Developed by Miguel Dantas during Google Summer of Code 2019
Mentored by Diogo Cordeiro
This is a technical Google Summer of Code Project Report describing briefly what I did from May 6 to August 26.
All the code I wrote during this period is available here.
This document helps understand what was done in a simple and informal way, highlighting the most relevant parts, why some decisions were made and what I’ve learned with it.
From May 6 to May 27 I had to familiarize myself with the GNU social’s plugins and events API, as well as other internal components and the community.
GNU social is a social communication software used in federated social networks. That requires queues and caching systems that are friendly to use and yet powerful and robust enough to handle the high load in servers with limited network, low storage and reduced processing power. While scalable enough to take advantage of more powerful systems.
The new Image handling system was my first bigger project and in it I essentially reviewed and refactored the existing code, followed by making sure a consistent and filesystem safe encoding is use for the filename, which is then further provided when the file download is requested. This very file download was moved into PHP code so that the code could have easy control over what files are accessed; the main goal with this change was to allow arbitrary file uploads, while still ensuring that no file is directly publicly accessible, as a misconfigured webserver or a maliciously crafted file could cause unwanted execution. In addition, this will allow, in the future, for easy permission control, via events, if a plugin to do so is written. Along the same lines, it was important to make image validation more aggressive. While not immediately apparent, an image and a script may be contained in the same file and it was possible for a file to be identified as an image by the upload code and then be executed by the webserver.
The existing Oembed plugin did a valiant attempt trying to get both Oembed and OpenGraph info about a page. The problem, besides the poor name given the dual purpose, was that it used an in-house implementation, which was not complete. This was therefore
replaced by an external library called
oscarotero. After refactoring and checking the existing code, as well as making sure the same filename conventions as above were in effect, image handling became significantly
more robust, eliminating the barrage of errors users would previously see, instead of images. In addition, I made it so only a configurable thumbnail size for the images was saved to disk, while still supporting upscaling should further themes
need it, which should significantly reduce disk space usage.
The queue system received a refactor and checking, modernizing and cleaning up the code in places. I also added the option to use Redis as a backing for this, through a new
In addition, the existing DB, STOMP and UNQUEUE queue managers were broken out into plugins, allowing for easier management as well as making it more unified.
Similarly, the caching system received the same treatment and a new
RedisCache plugin was created.
GSoC was a wonderful experience for me. I now feel more comfortable with the GNU social’s codebase as well as more confident in tackling other such large codebases. I learned a lot of useful stuff general software design principles, maintainability,
web security and Redis. I’ve also learned more about
git and how libre and open source software development is made and organized.
I look forward to regularly contributing to GNU social and other projects.
Thanks to Diogo Cordeiro for such a wonderful experience and the help and knowledge he lent.