jekyll-auth 2.1.0 → 2.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/CODEOWNERS +3 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +28 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +21 -0
- data/.github/config.yml +23 -0
- data/.github/dependabot.yml +10 -0
- data/.github/funding.yml +1 -0
- data/.github/no-response.yml +15 -0
- data/.github/release-drafter.yml +4 -0
- data/.github/settings.yml +33 -0
- data/.github/stale.yml +29 -0
- data/.github/workflows/ci.yml +24 -0
- data/.github/workflows/codeql-analysis.yml +70 -0
- data/.rubocop.yml +13 -4
- data/.travis.yml +3 -3
- data/Gemfile +3 -1
- data/Rakefile +13 -11
- data/bin/jekyll-auth +8 -8
- data/docs/CODE_OF_CONDUCT.md +46 -0
- data/docs/CONTRIBUTING.md +88 -0
- data/docs/README.md +37 -0
- data/docs/SECURITY.md +3 -0
- data/docs/_config.yml +2 -0
- data/docs/configuring.md +36 -0
- data/docs/getting-started.md +63 -0
- data/docs/running-locally.md +24 -0
- data/docs/troubleshooting.md +31 -0
- data/jekyll-auth.gemspec +30 -25
- data/lib/jekyll-auth.rb +3 -0
- data/lib/jekyll_auth/auth_site.rb +2 -0
- data/lib/jekyll_auth/commands.rb +5 -1
- data/lib/jekyll_auth/config.rb +15 -8
- data/lib/jekyll_auth/config_error.rb +2 -0
- data/lib/jekyll_auth/helpers.rb +3 -0
- data/lib/jekyll_auth/jekyll_site.rb +4 -2
- data/lib/jekyll_auth/sinatra/auth/github.rb +8 -4
- data/lib/jekyll_auth/version.rb +3 -1
- data/spec/jekyll_auth_auth_site_spec.rb +2 -0
- data/spec/jekyll_auth_bin_spec.rb +2 -0
- data/spec/jekyll_auth_commands_spec.rb +2 -0
- data/spec/jekyll_auth_helpers_spec.rb +2 -0
- data/spec/jekyll_auth_jekyll_site_spec.rb +3 -1
- data/spec/jekyll_auth_spec.rb +2 -0
- data/spec/spec_helper.rb +3 -0
- data/templates/.gitignore +0 -1
- data/templates/Rakefile +3 -1
- data/templates/config.ru +3 -1
- metadata +143 -52
- data/README.md +0 -179
@@ -0,0 +1,63 @@
|
|
1
|
+
## Getting Started
|
2
|
+
|
3
|
+
### Create a GitHub Application
|
4
|
+
|
5
|
+
1. Navigate to [the GitHub app registration page](https://github.com/settings/applications/new)
|
6
|
+
2. Give your app a name
|
7
|
+
3. Tell GitHub the URL you want the app to eventually live at. If using a free Heroku account, this will be something like <http://my-site.herokuapp.com>
|
8
|
+
4. Specify the callback URL; should be like this: <https://my-site.herokuapp.com/auth/github/callback>; note that this is **https**, not http.
|
9
|
+
5. Hit Save, but leave the page open, you'll need some of the information in a moment
|
10
|
+
|
11
|
+
Remember the 'my-site' part for later on when using `heroku create`. Also, my-site is often called 'app-name' in Heroku documentation.
|
12
|
+
|
13
|
+
### Add Jekyll Auth to your site
|
14
|
+
|
15
|
+
1. Within your new site repository or orphaned github [branch](https://help.github.com/articles/creating-project-pages-manually/) (the branch could be named anything except 'gh-pages' since this would then be public on GitHub!), add `gem 'jekyll-auth'` to your `Gemfile` or if you don't already have a `Gemfile`, create a file called `Gemfile` in the root of your site's repository with the following content:
|
16
|
+
|
17
|
+
```ruby
|
18
|
+
source "https://rubygems.org"
|
19
|
+
|
20
|
+
gem 'jekyll-auth'
|
21
|
+
```
|
22
|
+
|
23
|
+
2. `cd` into your project's directory and run `bundle install`. If you get an error using `bundle install`, see Troubleshooting below.
|
24
|
+
|
25
|
+
3. Run `bundle exec jekyll-auth new` which will copy the necessary files to set up the server
|
26
|
+
|
27
|
+
|
28
|
+
### Setting up hosting with Heroku
|
29
|
+
|
30
|
+
#### Automatically
|
31
|
+
|
32
|
+
Run `bundle exec jekyll-auth setup --client_id XXX --client_secret XXX --org_name XXX`
|
33
|
+
|
34
|
+
(or `--team_id XXX`)
|
35
|
+
|
36
|
+
#### Manually
|
37
|
+
|
38
|
+
1. You may need to add and commit the files generated by `jekyll-auth new` to Git before continuing
|
39
|
+
2. Make sure you have [the Heroku toolbelt](https://toolbelt.heroku.com/) installed
|
40
|
+
3. Run `heroku create my-site` from your site's directory; make sure my-site matches what you specified in the GitHub application registration above.
|
41
|
+
4. `heroku config:set GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=XXX GITHUB_ORG_NAME=XXX` (or `GITHUB_TEAM_ID`)
|
42
|
+
5. `git push heroku`, or if you are maintaining the site in an orphaned branch of your GitHub repo (say 'heroku-pages'), do `git push heroku heroku-pages:master`
|
43
|
+
6. `heroku open` to open the site in your browser
|
44
|
+
|
45
|
+
#### Find the Organization ID (needed to find Team ID)
|
46
|
+
|
47
|
+
If you need to find an organization's ID, you can use the following cURL command:
|
48
|
+
|
49
|
+
```
|
50
|
+
curl https://api.github.com/orgs/{org_name}
|
51
|
+
```
|
52
|
+
|
53
|
+
#### Finding the Team ID
|
54
|
+
|
55
|
+
If you need help finding a team's numeric ID, you can use the `jekyll-auth team_id` command.
|
56
|
+
|
57
|
+
For example, to find the team ID for @jekyll/maintainers you'd run the command:
|
58
|
+
|
59
|
+
```
|
60
|
+
jekyll-auth team_id --org jekyll --team maintainers
|
61
|
+
```
|
62
|
+
|
63
|
+
You'll want to add a [personal access token](https://github.com/settings/tokens/new) to your `.env` file so that Jekyll-Auth can make the necessary API request, but the command will run you through the process if you do not provide this.
|
@@ -0,0 +1,24 @@
|
|
1
|
+
## Running locally
|
2
|
+
|
3
|
+
Want to run it locally?
|
4
|
+
|
5
|
+
### Without authentication
|
6
|
+
|
7
|
+
Just run `jekyll serve` as you would normally.
|
8
|
+
|
9
|
+
### With authentication
|
10
|
+
|
11
|
+
1. `export GITHUB_CLIENT_ID=[your github app client id]`
|
12
|
+
2. `export GITHUB_CLIENT_SECRET=[your github app client secret]`
|
13
|
+
3. `export GITHUB_ORG_NAME=[org name]` or `export GITHUB_TEAM_ID=[team id]` or `export GITHUB_TEAM_IDS=1234,5678`
|
14
|
+
4. `jekyll-auth serve`
|
15
|
+
|
16
|
+
*Pro-tip #1:* For sanity's sake, and to avoid problems with your callback URL, you may want to have two apps, one with a local Oauth callback, and one for production if you're going to be testing auth locally.
|
17
|
+
|
18
|
+
*Pro-tip #2*: Jekyll Auth supports [dotenv](https://github.com/bkeepers/dotenv) out of the box. You can create a `.env` file in the root of site and add your configuration variables there. It's ignored by `.gitignore` if you use `jekyll-auth new`, but be sure not to accidentally commit your `.env` file. Here's what your `.env` file might look like:
|
19
|
+
|
20
|
+
```
|
21
|
+
GITHUB_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
|
22
|
+
GITHUB_CLIENT_ID=qwertyuiop0001
|
23
|
+
GITHUB_TEAM_ID=12345
|
24
|
+
```
|
@@ -0,0 +1,31 @@
|
|
1
|
+
## Troubleshooting
|
2
|
+
|
3
|
+
### `ERROR: YOUR SITE COULD NOT BE BUILT` During install, either locally or on Heroku.
|
4
|
+
|
5
|
+
You likely need to add `exclude: [vendor]` to `_config.yml` in your branch's root directory (create the file if it does not exist already). If you still have problems on the *local* install, you may have better luck using `bundle install --deployment`, but be sure to add the resulting 'vendor' directory to .gitignore. For completeness, the full error may look something like this:
|
6
|
+
|
7
|
+
|
8
|
+
```
|
9
|
+
remote: Configuration file: none
|
10
|
+
remote: ERROR: YOUR SITE COULD NOT BE BUILT:
|
11
|
+
remote: ------------------------------------
|
12
|
+
remote: Invalid date '0000-00-00': Post '/vendor/bundle/ruby/2.0.0/gems/jekyll-2.5.3/lib/site_template/_posts/0000-00-00-welcome-to-jekyll.markdown.erb' does not have a valid date in the filename.
|
13
|
+
```
|
14
|
+
|
15
|
+
### Pushing to heroku
|
16
|
+
|
17
|
+
If you are working from a new GitHub-cloned repo (where you have not run `heroku create`), you may also want to push to Heroku. Instead of adding the remote in the standard way with Git, do this:
|
18
|
+
|
19
|
+
|
20
|
+
```
|
21
|
+
heroku git:remote -a my-site
|
22
|
+
```
|
23
|
+
|
24
|
+
### Upgrading from Jekyll Auth < 0.1.0
|
25
|
+
|
26
|
+
1. `cd` to your project directory
|
27
|
+
2. `rm config.ru`
|
28
|
+
3. `rm Procfile`
|
29
|
+
4. Remove any Jekyll Auth specific requirements from your `Gemfile`
|
30
|
+
5. Follow [the instructions above](https://github.com/benbalter/jekyll-auth#add-jekyll-auth-to-your-site) to get started
|
31
|
+
6. When prompted, select "n" if Heroku is already set up
|
data/jekyll-auth.gemspec
CHANGED
@@ -1,33 +1,38 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "./lib/jekyll_auth/version"
|
2
4
|
|
3
5
|
Gem::Specification.new do |s|
|
4
|
-
s.name =
|
6
|
+
s.name = "jekyll-auth"
|
5
7
|
s.version = JekyllAuth::VERSION
|
6
|
-
s.summary =
|
7
|
-
s.description =
|
8
|
-
s.authors =
|
9
|
-
s.email =
|
10
|
-
s.homepage =
|
11
|
-
s.license =
|
8
|
+
s.summary = "A simple way to use GitHub OAuth to serve a protected jekyll site to your GitHub organization"
|
9
|
+
s.description = "A simple way to use GitHub OAuth to serve a protected jekyll site to your GitHub organization."
|
10
|
+
s.authors = "Ben Balter"
|
11
|
+
s.email = "ben@balter.com"
|
12
|
+
s.homepage = "https://github.com/benbalter/jekyll-auth"
|
13
|
+
s.license = "MIT"
|
12
14
|
s.files = `git ls-files`.split("\n")
|
13
15
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
14
16
|
s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
|
15
|
-
s.require_paths = [
|
17
|
+
s.require_paths = ["lib"]
|
16
18
|
|
17
|
-
s.add_dependency
|
18
|
-
s.add_dependency
|
19
|
-
s.add_dependency
|
20
|
-
s.add_dependency
|
21
|
-
s.add_dependency
|
22
|
-
s.add_dependency
|
23
|
-
s.add_dependency
|
24
|
-
s.add_dependency
|
25
|
-
s.add_dependency
|
26
|
-
s.add_dependency
|
27
|
-
s.add_dependency
|
28
|
-
s.
|
29
|
-
s.add_development_dependency
|
30
|
-
s.add_development_dependency
|
31
|
-
s.add_development_dependency
|
32
|
-
s.add_development_dependency
|
19
|
+
s.add_dependency "activesupport", ">= 5", "< 8"
|
20
|
+
s.add_dependency "colorator", "~> 1.0"
|
21
|
+
s.add_dependency "dotenv", "~> 2.0"
|
22
|
+
s.add_dependency "jekyll", "~> 4.0"
|
23
|
+
s.add_dependency "mercenary", "~> 0.3"
|
24
|
+
s.add_dependency "rack", ">= 1.6", "< 3.0"
|
25
|
+
s.add_dependency "rack-protection", ">= 1.5.5", "< 3.0"
|
26
|
+
s.add_dependency "rack-ssl-enforcer", "~> 0.2"
|
27
|
+
s.add_dependency "rake", "~> 13.0"
|
28
|
+
s.add_dependency "safe_yaml", "~> 1.0"
|
29
|
+
s.add_dependency "sinatra-index", "~> 0.0"
|
30
|
+
s.add_dependency "sinatra_auth_github", ">= 1.1", "< 3.0"
|
31
|
+
s.add_development_dependency "pry", "~> 0.10"
|
32
|
+
s.add_development_dependency "rack-test", "~> 2.0"
|
33
|
+
s.add_development_dependency "rspec", "~> 3.1"
|
34
|
+
s.add_development_dependency "rubocop", "~> 0.49", ">= 0.49.0"
|
35
|
+
s.add_development_dependency "rubocop-jekyll", "~> 0.11.0"
|
36
|
+
s.add_development_dependency "rubocop-performance", "~> 1.0"
|
37
|
+
s.add_development_dependency "webmock", "~> 2.3 "
|
33
38
|
end
|
data/lib/jekyll-auth.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "sinatra-index"
|
2
4
|
require "sinatra_auth_github"
|
3
5
|
require "dotenv"
|
@@ -11,6 +13,7 @@ require_relative "jekyll_auth/auth_site"
|
|
11
13
|
require_relative "jekyll_auth/jekyll_site"
|
12
14
|
require_relative "jekyll_auth/config_error"
|
13
15
|
require_relative "jekyll_auth/commands"
|
16
|
+
require_relative "jekyll_auth/sinatra/auth/github"
|
14
17
|
|
15
18
|
Dotenv.load
|
16
19
|
|
data/lib/jekyll_auth/commands.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class JekyllAuth
|
2
4
|
class Commands
|
3
5
|
FILES = %w(Rakefile config.ru .gitignore .env).freeze
|
@@ -13,13 +15,14 @@ class JekyllAuth
|
|
13
15
|
|
14
16
|
def self.changed?
|
15
17
|
!execute_command("git", "status", destination, "--porcelain").empty?
|
16
|
-
rescue
|
18
|
+
rescue StandardError
|
17
19
|
false
|
18
20
|
end
|
19
21
|
|
20
22
|
def self.execute_command(*args)
|
21
23
|
output, status = Open3.capture2e(*args)
|
22
24
|
raise "Command `#{args.join(" ")}` failed: #{output}" unless status.exitstatus.zero?
|
25
|
+
|
23
26
|
output
|
24
27
|
end
|
25
28
|
|
@@ -50,6 +53,7 @@ class JekyllAuth
|
|
50
53
|
execute_command "git", "init", destination
|
51
54
|
FILES.each do |file|
|
52
55
|
next if file == ".env"
|
56
|
+
|
53
57
|
execute_command("git", "add", "--", "#{destination}/#{file}")
|
54
58
|
end
|
55
59
|
end
|
data/lib/jekyll_auth/config.rb
CHANGED
@@ -1,23 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class JekyllAuth
|
2
4
|
def self.config_file
|
3
5
|
File.join(Dir.pwd, "_config.yml")
|
4
6
|
end
|
5
7
|
|
8
|
+
def self.jekyll_config
|
9
|
+
@config ||= YAML.safe_load_file(config_file)
|
10
|
+
rescue StandardError
|
11
|
+
{}
|
12
|
+
end
|
13
|
+
|
6
14
|
def self.config
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
end
|
15
|
+
jekyll_config.fetch("jekyll_auth", {})
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.destination
|
19
|
+
jekyll_config.fetch("destination", File.expand_path("_site", Dir.pwd))
|
13
20
|
end
|
14
21
|
|
15
22
|
def self.whitelist
|
16
|
-
whitelist =
|
23
|
+
whitelist = config["whitelist"]
|
17
24
|
Regexp.new(whitelist.join("|")) unless whitelist.nil?
|
18
25
|
end
|
19
26
|
|
20
27
|
def self.ssl?
|
21
|
-
!!
|
28
|
+
!!config["ssl"]
|
22
29
|
end
|
23
30
|
end
|
data/lib/jekyll_auth/helpers.rb
CHANGED
@@ -1,12 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class JekyllAuth
|
2
4
|
class JekyllSite < Sinatra::Base
|
3
5
|
register Sinatra::Index
|
4
|
-
set :public_folder, File.expand_path(
|
6
|
+
set :public_folder, File.expand_path(JekyllAuth.destination, Dir.pwd)
|
5
7
|
use_static_index "index.html"
|
6
8
|
|
7
9
|
not_found do
|
8
10
|
status 404
|
9
|
-
four_oh_four = File.expand_path("
|
11
|
+
four_oh_four = File.expand_path(settings.public_folder + "/404.html", Dir.pwd)
|
10
12
|
File.read(four_oh_four) if File.exist?(four_oh_four)
|
11
13
|
end
|
12
14
|
end
|
@@ -1,10 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Sinatra
|
2
4
|
module Auth
|
3
5
|
module Github
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
6
|
+
module Helpers
|
7
|
+
# Like the native github_team_authenticate! but accepts an array of team ids
|
8
|
+
def github_teams_authenticate!(teams)
|
9
|
+
authenticate!
|
10
|
+
halt([401, "Unauthorized User"]) unless teams.any? { |team_id| github_team_access?(team_id) }
|
11
|
+
end
|
8
12
|
end
|
9
13
|
end
|
10
14
|
end
|
data/lib/jekyll_auth/version.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "spec_helper"
|
2
4
|
|
3
5
|
describe "jekyll site" do
|
@@ -31,7 +33,7 @@ describe "jekyll site" do
|
|
31
33
|
it "serves the default 404" do
|
32
34
|
get "/a-bad-path"
|
33
35
|
expect(last_response.status).to eql(404)
|
34
|
-
expect(last_response.body).to
|
36
|
+
expect(last_response.body).to match(%r!Not ?Found!i)
|
35
37
|
end
|
36
38
|
|
37
39
|
it "serves a custom 404" do
|
data/spec/jekyll_auth_spec.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "bundler/setup"
|
2
4
|
require "fileutils"
|
3
5
|
|
@@ -46,6 +48,7 @@ end
|
|
46
48
|
def execute_bin(env, *args)
|
47
49
|
output, status = Open3.capture2e(env, bin_path, *args)
|
48
50
|
raise "Command `#{bin_path} #{args.join(" ")}` failed: #{output}" if status != 0
|
51
|
+
|
49
52
|
output
|
50
53
|
end
|
51
54
|
|
data/templates/.gitignore
CHANGED
data/templates/Rakefile
CHANGED
@@ -1,9 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# This file is auto-generated by Jekyll Auth
|
2
4
|
# Feel free to add additional Rake tasks so long as
|
3
5
|
# `rake assets:precompile` continues to generate the jekyll site
|
4
6
|
|
5
7
|
namespace :assets do
|
6
8
|
task :precompile do
|
7
|
-
sh
|
9
|
+
sh "bundle exec jekyll-auth build"
|
8
10
|
end
|
9
11
|
end
|