jekyll-auth 2.1.0 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/CODEOWNERS +3 -0
- data/.github/config.yml +20 -0
- data/.github/no-response.yml +13 -0
- data/.github/settings.yml +31 -0
- data/.github/stale.yml +27 -0
- data/.rubocop.yml +8 -1
- data/Gemfile +3 -1
- data/Rakefile +13 -11
- data/bin/jekyll-auth +3 -1
- data/docs/CODE_OF_CONDUCT.md +46 -0
- data/docs/CONTRIBUTING.md +88 -0
- data/docs/README.md +33 -0
- data/docs/_config.yml +2 -0
- data/docs/configuring.md +36 -0
- data/docs/getting-started.md +63 -0
- data/docs/running-locally.md +24 -0
- data/docs/troubleshooting.md +31 -0
- data/jekyll-auth.gemspec +28 -25
- data/lib/jekyll-auth.rb +3 -0
- data/lib/jekyll_auth/auth_site.rb +2 -0
- data/lib/jekyll_auth/commands.rb +3 -1
- data/lib/jekyll_auth/config.rb +15 -8
- data/lib/jekyll_auth/config_error.rb +2 -0
- data/lib/jekyll_auth/helpers.rb +2 -0
- data/lib/jekyll_auth/jekyll_site.rb +4 -2
- data/lib/jekyll_auth/sinatra/auth/github.rb +8 -4
- data/lib/jekyll_auth/version.rb +3 -1
- data/spec/jekyll_auth_auth_site_spec.rb +2 -0
- data/spec/jekyll_auth_bin_spec.rb +2 -0
- data/spec/jekyll_auth_commands_spec.rb +2 -0
- data/spec/jekyll_auth_helpers_spec.rb +2 -0
- data/spec/jekyll_auth_jekyll_site_spec.rb +2 -0
- data/spec/jekyll_auth_spec.rb +2 -0
- data/spec/spec_helper.rb +2 -0
- data/templates/.gitignore +0 -1
- data/templates/Rakefile +3 -1
- data/templates/config.ru +3 -1
- metadata +81 -43
- data/README.md +0 -179
data/README.md
DELETED
@@ -1,179 +0,0 @@
|
|
1
|
-
# Jekyll Auth
|
2
|
-
|
3
|
-
*A simple way to use GitHub OAuth to serve a protected Jekyll site to your GitHub organization*
|
4
|
-
|
5
|
-
[![Gem Version](https://badge.fury.io/rb/jekyll-auth.png)](http://badge.fury.io/rb/jekyll-auth) [![Build Status](https://travis-ci.org/benbalter/jekyll-auth.png?branch=master)](https://travis-ci.org/benbalter/jekyll-auth)
|
6
|
-
|
7
|
-
## The problem
|
8
|
-
|
9
|
-
[Jekyll](http://github.com/mojombo/jekyll) and [GitHub Pages](http://pages.github.com) are awesome, right? Static site, lightning fast, everything versioned in Git. What else could you ask for?
|
10
|
-
|
11
|
-
But what if you only want to share that site with a select number of people? Before, you were SOL. Now, simply host the site on a free, [Heroku](http://heroku.com) Dyno, and whenever someone tries to access it, it will Oauth them against GitHub, and make sure they're a member of your Organization. Pretty cool, huh?
|
12
|
-
|
13
|
-
## Requirements
|
14
|
-
|
15
|
-
1. A GitHub account (one per user)
|
16
|
-
2. A GitHub Organization (of which members will have access to the Jekyll site)
|
17
|
-
3. A GitHub Application (you can [register one](https://github.com/settings/applications/new) for free)
|
18
|
-
4. A Heroku account (you can technically use this elsewhere, but the instructions are for Heroku)
|
19
|
-
|
20
|
-
## Getting Started
|
21
|
-
|
22
|
-
### Create a GitHub Application
|
23
|
-
|
24
|
-
1. Navigate to [the GitHub app registration page](https://github.com/settings/applications/new)
|
25
|
-
2. Give your app a name
|
26
|
-
3. Tell GitHub the URL you want the app to eventually live at. If using a free Heroku account, this will be something like <http://my-site.herokuapp.com>
|
27
|
-
4. Specify the callback URL; should be like this: <https://my-site.herokuapp.com/auth/github/callback>; note that this is **https**, not http.
|
28
|
-
5. Hit Save, but leave the page open, you'll need some of the information in a moment
|
29
|
-
|
30
|
-
Remember the 'my-site' part for later on when using `heroku create`. Also, my-site is often called 'app-name' in Heroku documentation.
|
31
|
-
|
32
|
-
### Add Jekyll Auth to your site
|
33
|
-
|
34
|
-
1. Within your new site repository or orphaned github [branch](https://help.github.com/articles/creating-project-pages-manually/) (the branch could be named anything except 'gh-pages' since this would then be public on GitHub!), add `gem 'jekyll-auth'` to your `Gemfile` or if you don't already have a `Gemfile`, create a file called `Gemfile` in the root of your site's repository with the following content:
|
35
|
-
|
36
|
-
```ruby
|
37
|
-
source "https://rubygems.org"
|
38
|
-
|
39
|
-
gem 'jekyll-auth'
|
40
|
-
```
|
41
|
-
|
42
|
-
2. `cd` into your project's directory and run `bundle install`. If you get an error using `bundle install`, see Troubleshooting below.
|
43
|
-
|
44
|
-
3. Run `bundle exec jekyll-auth new` which will copy the necessary files to set up the server
|
45
|
-
|
46
|
-
### Setting up hosting with Heroku
|
47
|
-
|
48
|
-
#### Automatically
|
49
|
-
|
50
|
-
Run `bundle exec jekyll-auth setup --client_id XXX --client_secret XXX --org_name XXX`
|
51
|
-
|
52
|
-
(or `--team_id XXX`)
|
53
|
-
|
54
|
-
#### Manually
|
55
|
-
|
56
|
-
1. You may need to add and commit the files generated by `jekyll-auth new` to Git before continuing
|
57
|
-
2. Make sure you have [the Heroku toolbelt](https://toolbelt.heroku.com/) installed
|
58
|
-
3. Run `heroku create my-site` from your site's directory; make sure my-site matches what you specified in the GitHub application registration above.
|
59
|
-
4. `heroku config:set GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=XXX GITHUB_ORG_NAME=XXX` (or `GITHUB_TEAM_ID`)
|
60
|
-
5. `git push heroku`, or if you are maintaining the site in an orphaned branch of your GitHub repo (say 'heroku-pages'), do `git push heroku heroku-pages:master`
|
61
|
-
6. `heroku open` to open the site in your browser
|
62
|
-
|
63
|
-
#### Find the Organization ID (needed to find Team ID)
|
64
|
-
|
65
|
-
If you need to find an organization's ID, you can use the following cURL command:
|
66
|
-
|
67
|
-
```
|
68
|
-
curl https://api.github.com/orgs/{org_name}
|
69
|
-
```
|
70
|
-
|
71
|
-
#### Finding the Team ID
|
72
|
-
|
73
|
-
If you need help finding a team's numeric ID, you can use the `jekyll-auth team_id` command.
|
74
|
-
|
75
|
-
For example, to find the team ID for @jekyll/maintainers you'd run the command:
|
76
|
-
|
77
|
-
```
|
78
|
-
jekyll-auth team_id --org jekyll --team maintainers
|
79
|
-
```
|
80
|
-
|
81
|
-
You'll want to add a [personal access token](https://github.com/settings/tokens/new) to your `.env` file so that Jekyll-Auth can make the necessary API request, but the command will run you through the process if you do not provide this.
|
82
|
-
|
83
|
-
## Configuration
|
84
|
-
|
85
|
-
### Whitelisting
|
86
|
-
|
87
|
-
Don't want to require authentication for every part of your site? Fine! Add a whitelist to your Jekyll's **config.yml** file:
|
88
|
-
|
89
|
-
```yaml
|
90
|
-
jekyll_auth:
|
91
|
-
whitelist:
|
92
|
-
- drafts?
|
93
|
-
```
|
94
|
-
|
95
|
-
`jekyll_auth.whitelist` takes an array of regular expressions as strings. The default auth behavior checks (and blocks) against root (`/`). Any path defined in the whitelist won't require authentication on your site.
|
96
|
-
|
97
|
-
What if you want to go the other way, and unauthenticate the entire site *except* for certain portions? You can define some regex magic for that:
|
98
|
-
|
99
|
-
```yaml
|
100
|
-
jekyll_auth:
|
101
|
-
whitelist:
|
102
|
-
- "^((?!draft).)*$"
|
103
|
-
```
|
104
|
-
|
105
|
-
There is also a more [extensive article containing installation instructions for Jekyll-Auth](http://fabian-kostadinov.github.io/2014/11/13/installation-of-jekyll-auth/) and a second one on [how to find your GitHub team ID](http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/).
|
106
|
-
|
107
|
-
### Requiring SSL
|
108
|
-
|
109
|
-
If [you've got SSL set up](https://devcenter.heroku.com/articles/ssl-endpoint), simply add the following your your `_config.yml` file to ensure SSL is enforced.
|
110
|
-
|
111
|
-
```yaml
|
112
|
-
jekyll_auth:
|
113
|
-
ssl: true
|
114
|
-
```
|
115
|
-
|
116
|
-
### Using a custom 404
|
117
|
-
|
118
|
-
Just like GitHub Pages, Jekyll Auth will honor a custom 404 page, if it's generated as `/404.html` in the built site.
|
119
|
-
|
120
|
-
## Running locally
|
121
|
-
|
122
|
-
Want to run it locally?
|
123
|
-
|
124
|
-
### Without authentication
|
125
|
-
|
126
|
-
Just run `jekyll serve` as you would normally.
|
127
|
-
|
128
|
-
### With authentication
|
129
|
-
|
130
|
-
1. `export GITHUB_CLIENT_ID=[your github app client id]`
|
131
|
-
2. `export GITHUB_CLIENT_SECRET=[your github app client secret]`
|
132
|
-
3. `export GITHUB_ORG_NAME=[org name]` or `export GITHUB_TEAM_ID=[team id]` or `export GITHUB_TEAM_IDS=1234,5678`
|
133
|
-
4. `jekyll-auth serve`
|
134
|
-
|
135
|
-
*Pro-tip #1:* For sanity's sake, and to avoid problems with your callback URL, you may want to have two apps, one with a local Oauth callback, and one for production if you're going to be testing auth locally.
|
136
|
-
|
137
|
-
*Pro-tip #2*: Jekyll Auth supports [dotenv](https://github.com/bkeepers/dotenv) out of the box. You can create a `.env` file in the root of site and add your configuration variables there. It's ignored by `.gitignore` if you use `jekyll-auth new`, but be sure not to accidentally commit your `.env` file. Here's what your `.env` file might look like:
|
138
|
-
|
139
|
-
```
|
140
|
-
GITHUB_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
|
141
|
-
GITHUB_CLIENT_ID=qwertyuiop0001
|
142
|
-
GITHUB_TEAM_ID=12345
|
143
|
-
```
|
144
|
-
|
145
|
-
## Under the hood
|
146
|
-
|
147
|
-
Every time you push to Heroku, we take advantage of the fact that Heroku automatically runs the `rake assets:precompile` command (normally used for Rails sites) to build our Jekyll site and store it statically, just like GitHub pages would.
|
148
|
-
|
149
|
-
Anytime a request comes in for a page, we run it through [Sinatra](http://www.sinatrarb.com/) (using the `_site` folder as the static file folder, just as `public` would be normally), and authenticate it using [sinatra\_auth\_github](https://github.com/atmos/sinatra_auth_github).
|
150
|
-
|
151
|
-
If they're in the org, they get the page. Otherwise, all they ever get is [the bouncer](http://octodex.github.com/bouncer/).
|
152
|
-
|
153
|
-
## Upgrading from Jekyll Auth < 0.1.0
|
154
|
-
|
155
|
-
1. `cd` to your project directory
|
156
|
-
2. `rm config.ru`
|
157
|
-
3. `rm Procfile`
|
158
|
-
4. Remove any Jekyll Auth specific requirements from your `Gemfile`
|
159
|
-
5. Follow [the instructions above](https://github.com/benbalter/jekyll-auth#add-jekyll-auth-to-your-site) to get started
|
160
|
-
6. When prompted, select "n" if Heroku is already set up
|
161
|
-
|
162
|
-
## Troubleshooting
|
163
|
-
|
164
|
-
* **ERROR: YOUR SITE COULD NOT BE BUILT** during install, either locally or on Heroku. You likely need to add `exclude: [vendor]` to `_config.yml` in your branch's root directory (create the file if it does not exist already). If you still have problems on the *local* install, you may have better luck using `bundle install --deployment`, but be sure to add the resulting 'vendor' directory to .gitignore. For completeness, the full error may look something like this:
|
165
|
-
|
166
|
-
|
167
|
-
```
|
168
|
-
remote: Configuration file: none
|
169
|
-
remote: ERROR: YOUR SITE COULD NOT BE BUILT:
|
170
|
-
remote: ------------------------------------
|
171
|
-
remote: Invalid date '0000-00-00': Post '/vendor/bundle/ruby/2.0.0/gems/jekyll-2.5.3/lib/site_template/_posts/0000-00-00-welcome-to-jekyll.markdown.erb' does not have a valid date in the filename.
|
172
|
-
```
|
173
|
-
|
174
|
-
* **Pushing to heroku**. If you are working from a new GitHub-cloned repo (where you have not run `heroku create`), you may also want to push to Heroku. Instead of adding the remote in the standard way with Git, do this:
|
175
|
-
|
176
|
-
|
177
|
-
```
|
178
|
-
heroku git:remote -a my-site
|
179
|
-
```
|