SoC dynamic feeds
Geeklog supports reading (importing) and creating (exporting) feeds in various formats, including RSS 2.0 and Atom. The contents of a feed created by Geeklog are written to files.
Since there is no access control on the feed files, Geeklog can currently only provide feeds for items that are visible for anonymous visitors of a site.
The main goal of this project would be to implement dynamic feeds with access control. In other words, the feed should be created on request and should only contain items for which the consumer can provide proper authentication.
The dynamic nature of a feed is a requirement to be able to deliver items for which authentication is required. However, once dynamic feeds are available, it would be possible to also provide feeds that were not possible before, e.g.
- feeds for search results
- feeds for the moderation queues
- a feed for the What's New block
- a New Users feed
... and many other things.
Dynamic feeds could, however, introduce load issues. Considerations must be made to reduce database requests (caching?). The dynamic feed should also produce proper Last-Modified and ETag headers to support conditional GET requests and thus reduce site traffic.
To be able to provide feeds for items with restricted access, dynamic feeds should - optionally - be able to ask the consumer (typically the feed reader) for authentication.
To review: What's the best solution for authentication? Possible options include
- HTTP authentication
- tokens as part of the feed URL
The student should invest some time here and compare solutions in other systems and services. Since Geeklog has a traditional focus on security, we would prefer a solution that can not easily be circumvented.
The existing syndication APIs were created with the file-based feeds in mind. The APIs have to be reviewed and updated. Compatibility with existing add-ons needs to be considered. Any plugin changes or new APIs will have to be documented.
- Some feeds will be available with and without access control, e.g. feeds for new stories. When creating such a feed, an option must be provided to create the feed with or without the need for authentication.
- To consider: Should we keep the old file-based feeds? Ideally, dynamic feeds should be able to completely replace the feed files (at least for feeds built into Geeklog - what about plugin feeds?). If feed files are replaced with dynamic feeds, a migration path must be provided, i.e. automatically create dynamic feeds for existing file-based feeds and provide instructions to redirect requests to the feed files to the new feeds.
Any API changes for this functionality must be compatible with older revisions of the API so that plugins that use the old API continue to work as before. So API changes should either be backward-compatible or a new API must be established.
Level of Difficulty
Some time will be required to understand the current feed API. Some research will have to be done for proper authentication and considerations regarding the server load.
Possible mentor: Dirk Haun