweb/mediawiki-extensions
New Wiki Login
One of the major sticking points of the upgrade was needing to redo the IndieAuth extension, since there have been some major changes to the internal auth mechanism of MediaWiki over the years. I was not looking forward to writing that code again, so I went with a completely different approach this time. Instead of writing any MediaWiki code, I installed the (well-maintained) Auth remoteuser extension, which just expects an environment variable to be set with the user that's logged in. Typically this is used with HTTP Basic Auth, but any mechanism that sets the environment variable will work.
I paired this with an nginx module Lasso designed to work with any OAuth or IndieAuth-compatible API. I pointed the proxy at indieauth.com so the actual authentication logic is delegated there. I got the whole thing running on my laptop after a bit of fiddling. It's pretty slick. The wiki login/logout links are replaced by redirects to the proxy, which seamlessly redirect you to indieauth.com. Overall this should not be a hugely different experience to the end user. Below is a screen recording of the flow. (Ignore the 404 not found page at the end, that's a glitch in my local environment.)
What you don't see happening is that clicking on the log in link actually takes you to
sso.indieweb.org, which redirects to
indieauth.com, which then redirects back to
sso.indieweb.org and then back to the wiki. It happens all very quickly!
This also means that the cookie is set on *.indieweb.org, so it will be available to every other subdomain, so I can eventually make the chat logs know who you are when you're logged in to the wiki! This will become even more important once I set up Calagator for our events.
You can try out this flow right now, since I launched it on the server. Right now only a test domain is using it, events.indieweb.org. It just has a simple log in/log out link, but it's enough to demonstrate the functionality!
Since I'm about to do something drastic -- update MediaWiki -- it is always a good idea to have backups! For a while I've had a text dump of the wiki available via rsync (details here), but I wanted something that felt a little more robust as well. Today I set up that workflow to also commit all the changes to a git repo and push to GitHub! Since it's git, it means it will retain all versions of edits rather than clobbering the pages and even potentially deleting pages.
If you're interested in helping keep a backup copy of the wiki, you can set up an automatic process to clone this repo! github.com/indieweb/wiki I'm hoping that by having it available on GitHub, it's easier for more people to help back it up. An added bonus is you'll have an offline-copy of the wiki you can browse locally! (Just make sure you clone it to a case-sensitive filesystem!)