Subdirectories: NewFeatures.
2005-09-14
This is a little new renderer that creates a link to a page in the view necessary to show comments. In turn, this has caused the 'your comment has been posted' template page to be tarted up so that it uses it, thereby letting people who have posted comments see them in the page they go to.
(I have decided not to have it link to the comment section of the page, just on general principle. I may change my mind about this.)
2005-09-12
feed-max-size and feed-max-size-ipsThis is all because LiveJournal has undocumented size limits on incoming syndication feeds, limits that DWiki can easily blow past. Since I actually wanted LiveJournal to be able to get syndication feeds from me, DWiki has grown two new configuration settings.
feed-max-size is an integer kilobytes. It is a rough limit on how
large any feed can be; once DWiki generates a feed that is this many
kilobytes or larger it stopps adding more entries, regardless of the
setting for atomfeed-display-howmany. If unset, there is no size
limit.
feed-max-size-ips restricts feed-max-size to the whitespace
separated list of IP addresses or tcpwrappers style IP address
prefixes (eg '66.150.15.' to get all of 66.150.15.*).
Syndication fetches from other addresses will behave as if there was
no feed-max-size.
Strictly speaking, feed-max-size limits only the size of the
atom::pages or atom::comments output to that size. Whatever else
is tacked on to make up a feed (hopefully not very big) will add some
extra size.
Moral: undersize feed-max-size a bit. For LiveJournal, the limit is
apparently 150 kilobytes (currently), so setting it to '120' or so
should provide a comfortable safety margin.
Although I'm not entirely fond of this (to put it one way), the documentation has been updated appropriately, making this feature more or less official.
2005-09-03
/oldest/ virtual directory restrictionDWiki has long been able to give people the latest N things in a
virtual directory context (as latest/<N>). Now it can give them the
oldest N things, using the obvious syntax: oldest/<howmany>.
Just to show off, ranges properly convert themselves into 'oldest/<N>' at the end of their run, just as they convert themselves into 'latest/<N>' at the start.
Documentation has been updated appropriately.
Virtual Directories in DWiki
A virtual directory is a way of restricting what pages get shown out of a real directory. It works by tacking on 'virtual' directories after the real directory (ie, as subdirectories) to tell DWiki what you want to see.
Virtual directories restrict pages based on their most recent modification time. There are three versions available:
- calendar: with the format
<year>/[<month>/[<day>]], all as digits. Only pages most recently changed in the time period get selected.- latest: with the format
latest/<howmany>. They show just the most recently changed<howmany>pages.- oldest: with the format
oldest/<howmany>. They show just the least recently changed<howmany>pages.- range: with the format
range/<start>-<end>. They show the start'th to the end'th most recently changed page.All pieces of a virtual directory must really be virtual. If you have a directory
Foo/with aFoo/2005/subdirectory (or file), you cannot use the virtual directoryFoo/2005/05/to see things from May of 2005 inFoo/. Moral: let DWiki organize things based on time for you, don't do it yourself.Virtual directories are paid attention to by some renderers, which are generally used in some views. You can get the full list in TemplateSyntax.
Over the past while it has become increasingly obvious that it's
useful for as many responses as possible to carry a Last-Modified:
header. (The last straw was wanting Google's index to show
modification dates for DWiki pages.)
My reason for killing Last-Modified: was so that things like logging
in and logging out, which can't be reflected in the timestamp, would
still have conditional GETs be served new pages. But since the
conditional GET logic is in DWiki itself, I can have DWiki be
smarter about it.
DWiki now separates the page timestamp from the idea of whether the
page timestamp is reliable or simply vaguely useful information. The
page timestamp will always be served if it exists at all, but
conditional GETs only look at the page timestamp if it's reliable
(which means that if authentication is on, the answer is generally
'not').
This should work much better.
2005-06-19
DWiki Authentication
DWiki has optional support for authenticating users, which is a prerequisite for restricting access to pages and for allowing people to comment. User authentication is done by cookies, which means that people wanting to be authenticated have to accept cookies from the DWiki's web server.
Whether authentication is on is controlled by the
authfilesetting in the ConfigurationFile; if it is set, it specifies a password file for the DWiki. Once enabled, a login box will appear at the bottom of pages where people can enter their login and password into a form and submit it to the wiki. If the password is correct, DWiki will send back a login cookie and the session is now authenticated (provided that the user's browser then sends the cookie back to DWiki with future requests).An authenticated person has a login name and may optionally be in some groups. When checking permissions, logins and groups are treated the same (so you should not create groups that have the same name as users; this is either pointless or dangerous, depending on how many people are in the group). What groups a login is part of is specified in the password file.
To be precise, an authenticated request is any request that has a valid associated login name. Normally this happens because the user's browser sent back a valid DWiki login cookie, but a DWiki may have a default login, set in the ConfigurationFile. If the default login is set and exists in the password file, everything is authenticated; either as a 'real' (passworded) login or as the default login.
Because DWiki is hard-coded to require authentication before people can write comments, setting a default user is the only way to let the world (potentially) comment on your DWiki.
Using Authentication
Authentication is used by the
{{Restricted}}and{{CanComment}}DWikiText macros. Without arguments they restrict the page to authenticated people or allow comments by authenticated people (respectively). With arguments, they restrict things more tightly. There are two sorts of arguments:
- positive arguments are plain logins or groups, and require the authenticated session to be one of the things named.
- negative arguments start with '
-' and are then logins or groups, and require the authenticated session to not be one of the things named.If only negative arguments are given, anyone not mentioned passes; if both positive and negative arguments are given, you must pass the positive arguments and not fail the negative arguments.
Directories can create default permissions for everything under them by having a special file called
__accesswith either or both of Restricted and CanComment macros.__accessfiles are checked backwards from the page being looked at, and the first one that contains a Restricted or a CanComment (depending on what is at issue) wins.__accessfiles can have other content, although ChrisSiebenmann doesn't expect people to look at them very often.Note: this means that subdirectories can give back permissions that were denied by a higher-level directory. This is deliberate.
Authentication limits
DWiki authentication protects only file contents. It does not protect directory contents and it thus doesn't protect a page's (file) name. Moral: don't put sensitive information into page names.
Password security
Note: DWiki doesn't specially encrypt login / password information while it's being sent to the web server. Unless the entire connection is running over SSL, people can theoretically snoop the password in clear text.
DWiki doesn't store someone's clear text password (even in its password file); instead it stores a hash of the password, using a format that guarantees that if two different people use the same password they will get different hashes. (Barring the hash function itself being broken.)
As always, people should be strongly discouraged from using important passwords (eg, their Unix account passwords) for any web service, a DWiki included. Using one's Unix login name as one's DWiki login name is harmless and even convenient.
The cookie
The cookie DWiki uses has the login name in clear text, and is authenticated with an added hash value. If you want the gory details, see
authcookie.pyandhtmlauth.pyin the DWiki source code. With a properglobal-authseedsecret in the ConfigurationFile, it is believed to be secure from all brute-force attacks.The cookie is normally quite long-lived. It becomes invalid if the user's password or the DWiki global authseed change.
The cookie is not restricted to coming from a single IP address or anything like that.
Format of the password file
The password file has a simple format. Blank lines and comment lines (lines that have a '
#' character as their first non-whitespace) are ignored. Otherwise, lines have the format:<login> <password-hash> [<group> ....]There can be any amount of whitespace between elements; groups are optional.
The easy way to add logins or change passwords is with the
dpasswd.pyprogram in the DWiki source. Adding or changing groups, or deleting logins, you get to do by editing the file directly.DWiki has no support for creating logins or changing passwords over the web. This is deliberate.
How you manage this process in general is up to you; in non-paranoid environments ChrisSiebenmann uses a group-writeable password file owned by an appropriate (Unix) group.
2005-06-14
Pages now have accessible 'titles', sort of. A page's title is taken
to be the value of the header that starts the page, if said header is
on the very first line. (So this page's nominal title is 'New: Page
Titles'.) The header level doesn't matter; a <h6> is as good as a
<h1>, so long as it's the first line on the page.
This info is available only after the page has been rendered, in the
new global context variable :wikitext:title. Fortunately for us,
Atom feed entries can have their fields in any order, so we are free
to generate <title> after <content>.
Why did I do this? First, it's suitably low rent, and second I decided I wanted some vague way to generate semi-real page titles in Atom feeds instead of the current full path to the page (ever so helpful and informative as it is).
The only tricky bit was making sure that only the appropriate magic wikitext renderers set the page title, and not all the times that we spin through wikitext looking for, eg, permissions. (Especially important in Atom feeds, as Atom feeds look at everyone's permissions before they do the real rendering.)
2005-06-13
DWiki bugs/needfix
/{....}as a template comment, because I think I want them. (maybe another character, but ehh; this sort of looks like a C/etc comment.)inode ctime is last modified, inode mtime is created. The split has started. This may or may not work well; I'll have to see. (Partly based on what else screws with ctimes in our Unix environment.)
It seems clear that ctime is not too useful in at least some context. I should use it for safety in Atom feed generation and some other contexts, but not otherwise by default.
http://projects.edgewall.com/trac/wiki/WikiFormatting documents some stuff better than me, plus has 'processors'. I could steal that.
Searching needs to be less lame, at least for searching through the searchbox. It probably wants to be case-independant and possibly only for word starts (instead of word boundaries on both sides; arguably all searches should be only word boundary start ones).
The real rule is not 'identifier boundary', it is 'identifier component boundary', which is \b or a-z0-9 at the start, and \b or A-Z at the end.
It should be possible to create an Atom feed template that included all of the comments as part of the page.
CSS work. This implies that I need to actually understand CSS. I laugh at myself, hollowly. (Progress: we now style some stuff with CSS.)
We should be able to see the history page for any RCS-but-not-displayable page.
There should be some form of RecentChanges that throws in time information. (Clearly not Striped'able.)
Open issues
Do I want a 'render this page as wikitext' magic template option? That's what the injectors hard-code right now.
writecomment needs some way to generate a good link to help/DWikiText, so that people can actually know what to write a comment in. (It has one now, but the way may be a bit lame.)
Do we need a way to turn off WikiWord links? (The current approach is to use
[[...|]], which is perhaps good enough for the rare cases.)Should we forbid switching to alternate views in a virtual directory? The 'normal' view doesn't work entirely right (drops subdirectories); this may be a bug. (Fixed now: the listdir renderer needs to always include all subdirectories, despite their timestamps possibly being outside the restriction.)
We need to sort out when a link stays in the same view and when it doesn't. At the moment it is somewhat ad-hoc.
[[...]]links don't chase redirects, and they should. Well, now they do and I'm not convinced it's the right thing. It's convenient, but it changes the explicitly written link text; this might be good or it might be bad.Decide: should access restrictions look sort of like Unix access restrictions, being enforced top-down, or the current bottom-up way? I am starting to think that bottom-up is open to some reliability issues. But on the other hand, top-down has semantic issues too.
Profile the code. Laugh hysterically. Fix what I can.
DWiki should be more configurable through the filesystem. Can we support adding new views (directory and/or file) by reading the canonical template directory, for example? This would suffice for anything that doesn't require special handling.
Long-range:
DWiki knows a lot about what views do what. Unfortunately I suspect that this is impossible to work around, especially given how
htmlviews.pyis set up.Templates should mark up with <div> and so on.
wikirend.py needs to style-mark much of the things that it emits. I would like to find some general augmentation mechanism, although it's probably not going to be pretty.We're going to need to genericize access control. I think it will be some matrix of view + file patterns + file attributes. (Punt for now, everyone can see everything.)
This is a permanently FIXME page.
2005-06-11
A DWiki page (technically, any wikitext, so comments too) can now
start with the line '#pragma pre' to declare that the entire rest of
the page is simply preformatted text and should be barfed out as such
(minus the #pragma line, which is swallowed). '#pragma plaintext' is
accepted too.
This is a much more convenient and maintainable way to stick plaintext files (such as program source or something) into a DWiki than indenting the entirity of their text one space.
Note that this does not make the page come out as text/plain. The page is still text/html and fully templated, it's just that the wikitext is one big <pre> lump, instead of more sophisticated formatting.
It's unlikely that DWiki will acquire any other sorts of pragmas (eg to say 'format this as nicely HTML-ized Python code'), partly because ChrisSiebenmann is dubious about the 'nicely HTML-ized' bit of any formatters since they invariably involve aesthetic decisions that people (eg, him) can and do object to. Having an easy way of including plaintext is the 80%-90% solution, and that is the DWiki way.
2005-06-10
DWiki has a new template handling scheme: the core idea is that we now have a way of a) picking the first existing template from a list of them and b) generating candidate templates by variable substitution and 'all parent directories' expansion. This gives DWiki a simple and general framework for doing things like 'template injection', which lets us skin an entire directory hierarchy (but not the entire wiki) with things like blog sidebars.
This also gives us a single top-level template that generates all
normal HTML-based pages, thereby giving us a single place to skin the
entire site. The per-view templates in views/* (now only a
convention) now just generate view-specific information, leaving all
of the rest up to the top-level template.
The clarity and lack of stupid template piece duplication of the result is a clear indication of how it is a better scheme. (And no more silly things like splitting a <div> start and end into different files and hoping they get included in the right spots.)
TemplateSyntax and TemplatesUsed have been revised appropriately.