bunto-auth 2.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 248270edeba387af87bdb1106b5441fc0e831b55
+  data.tar.gz: 38ad5bb01ecec02667f589fd518e808b1364108b
+SHA512:
+  metadata.gz: 37bdfed3a5f18776c97a996927cd7142441b88a10fd07ebfd06927d657c034e675c05a109884839817c7bf60c6d26b5c1253cfbf1934061d0f528b6e238ec134
+  data.tar.gz: e0f72f48d7fb2e2d77648f0f19abf1fc18d60add1c0062bac468720875d0ee152a85f8df023549cf523ff2dc07aaeffa8c059d7889568cc85eb91c0098df81a8

data/.gitignore

@@ -0,0 +1,5 @@
+_site
+*.gem
+.env
+/Gemfile.lock
+tmp

data/.rubocop.yml

@@ -0,0 +1,24 @@
+inherit_gem:
+  bunto: .rubocop.yml
+
+Style/Documentation:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Metrics/LineLength:
+  Enabled: false
+
+Style/FileName:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Style/DoubleNegation:
+  Enabled: false
+
+AllCops:
+  Exclude:
+    - vendor/**/*

data/.travis.yml

@@ -0,0 +1,29 @@
+# Travis CI
+language: ruby
+
+rvm:
+  - 2.3.1
+  - 2.3.0
+  - 2.2.5
+
+before_script:
+  - chmod a+x script/bootstrap
+  - chmod a+x script/cibuild
+  - chmod a+x script/console
+  - chmod a+x script/release
+  - chmod a+x script/server
+  - chmod a+x script/setup
+  - git config --global user.email "isc.suriyaa@gmail.com"
+  - git config --global user.name "Suriyaa Kudo"
+
+script: "./script/cibuild"
+
+sudo: false
+
+cache: bundler
+
+env:
+  global:
+    - GITHUB_CLIENT_ID=FOO
+    - GITHUB_CLIENT_SECRET=BAR
+    - GITHUB_ORG_NAME="bunto"

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/README.md

@@ -0,0 +1,177 @@
+# Bunto Auth
+
+*A simple way to use GitHub OAuth to serve a protected Bunto site to your GitHub organization*
+
+[![Gem Version](https://badge.fury.io/rb/bunto-auth.png)](https://badge.fury.io/rb/bunto-auth) [![Build Status](https://travis-ci.org/bunto/bunto-auth.png?branch=master)](https://travis-ci.org/bunto/bunto-auth)
+
+## The problem
+
+[Bunto](https://github.com/bunto/bunto) and [GitHub Pages](https://pages.github.com) are awesome, right? Static site, lightning fast, everything versioned in Git. What else could you ask for?
+
+But what if you only want to share that site with a select number of people? Before, you were SOL. Now, simply host the site on a free, [Heroku](https://heroku.com) Dyno, and whenever someone tries to access it, it will Oauth them against GitHub, and make sure they're a member of your Organization. Pretty cool, huh?
+
+## Requirements
+
+1. A GitHub account (one per user)
+2. A GitHub Organization (of which members will have access to the Bunto site)
+3. A GitHub Application (you can [register one](https://github.com/settings/applications/new) for free)
+4. A Heroku account (you can technically use this elsewhere, but the instructions are for Heroku)
+
+## Getting Started
+
+### Create a GitHub Application
+
+1. Navigate to [the GitHub app registration page](https://github.com/settings/applications/new)
+2. Give your app a name
+3. Tell GitHub the URL you want the app to eventually live at. If using a free Heroku account, this will be something like <http://my-site.herokuapp.com>
+4. Specify the callback URL; should be like this: <https://my-site.herokuapp.com/auth/github/callback>; note that this is **https**, not http.
+5. Hit Save, but leave the page open, you'll need some of the information in a moment
+
+Remember the 'my-site' part for later on when using `heroku create`. Also, my-site is often called 'app-name' in Heroku documentation.
+
+### Add Bunto Auth to your site
+
+1. Within your new site repository or orphaned github [branch](https://help.github.com/articles/creating-project-pages-manually/) (the branch could be named anything except 'gh-pages' since this would then be public on GitHub!), add `gem 'bunto-auth'` to your `Gemfile` or if you don't already have a `Gemfile`, create a file called `Gemfile` in the root of your site's repository with the following content:
+
+   ```ruby
+   source "https://rubygems.org"
+
+   gem 'bunto-auth'
+   ```
+
+2. `cd` into your project's directory and run `bundle install`. If you get an error using `bundle install`, see Troubleshooting below. 
+
+3. Run `bundle exec bunto-auth new` which will copy the necessary files to set up the server
+
+### Setting up hosting with Heroku
+
+#### Automatically
+
+Run `bundle exec bunto-auth setup --client_id XXX --client_secret XXX --org_name XXX`
+
+(or `--team_id XXX`)
+
+#### Manually
+
+1. You may need to add and commit the files generated by `bunto-auth new` to Git before continuing
+2. Make sure you have [the Heroku toolbelt](https://toolbelt.heroku.com/) installed
+3. Run `heroku create my-site` from your site's directory; make sure my-site matches what you specified in the GitHub application registration above.
+4. `heroku config:set GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=XXX GITHUB_ORG_NAME=XXX` (or `GITHUB_TEAM_ID`)
+5. `git push heroku`, or if you are maintaining the site in an orphaned branch of your GitHub repo (say 'heroku-pages'), do `git push heroku heroku-pages:master`
+6. `heroku open` to open the site in your browser
+
+#### Find the Organization ID (needed to find Team ID)
+
+If you need to find an organization's ID, you can use the following cURL command:
+
+```
+curl https://api.github.com/orgs/{org_name}
+```
+
+#### Finding the Team ID
+
+If you need help finding a team's numeric ID, you can use the `bunto-auth team_id` command.
+
+For example, to find the team ID for @bunto/maintainers you'd run the command:
+
+```
+bunto-auth team_id --org bunto --team maintainers
+```
+
+You'll want to add a [personal access token](https://github.com/settings/tokens/new) to your `.env` file so that Bunto-Auth can make the necessary API request, but the command will run you through the process if you do not provide this.
+
+## Configuration
+
+### Whitelisting
+
+Don't want to require authentication for every part of your site? Fine! Add a whitelist to your Bunto's **config.yml** file:
+
+```yaml
+bunto_auth:
+  whitelist:
+    - drafts?
+```
+
+`bunto_auth.whitelist` takes an array of regular expressions as strings. The default auth behavior checks (and blocks) against root (`/`). Any path defined in the whitelist won't require authentication on your site.
+
+What if you want to go the other way, and unauthenticate the entire site *except* for certain portions? You can define some regex magic for that:
+
+```yaml
+bunto_auth:
+  whitelist:
+    - "^((?!draft).)*$"
+```
+
+### Requiring SSL
+
+If [you've got SSL set up](https://devcenter.heroku.com/articles/ssl-endpoint), simply add the following your your `_config.yml` file to ensure SSL is enforced.
+
+```yaml
+bunto_auth:
+  ssl: true
+```
+
+### Using a custom 404
+
+Just like GitHub Pages, Bunto Auth will honor a custom 404 page, if it's generated as `/404.html` in the built site.
+
+## Running locally
+
+Want to run it locally?
+
+### Without authentication
+
+Just run `bunto serve` as you would normally.
+
+### With authentication
+
+1. `export GITHUB_CLIENT_ID=[your github app client id]`
+2. `export GITHUB_CLIENT_SECRET=[your github app client secret]`
+3. `export GITHUB_ORG_NAME=[org name]` or `export GITHUB_TEAM_ID=[team id]` or `export GITHUB_TEAM_IDS=1234,5678`
+4. `bunto-auth serve`
+
+*Pro-tip #1:* For sanity's sake, and to avoid problems with your callback URL, you may want to have two apps, one with a local Oauth callback, and one for production if you're going to be testing auth locally.
+
+*Pro-tip #2*: Bunto Auth supports [dotenv](https://github.com/bkeepers/dotenv) out of the box. You can create a `.env` file in the root of site and add your configuration variables there. It's ignored by `.gitignore` if you use `bunto-auth new`, but be sure not to accidentally commit your `.env` file. Here's what your `.env` file might look like:
+
+```
+GITHUB_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
+GITHUB_CLIENT_ID=qwertyuiop0001
+GITHUB_TEAM_ID=12345
+```
+
+## Under the hood
+
+Every time you push to Heroku, we take advantage of the fact that Heroku automatically runs the `rake assets:precompile` command (normally used for Rails sites) to build our Bunto site and store it statically, just like GitHub pages would.
+
+Anytime a request comes in for a page, we run it through [Sinatra](http://www.sinatrarb.com/) (using the `_site` folder as the static file folder, just as `public` would be normally), and authenticate it using [sinatra\_auth\_github](https://github.com/atmos/sinatra_auth_github).
+
+If they're in the org, they get the page. Otherwise, all they ever get is [the bouncer](https://octodex.github.com/bouncer/).
+
+## Upgrading from Bunto Auth &lt; 0.1.0
+
+1. `cd` to your project directory
+2. `rm config.ru`
+3. `rm Procfile`
+4. Remove any Bunto Auth specific requirements from your `Gemfile`
+5. Follow [the instructions above](https://github.com/bunto/bunto-auth#add-bunto-auth-to-your-site) to get started
+6. When prompted, select "n" if Heroku is already set up
+
+## Troubleshooting
+
+* **ERROR: YOUR SITE COULD NOT BE BUILT** during install, either locally or on Heroku. You likely need to add `exclude: [vendor]` to `_config.yml` in your branch's root directory (create the file if it does not exist already). If you still have problems on the *local* install, you may have better luck using `bundle install --deployment`, but be sure to add the resulting 'vendor' directory to .gitignore. For completeness, the full error may look something like this:
+
+
+```
+remote:        Configuration file: none
+remote:                     ERROR: YOUR SITE COULD NOT BE BUILT:
+remote:                            ------------------------------------
+remote:                            Invalid date '0000-00-00': Post '/vendor/bundle/ruby/2.0.0/gems/bunto-2.5.3/lib/site_template/_posts/0000-00-00-welcome-to-bunto.markdown.erb' does not have a valid date in the filename.
+```
+
+* **Pushing to heroku**. If you are working from a new GitHub-cloned repo (where you have not run `heroku create`), you may also want to push to Heroku. Instead of adding the remote in the standard way with Git, do this: 
+
+
+```
+heroku git:remote -a my-site 
+```

data/Rakefile

@@ -0,0 +1,20 @@
+require 'rubygems/package_task'
+require 'rubygems/specification'
+require 'bundler'
+require 'fileutils'
+require 'dotenv'
+
+task default: [:spec]
+
+task :site do
+  Dotenv.load
+  FileUtils.chdir 'templates'
+  `bundle exec bunto-auth`
+end
+
+require 'rspec/core/rake_task'
+desc 'Run specs'
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = 'spec/**/*_spec.rb'
+  t.rspec_opts = ['--order', 'rand', '--color']
+end

data/bin/bunto-auth

@@ -0,0 +1,134 @@
+#!/usr/bin/env ruby
+# Command-line interface for bunto-auth
+
+require "mercenary"
+require "bunto-auth"
+require "open3"
+
+Mercenary.program("bunto-auth") do |p|
+  p.version BuntoAuth::VERSION
+  p.description "A simple way to use Github OAuth to serve a protected bunto site to your GitHub organization"
+  p.syntax "bunto-auth <subcommand> options"
+
+  p.command(:new) do |c|
+    c.syntax "new"
+    c.description "Initialize an existing Bunto site as a Bunto Auth site"
+    c.action do |_args, _options|
+      BuntoAuth::Commands.copy_templates
+
+      if BuntoAuth::Commands.changed?
+        puts "Looks like we've made some changes, you may want to do a git commit and git push sometime soon".yellow
+      end
+
+      puts "Setup complete. Run `bunto-auth` to view the authenticated site."
+    end
+  end
+
+  # Run the standard bunto build command
+  # Called by Rake task, to allow the gem
+  # to add functionality here in the future
+  p.command(:build) do |c|
+    c.syntax "build"
+    c.description "Build the Bunto site"
+    c.action do |_args, options|
+      require "bunto"
+      Bunto::Commands::Build.process(options)
+    end
+  end
+
+  p.command(:team_id) do |c|
+    c.syntax "team_id --org <ORG> --team <TEAM>"
+    c.description "Retrieve a team's ID"
+    c.option "org", "--org <ORG>", 'The GitHub Organization, e.g., "bunto"'
+    c.option "team", "--team <TEAM>", 'The team name, e.g., "maintainers"'
+
+    c.action do |_args, options|
+      unless BuntoAuth::Commands.env_var_set? "GITHUB_TOKEN"
+        puts "You'll need to go to https://github.com/settings/tokens/new and create a personal access token".red
+        puts "Once you've got the token, prefix the bunto-auth command with GITHUB_TOKEN=[YOUR TOKEN]".red
+        puts "You can also add it to a `.env` file in this directory".red
+        exit 1
+      end
+
+      org = options["org"] || ENV["GITHUB_ORG_NAME"]
+      team = options["team"]
+
+      if org.nil? || team.nil?
+        puts "An org name and team ID are required.".red
+        puts "Usage: bunto-auth team_id --org <ORG> --team <TEAM>"
+        exit 1
+      end
+
+      team_id = BuntoAuth::Commands.team_id(org, team)
+
+      if team_id
+        puts "The team ID for `@#{org}/#{team}` is `#{team_id}`".green
+      else
+        puts "Couldn't find the `@#{org}/#{team}` team.".red
+      end
+    end
+  end
+
+  p.command(:serve) do |c|
+    c.syntax "serve"
+    c.description "Run Bunto Auth site locally"
+    c.option "host", "--host <HOST>", "Listen at the given hostname, e.g., 127.0.0.1"
+    c.option "port", "--port <PORT>", "Listen on the given port, e.g., 4000"
+
+    c.action do |_args, options|
+      # Ensure environmental variables are set
+      unless %w(GITHUB_CLIENT_ID GITHUB_CLIENT_SECRET).all? { |v| BuntoAuth::Commands.env_var_set?(v) }
+        puts "Whoops. Looks like you forgot to tell Bunto Auth about your app".red
+        puts "Be sure to run export GITHUB_CLIENT_ID=[client id], export GITHUB_CLIENT_SECRET=[client secret], and export GITHUB_ORG_NAME=[org name] (or GITHUB_TEAM_ID)".red
+        puts "See the readme for more information on where to find these".red
+        exit 1
+      end
+
+      # build site
+      p.go ["build"]
+
+      host = options["host"] || "0.0.0.0"
+      port = options["port"] || "4000"
+
+      puts "Spinning up the server with authentication. Use CTRL-C to stop."
+      puts "To preview the site without authentication, use the `bunto serve` command"
+      BuntoAuth::Commands.execute_command "bundle", "exec", "rackup", "-o", host, "-p", port
+    end
+  end
+
+  p.command(:setup) do |c|
+    c.syntax "setup"
+    c.description "Configure Heroku for use with your Bunto Auth site"
+    c.option "client_id", "--client_id", "Your oauth app client id"
+    c.option "client_secret", "--client_secret", "Your oauth app client secret"
+    c.option "team_id", "--team_id", "The team to authenticate against"
+    c.option "org_name", "--org_name", "An organization to authenticate against"
+    c.action do |_args, options|
+      if find_executable("heroku").nil?
+        say "Looks like we're missing the Heroku client. Let's see if we can't install it..."
+        BuntoAuth::Commands.execute_command "wget", "-qO-", "https://toolbelt.heroku.com/install.sh", "|", "sh"
+      end
+
+      BuntoAuth::Commands.init_repo
+      BuntoAuth::Commands.initial_commit if BuntoAuth::Commands.changed?
+
+      if BuntoAuth::Commands.heroku_remote_set?
+        puts "Looks like you've already got heroku set up... skipping.".green
+      else
+        puts "Creating a new Heroku app."
+        BuntoAuth::Commands.execute_command "heroku", "create"
+      end
+
+      puts "Configuring the Heroku app"
+      BuntoAuth::Commands.configure_heroku(options)
+
+      puts "Pushing to Heroku"
+      BuntoAuth::Commands.execute_command "git", "push", "heroku", "master", "--force"
+
+      puts "Lets check if it worked"
+      BuntoAuth::Commands.execute_command "heroku", "open"
+    end
+  end
+
+  p.default_command(:serve)
+end

data/bunto-auth.gemspec

@@ -0,0 +1,33 @@
+require './lib/bunto_auth/version'
+
+Gem::Specification.new do |s|
+  s.name                  = 'bunto-auth'
+  s.version               = BuntoAuth::VERSION
+  s.summary               = 'A simple way to use GitHub OAuth to serve a protected Bunto site to your GitHub organization'
+  s.description           = 'A simple way to use GitHub OAuth to serve a protected Bunto site to your GitHub organization.'
+  s.authors               = ['Ben Balter', 'Suriyaa Kudo']
+  s.email                 = ['ben@balter.com', 'suriyaa@bunto.tk']
+  s.homepage              = 'https://github.com/bunto/bunto-auth'
+  s.license               = 'MIT'
+  s.files                 = `git ls-files`.split("\n")
+  s.test_files            = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables           = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths         = ['lib']
+
+  s.add_dependency 'bunto', '~> 3.2.1'
+  s.add_dependency 'sinatra-index', '~> 0.0'
+  s.add_dependency 'sinatra_auth_github', '~> 1.1'
+  s.add_dependency 'rack', '~> 1.6'
+  s.add_dependency 'dotenv', '~> 2.0'
+  s.add_dependency 'rake', '~> 10.3'
+  s.add_dependency 'rack-ssl-enforcer', '~> 0.2'
+  s.add_dependency 'mercenary', '~> 0.3'
+  s.add_dependency 'safe_yaml', '~> 1.0'
+  s.add_dependency 'colorator', '~> 1.0'
+  s.add_dependency 'activesupport', '~> 4.0'
+  s.add_development_dependency 'rspec', '~> 3.1'
+  s.add_development_dependency 'rack-test', '~> 0.6'
+  s.add_development_dependency 'webmock', '~> 1.2 '
+  s.add_development_dependency 'pry', '~> 0.10'
+  s.add_development_dependency 'rubocop', '~> 0.35'
+end

data/lib/bunto-auth.rb

@@ -0,0 +1,25 @@
+require "sinatra-index"
+require "sinatra_auth_github"
+require "dotenv"
+require "safe_yaml"
+require "colorator"
+require "mkmf"
+require_relative "bunto_auth/version"
+require_relative "bunto_auth/helpers"
+require_relative "bunto_auth/config"
+require_relative "bunto_auth/auth_site"
+require_relative "bunto_auth/bunto_site"
+require_relative "bunto_auth/config_error"
+require_relative "bunto_auth/commands"
+require_relative "bunto_auth/sinatra/auth/github"
+
+Dotenv.load
+
+class BuntoAuth
+  def self.site
+    Rack::Builder.new do
+      use BuntoAuth::AuthSite
+      run BuntoAuth::BuntoSite
+    end
+  end
+end