jekyll-auth 0.6.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 65af76c73e08663e99ae5e3b9d0a738a4c3ae1f9
-  data.tar.gz: 28c1c41c0233f97bd7697943a6b93543cdc12116
+  metadata.gz: 224f1e382e17ba515be4e36f8efbd7dc1a4d6d09
+  data.tar.gz: 7bd686ab4a2e8735ca327a77d238abbb58173e06
 SHA512:
-  metadata.gz: 2c61f1b1a585c78f96977401c8f291c787693f65f530f49d898bcbdfe528adef567636c4989f73f451e78cc1c38f4a422d9afb8a1a6c2fda89edde2162a88668
-  data.tar.gz: cf19b23a5dab77f582f7746086adb466b4e013742b9b79c515417318d57250abb69b26158f8893cac08772bd7565018f48360074d88400652154fcf8dc071e92
+  metadata.gz: 3ede88a021f172783496baf7ed05d842b8226037e1d4eff2a9006fb3beff1f520d48e4bd66d29ba2107309bff77a948646b69830aa7bdc0960ac3df7f8b2cddd
+  data.tar.gz: bde47aced770c66e9ec1cf773435f58678bc67869610cffd0fab25587a70aec7e6c96a5562ed2c5275a42692ad7a4240cae06cb31aba5a6558acbc400908344d

data/.gitignore

@@ -2,3 +2,4 @@ _site
 *.gem
 .env
 /Gemfile.lock
+tmp

data/.travis.yml

@@ -0,0 +1,15 @@
+language: ruby
+script: "./script/cibuild"
+
+before_script:
+  - git config --global user.email "you@example.com"
+  - git config --global user.name "Your Name"
+
+sudo: false
+cache: bundler
+
+env:
+  global:
+    - GITHUB_CLIENT_ID=FOO
+    - GITHUB_CLIENT_SECRET=BAR
+    - GITHUB_ORG_ID="balter-test-org"

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/README.md

@@ -0,0 +1,149 @@
+# Jekyll Auth
+
+*A simple way to use GitHub OAuth to serve a protected Jekyll site to your GitHub organization*
+
+[![Gem Version](https://badge.fury.io/rb/jekyll-auth.png)](http://badge.fury.io/rb/jekyll-auth) [![Build Status](https://travis-ci.org/benbalter/jekyll-auth.png?branch=master)](https://travis-ci.org/benbalter/jekyll-auth)
+
+## The problem
+
+[Jekyll](http://github.com/mojombo/jekyll) and [GitHub Pages](http://pages.github.com) are awesome, right? Static site, lightning fast, everything versioned in Git. What else could you ask for?
+
+But what if you only want to share that site with a select number of people? Before, you were SOL. Now, simply host the site on a free, [Heroku](http://heroku.com) Dyno, and whenever someone tries to access it, it will Oauth them against GitHub, and make sure they're a member of your Organization. Pretty cool, huh?
+
+## Requirements
+
+1. A GitHub account (one per user)
+2. A GitHub Organization (of which members will have access to the Jekyll site)
+3. A GitHub Application (you can [register one](https://github.com/settings/applications/new) for free)
+4. A Heroku account (you can technically use this elsewhere, but the instructions are for Heroku)
+
+## Getting Started
+
+### Create a GitHub Application
+
+1. Navigate to [the GitHub app registration page](https://github.com/settings/applications/new)
+2. Give your app a name
+3. Tell GitHub the URL you want the app to eventually live at
+4. Hit Save, but leave the page open, you'll need some of the information in a moment
+
+### Add Jekyll Auth to your site
+
+1. Add `gem 'jekyll-auth'` to your `Gemfile` or if you don't already have a `Gemfile`, create a file called `Gemfile` in the root of your site's repository with the following content:
+
+  ```ruby
+  source "https://rubygems.org"
+
+  gem 'jekyll-auth'
+  ```
+
+2. `cd` into your project's directory and run `bundle install`.
+
+3. Run `bundle exec jekyll-auth new` which will copy the necessary files to set up the server
+
+### Setting up hosting with Heroku
+
+#### Automatically
+
+Run `bundle exec jekyll-auth --client_id XXX --client_secret XXX --org_id XXX`
+
+(or `--team_id XXX`)
+
+#### Manually
+
+1. You may need to add and commit the files generated by `jekyll-auth new` to Git before continuing
+2. Make sure you have [the Heroku toolbelt](https://toolbelt.heroku.com/) installed
+3. Run `herkou create` from your site's directory
+4. `heroku config:set GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=XXX GITHUB_ORG_ID=XXX` (or `GITHUB_TEAM_ID`)
+5. `git push heroku`
+6. `heroku open` to open the site in your browser
+
+#### Finding the team ID
+
+If you need help finding a team's numeric ID, you can use the `jekyll-auth team_id` command.
+
+For example, to find the team ID for @jekyll/maintainers you'd run the command:
+
+```
+jekyll-auth team_id --org jekyll --team maintainers
+```
+
+You'll want to add a [personal access token](https://github.com/settings/tokens/new) to your `.env` file so that Jekyll-Auth can make the necessary API request, but the command will run you through the process if you dont.
+
+## Configuration
+
+### Whitelisting
+
+Don't want to require authentication for every part of your site? Fine! Add a whitelist to your Jekyll's *_config.yml_* file:
+
+```yaml
+jekyll_auth:
+  whitelist:
+    - drafts?
+```
+
+`jekyll_auth.whitelist` takes an array of regular expressions as strings. The default auth behavior checks (and blocks) against root (`/`). Any path defined in the whitelist won't require authentication on your site.
+
+What if you want to go the other way, and unauthenticate the entire site _except_ for certain portions? You can define some regex magic for that:
+
+```yaml
+jekyll_auth:
+  whitelist:
+    - "^((?!draft).)*$"
+```
+
+There is also a more [extensive article containing installation instructions for Jekyll-Auth](http://fabian-kostadinov.github.io/2014/11/13/installation-of-jekyll-auth/) and a second one on [how to find your GitHub team ID](http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/).
+
+### Requiring SSL
+
+If [you've got SSL set up](https://devcenter.heroku.com/articles/ssl-endpoint), simply add the following your your `_config.yml` file to ensure SSL is enforced.
+
+```yaml
+jekyll_auth:
+  ssl: true
+```
+
+### Using a custom 404
+
+Just like GitHub Pages, Jekyll Auth will honor a custom 404 page, if it's generated as `/404.html` in the built site.
+
+## Running locally
+
+Want to run it locally?
+
+### Without authentication
+
+Just run `jekyll serve` as you would normally
+
+### With authentication
+
+1. `export GITHUB_CLIENT_ID=[your github app client id]`
+2. `export GITHUB_CLIENT_SECRET=[your github app client secret]`
+3. `export GITHUB_ORG_ID=[org id]` or `export GITHUB_TEAM_ID=[team id]` or `export GITHUB_TEAM_IDS=1234,5678`
+4. `jekyll-auth serve`
+
+*Pro-tip #1:* For sanity sake, and to avoid problems with your callback URL, you may want to have two apps, one with a local oauth callback, and one for production if you're going to be testing auth locally.
+
+*Pro-tip #2*: Jekyll Auth supports [dotenv](https://github.com/bkeepers/dotenv) out of the box. You can create a `.env` file in the root of site and add your configuration variables there. It's ignored by `.gitignore` if you use `jekyll-auth new`, but be sure not to accidentally commit your `.env` file. Here's what your `.env` file might look like:
+
+```
+GITHUB_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
+GITHUB_CLIENT_ID=qwertyuiop0001
+GITHUB_TEAM_ID=12345
+```
+
+## Under the hood
+
+Every time you push to Heroku, we take advantage of the fact that Heroku automatically runs the `rake assets:precompile` command (normally used for Rails sites) to build our Jekyll site and store it statically, just like GitHub pages would.
+
+Anytime a request comes in for a page, we run it through [Sinatra](http://www.sinatrarb.com/) (using the `_site` folder as the static file folder, just as `public` would be normally), and authenticate it using [sinatra_auth_github](https://github.com/atmos/sinatra_auth_github).
+
+If they're in the org, they get the page. Otherwise, all they ever get is [the bouncer](http://octodex.github.com/bouncer/).
+
+## Upgrading from Jekyll Auth < 0.1.0
+
+1. `cd` to your project directory
+2. `rm config.ru`
+3. `rm Procfile`
+4. Remove any Jekyll Auth specific requirements from your `Gemfile`
+5. Follow [the instructions above](https://github.com/benbalter/jekyll-auth#add-jekyll-auth-to-your-site) to get started
+6. When prompted, select "n" if Heroku is already set up

data/Rakefile

@@ -1,9 +1,20 @@
-# This file is auto-generated by Jekyll Auth
-# Feel free to add additional Rake tasks so long as
-# `rake assets:precompile` continues to generate the jekyll site
+require 'rubygems/package_task'
+require 'rubygems/specification'
+require 'bundler'
+require 'fileutils'
+require 'dotenv'
 
-namespace :assets do
-  task :precompile do
-    sh "bundle exec jekyll-auth build"
-  end
+task :default => [:spec]
+
+task :site do
+  Dotenv.load
+  FileUtils.chdir "templates"
+  `bundle exec jekyll-auth`
+end
+
+require 'rspec/core/rake_task'
+desc "Run specs"
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = 'spec/**/*_spec.rb'
+  t.rspec_opts = ["--order", "rand", "--color"]
 end

data/bin/jekyll-auth

@@ -1,145 +1,133 @@
 #!/usr/bin/env ruby
 # Command-line interface for jekyll-auth
 
-require 'rubygems'
-require 'commander/import'
-require 'rake'
+require 'mercenary'
 require 'jekyll-auth'
-require 'git'
-require 'mkmf'
+require 'open3'
 
-def changed?
-  git = Git.init
-  git.diff('HEAD', 'config.ru').entries.length != 0 || git.diff('HEAD', 'Rakefile').entries.length != 0
-end
+Mercenary.program("jekyll-auth") do |p|
+  p.version     JekyllAuth::VERSION
+  p.description "A simple way to use Github OAuth to serve a protected jekyll site to your GitHub organization"
+  p.syntax      'jekyll-auth <subcommand> options'
 
-program :version, JekyllAuth::VERSION
-program :description, 'A simple way to use Github Oauth to serve a protected jekyll site to your GitHub organization'
+  p.command(:new) do |c|
+    c.syntax 'new'
+    c.description "Initialize an existing Jekyll site as a Jekyll Auth site"
+    c.action do |args, options|
 
-command :new do |c|
-  c.syntax = 'jekyll-auth new'
-  c.description = "Initialize an existing Jekyll site as a Jekyll Auth site"
-  c.action do |args, options|
-    source = File.expand_path( "../", File.dirname(__FILE__) )
-    destination = Dir.pwd
-    say "Initiating new Jekyll Auth site in #{destination}"
+      JekyllAuth::Commands.copy_templates
 
-    ["Rakefile", "config.ru", ".gitignore"].each do |file|
-      if File.exist? "#{destination}/#{file}"
-        say "* #{destination}/#{file} already exists... skipping."
-      else
-        say "* creating #{destination}/#{file}"
-        FileUtils.cp "#{source}/#{file}", "#{destination}/#{file}"
+      if JekyllAuth::Commands.changed?
+        puts "Looks like we've made some changes, you may want to do a git commit and git push sometime soon".yellow
       end
-    end
-
-    command(:setup).run if agree "Would you like to set up Heroku now? (Y/n)"
 
-    if changed?
-      system "git status"
-      say "Looks like we've made some changes, you may want to do a git commit and git push sometime soon"
+      puts "Setup complete. Run `jekyll-auth` to view the authenticated site."
     end
+  end
 
-    say "Setup complete. Run jekyll-auth to view the authenticated site."
+  # Run the standard jekyll build command
+  # Called by Rake task, to allow the gem
+  # to add functionality here in the future
+  p.command(:build) do |c|
+    c.syntax 'build'
+    c.description "Build the Jekyll site"
+    c.action do |args, options|
+      require 'jekyll'
+      Jekyll::Commands::Build.process(options)
+    end
   end
-end
 
-command :setup do |c|
-  c.syntax = "jekyll-auth setup"
-  c.description = "Configure Heroku for use with your Jekyll Auth site"
-  c.action do |args, options|
+  p.command(:team_id) do |c|
+    c.syntax 'team_id --org <ORG> --team <TEAM>'
+    c.description "Retrieve a team's ID"
+    c.option 'org', '--org <ORG>', 'The GitHub Organization, e.g., "jekyll"'
+    c.option 'team', '--team <TEAM>', 'The team name, e.g., "maintainers"'
 
-    if find_executable("heroku").nil?
-      say "Looks like we're missing the Heroku client. Let's see if we can't install it..."
-      `wget -qO- https://toolbelt.heroku.com/install.sh | sh`
-    end
-    
-    git = Git.init
-    git.add "config.ru"
-    git.add "Rakefile"
+    c.action do |args, options|
 
-    if changed?
-      git.commit "[Jekyll Auth] Initial setup"
-    end
+      if !JekyllAuth::Commands.env_var_set? "GITHUB_TOKEN"
+        puts "You'll need to go to https://github.com/settings/tokens/new and create a personal access token".red
+        puts "Once you've got the token, prefix the jekyll-auth command with GITHUB_TOKEN=[YOUR TOKEN]".red
+        puts "You can also add it to a `.env` file in this directory".red
+        exit 1
+      end
 
-    if git.remotes.any? { |remote| remote.name == "heroku" }
-      say "Looks like you've already got heroku set up... skipping."
-    else
+      org = options["org"] || ENV["GITHUB_ORG_ID"]
+      team = options["team"]
 
-      say "If you already created an app, enter it's name"
-      say "otherwise, hit enter, and we'll get you set up with one."
-      app = ask "Heroku App name?"
+      if org.nil? || team.nil?
+        puts "An org name and team ID are required.".red
+        puts "Usage: jekyll-auth team_id --org <ORG> --team <TEAM>"
+        exit 1
+      end
+
+      team_id = JekyllAuth::Comands.team_id(org, team)
 
-      if app == ""
-        say "Not a problem, let's create that heroku app for you."
-        sh "heroku create"
+      if found
+        puts "The team ID for `@#{org}/#{team}` is `#{team_id}`".green
       else
-        say "Great. Let's tell Heroku to use our existing app."
-        sh "heroku git:remote -a #{app}"
+        puts "Couldn't find the `@#{org}/#{team}` team.".red
       end
     end
+  end
 
-    say "Awesome. Let's teach Heroku about our GitHub app."
+  p.command(:serve) do |c|
+    c.syntax "serve"
+    c.description "Run Jekyll Auth site locally"
+    c.action do |args, options|
+
+      # Ensure environmental variables are set
+      unless ["GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET"].all? { |v| JekyllAuth::Commands.env_var_set?(v) }
+        puts "Whoops. Looks like you forgot to tell Jekyll Auth about your app".red
+        puts "Be sure to run export GITHUB_CLIENT_ID=[client id], export GITHUB_CLIENT_SECRET=[client secret], and export GITHUB_ORG_ID=[org id] (or GITHUB_TEAM_ID)".red
+        puts "See the readme for more information on where to find these".red
+        exit 1
+      end
 
-    client_id = ask "What's your GitHub Client ID? "
-    sh "heroku config:set GITHUB_CLIENT_ID=#{client_id}"
+      # build site
+      p.go ["build"]
 
-    client_secret = ask "What's your GitHub Client Secret? "
-    sh "heroku config:set GITHUB_CLIENT_SECRET=#{client_secret}"
+      puts "Spinning up the server with authentication. Use CTRL-C to stop."
+      puts "To preview the site without authentication, use the `jekyll serve` command"
+      execute_command "bundle", "exec", "rackup", "-p", "4000"
 
-    team_id = ask "What's your GitHub Team ID? (you can skip this in favor of an org if you prefer) "
-    if team_id.length > 0
-      sh "heroku config:set GITHUB_TEAM_ID=#{team_id}"
-    else
-      org_id = ask "What's your GitHub Org ID? "
-      sh "heroku config:set GITHUB_ORG_ID=#{org_id}"
     end
+  end
 
-    say "We're all set. Time to deploy our code to Heroku"
-    system "git push heroku master --force"
+  p.command(:setup) do |c|
+    c.syntax "setup"
+    c.description "Configure Heroku for use with your Jekyll Auth site"
+    c.option "client_id", "--client_id", "Your oauth app client id"
+    c.option "client_secret", "--client_secret", "Your oauth app client secret"
+    c.option "team_id", "--team_id", "The team to authenticate against"
+    c.option "org_id", "--org_id", "An organization to authenticate against"
+    c.action do |args, options|
+
+      if find_executable("heroku").nil?
+        say "Looks like we're missing the Heroku client. Let's see if we can't install it..."
+        JekyllAuth::Commands.execute_command "wget", "-qO-", "https://toolbelt.heroku.com/install.sh", "|", "sh"
+      end
 
-    say "Let's check if it worked..."
-    sh "heroku open"
+      JekyllAuth::Commands.init_repo
+      JekyllAuth::Commands.initial_commit if JekyllAuth::Commands.changed?
 
-    say "fin."
-  end
-end
-
-command :serve do |c|
-  c.syntax = "jekyll-auth serve"
-  c.description = "Run Jekyll Auth site locally"
-  c.action do |args, options|
-
-    # Ensure environmental variables are set
-    ["GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET"].each do |var|
-      next unless ENV[var].nil?
-      say "Whoops. Looks like you forgot to tell Jekyll Auth about your app"
-      say "Be sure to run export GITHUB_CLIENT_ID=[client id], export GITHUB_CLIENT_SECRET=[client secret], and export GITHUB_ORG_ID=[org id] (or GITHUB_TEAM_ID)"
-      say "See the readme for more information on where to find these"
-      exit(1)
-    end
+      if JekyllAuth::Commands.heroku_remote_set?
+        puts "Looks like you've already got heroku set up... skipping.".green
+      else
+        puts "Creating a new Heroku app."
+        JekyllAuth::Commands.execute_command "heroku", "create"
+      end
 
-    # build site
-    command(:build).run
+      puts "Configuring the Heroku app"
+      JekyllAuth::Commands.configure_heroku(options)
 
-    say "Spinning up the server with authentication. Use CTRL-C to stop."
-    say "To preview the site without authentication, use the `jekyll serve` command"
-    sh "bundle exec rackup -p 4000"
+      puts "Pushing to Heroku"
+      JekyllAuth::Commands.execute_command "git", "push", "heroku", "master", "--force"
 
+      puts "Lets check if it worked"
+      JekyllAuth::Commands.execute_command "heroku", "open"
+    end
   end
-end
 
-# Run the standard jekyll build command
-# Called by Rake task, to allow the gem
-# to add functionality here in the future
-command :build do |c|
-  c.syntax = 'jekyll-auth build'
-  c.description = "Build Jekyll site"
-  c.action do |args, options|
-    say "building the site..."
-    sh "bundle exec jekyll build"
-    say "site built."
-  end
+  p.default_command(:serve)
 end
-
-default_command :serve