Landing page statistics not available based on user permissions (Wiki Blender splash page base URL)

[darenwelsh]

The base url landing page provides statistics of each wiki and then the cumulative statistics of the entire server. But the user only sees data for the wikis for which they have permissions. I see no reason why these data should be obscured. The statistics of number of pages, files, edits, and active contributors should be made available to anyone who can view this base url.

[jamesmontalvo3]

On a closed wiki that the user doesn't have access to they cannot hit the API. Those values are grabbed from the API. Another method of grabbing those values would be required. One fairly simple way might be to create a script that the landing page calls, and that script returns all the data you need. The script would then just make the API calls from within the server (where the calls are not read-restricted).

The landing page currently hits URLs for each wiki ID like:

https://example.com/<wiki id>/api.php?action=query&meta=siteinfo&siprop=statistics&list=allusers&auactiveusers=&aulimit=500&format=json

(side note, I just noticed aulimit=500 which I believe means no wiki will count higher than 500 active users)

The URL above will return something like:

{
  "batchcomplete": "",
  "query": {
    "allusers": [
      {
        "userid": 5015,
        "name": "Jdoe",
        "recentactions": 22,
        "recenteditcount": 22
      }
    ],
    "statistics": {
      "pages": 376,
      "articles": 48,
      "edits": 1105,
      "images": 32,
      "users": 2,
      "activeusers": 0,
      "admins": 7,
      "jobs": 0
    }
  }
}

So within a PHP script you could do something like:

// create an array to stick the output of all the individual API calls into
$allWikiData = [];

foreach( $wikis as $wikiId ) {
	// Apache listens on 8080
	// HAProxy listens on 80/443 and forwards to Apache, whether or not HAProxy
	// is on the same server as Apache.
	$url = "localhost:8080/$wikiId/api.php?action=query&meta=siteinfo&siprop=statistics&list=allusers&auactiveusers=&aulimit=500&format=json";

	// Grab the data via shell_exec, use json_decode to turn the string into a PHP data
	// structure, then stick it into the all-data array keyed by this wiki
	// Note: It'd be better to use PHP's curl functions than shell_exec, but shell_exec
	// was easier off the top of my head
	$allWikiData[$wikiId] = json_decode( shell_exec( "curl $url" ) );

}

// make the bundled data into a json string and send it back to the client
echo json_encode( $allWikiData );

You'd then a json like:

{
  "demo": { "this object": "would be the same as the JSON from the API call above" },
  "anotherwiki": { "same kind of object": "but for this particular wiki" }
}