SoC dynamic feeds
Contents
Introduction
Geeklog supports reading (importing) and creating (exporting) feeds in various formats, including RSS 2.0 and Atom. The contents of a feed created by Geeklog are written to files.
Since there is no access control on the feed files, Geeklog can currently only provide feeds for items that are visible for anonymous visitors of a site.
Incentive
The main goal of this project would be to implement dynamic feeds with access control. In other words, the feed should be created on request and should only contain items for which the consumer can provide proper authentication.
Details
Dynamic Feeds
The dynamic nature of a feed is a requirement to be able to deliver items for which authentication is required. However, once dynamic feeds are available, it would be possible to also provide feeds that were not possible before, e.g.
- feeds for search results
- feeds for the moderation queues
- a feed for the What's New block
- a New Users feed
... and many other things.
Load Issues
Dynamic feeds could, however, introduce load issues. Considerations must be made to reduce database requests (caching?). The dynamic feed should also produce proper Last-Modified and ETag headers to support conditional GET requests and thus reduce site traffic.
Access Control
To be able to provide feeds for items with restricted access, dynamic feeds should - optionally - be able to ask the consumer (typically the feed reader) for authentication.
To review: What's the best solution for authentication? Possible options include
- HTTP authentication
- tokens as part of the feed URL
The student should invest some time here and compare solutions in other systems and services. Since Geeklog has a traditional focus on security, we would prefer a solution that can not easily be circumvented.
API
The existing syndication APIs were created with the file-based feeds in mind. The APIs have to be reviewed and updated. Compatibility with existing add-ons needs to be considered. Any plugin changes or new APIs will have to be documented.
Miscellaneous
- Some feeds will be available with and without access control, e.g. feeds for new stories. When creating such a feed, an option must be provided to create the feed with or without the need for authentication.
- To consider: Should we keep the old file-based feeds? Ideally, dynamic feeds should be able to completely replace the feed files (at least for feeds built into Geeklog - what about plugin feeds?). If feed files are replaced with dynamic feeds, a migration path must be provided, i.e. automatically create dynamic feeds for existing file-based feeds and provide instructions to redirect requests to the feed files to the new feeds.
Bonus
Since the project will touch on several APIs, this would also be a good opportunity to revisit Feature Request #0000829 which asks for a simplification of the Plugin API for feeds.
Any API changes for this functionality must be compatible with older revisions of the API so that plugins that use the old API continue to work as before. So API changes should either be backward-compatible or a new API must be established.
Level of Difficulty
medium
Some time will be required to understand the current feed API. Some research will have to be done for proper authentication and considerations regarding the server load.
Possible mentor: Dirk Haun
Further Reading
- Feature Request #0000780: RSS feeds that take into account access rights
- Current Feed API for Plugins
- HTTP Conditional Get for RSS Hackers