jekyll-auth 0.6.1 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 65af76c73e08663e99ae5e3b9d0a738a4c3ae1f9
4
- data.tar.gz: 28c1c41c0233f97bd7697943a6b93543cdc12116
3
+ metadata.gz: 224f1e382e17ba515be4e36f8efbd7dc1a4d6d09
4
+ data.tar.gz: 7bd686ab4a2e8735ca327a77d238abbb58173e06
5
5
  SHA512:
6
- metadata.gz: 2c61f1b1a585c78f96977401c8f291c787693f65f530f49d898bcbdfe528adef567636c4989f73f451e78cc1c38f4a422d9afb8a1a6c2fda89edde2162a88668
7
- data.tar.gz: cf19b23a5dab77f582f7746086adb466b4e013742b9b79c515417318d57250abb69b26158f8893cac08772bd7565018f48360074d88400652154fcf8dc071e92
6
+ metadata.gz: 3ede88a021f172783496baf7ed05d842b8226037e1d4eff2a9006fb3beff1f520d48e4bd66d29ba2107309bff77a948646b69830aa7bdc0960ac3df7f8b2cddd
7
+ data.tar.gz: bde47aced770c66e9ec1cf773435f58678bc67869610cffd0fab25587a70aec7e6c96a5562ed2c5275a42692ad7a4240cae06cb31aba5a6558acbc400908344d
data/.gitignore CHANGED
@@ -2,3 +2,4 @@ _site
2
2
  *.gem
3
3
  .env
4
4
  /Gemfile.lock
5
+ tmp
@@ -0,0 +1,15 @@
1
+ language: ruby
2
+ script: "./script/cibuild"
3
+
4
+ before_script:
5
+ - git config --global user.email "you@example.com"
6
+ - git config --global user.name "Your Name"
7
+
8
+ sudo: false
9
+ cache: bundler
10
+
11
+ env:
12
+ global:
13
+ - GITHUB_CLIENT_ID=FOO
14
+ - GITHUB_CLIENT_SECRET=BAR
15
+ - GITHUB_ORG_ID="balter-test-org"
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source "https://rubygems.org"
2
+
3
+ gemspec
@@ -0,0 +1,149 @@
1
+ # Jekyll Auth
2
+
3
+ *A simple way to use GitHub OAuth to serve a protected Jekyll site to your GitHub organization*
4
+
5
+ [![Gem Version](https://badge.fury.io/rb/jekyll-auth.png)](http://badge.fury.io/rb/jekyll-auth) [![Build Status](https://travis-ci.org/benbalter/jekyll-auth.png?branch=master)](https://travis-ci.org/benbalter/jekyll-auth)
6
+
7
+ ## The problem
8
+
9
+ [Jekyll](http://github.com/mojombo/jekyll) and [GitHub Pages](http://pages.github.com) are awesome, right? Static site, lightning fast, everything versioned in Git. What else could you ask for?
10
+
11
+ But what if you only want to share that site with a select number of people? Before, you were SOL. Now, simply host the site on a free, [Heroku](http://heroku.com) Dyno, and whenever someone tries to access it, it will Oauth them against GitHub, and make sure they're a member of your Organization. Pretty cool, huh?
12
+
13
+ ## Requirements
14
+
15
+ 1. A GitHub account (one per user)
16
+ 2. A GitHub Organization (of which members will have access to the Jekyll site)
17
+ 3. A GitHub Application (you can [register one](https://github.com/settings/applications/new) for free)
18
+ 4. A Heroku account (you can technically use this elsewhere, but the instructions are for Heroku)
19
+
20
+ ## Getting Started
21
+
22
+ ### Create a GitHub Application
23
+
24
+ 1. Navigate to [the GitHub app registration page](https://github.com/settings/applications/new)
25
+ 2. Give your app a name
26
+ 3. Tell GitHub the URL you want the app to eventually live at
27
+ 4. Hit Save, but leave the page open, you'll need some of the information in a moment
28
+
29
+ ### Add Jekyll Auth to your site
30
+
31
+ 1. Add `gem 'jekyll-auth'` to your `Gemfile` or if you don't already have a `Gemfile`, create a file called `Gemfile` in the root of your site's repository with the following content:
32
+
33
+ ```ruby
34
+ source "https://rubygems.org"
35
+
36
+ gem 'jekyll-auth'
37
+ ```
38
+
39
+ 2. `cd` into your project's directory and run `bundle install`.
40
+
41
+ 3. Run `bundle exec jekyll-auth new` which will copy the necessary files to set up the server
42
+
43
+ ### Setting up hosting with Heroku
44
+
45
+ #### Automatically
46
+
47
+ Run `bundle exec jekyll-auth --client_id XXX --client_secret XXX --org_id XXX`
48
+
49
+ (or `--team_id XXX`)
50
+
51
+ #### Manually
52
+
53
+ 1. You may need to add and commit the files generated by `jekyll-auth new` to Git before continuing
54
+ 2. Make sure you have [the Heroku toolbelt](https://toolbelt.heroku.com/) installed
55
+ 3. Run `herkou create` from your site's directory
56
+ 4. `heroku config:set GITHUB_CLIENT_ID=XXX GITHUB_CLIENT_SECRET=XXX GITHUB_ORG_ID=XXX` (or `GITHUB_TEAM_ID`)
57
+ 5. `git push heroku`
58
+ 6. `heroku open` to open the site in your browser
59
+
60
+ #### Finding the team ID
61
+
62
+ If you need help finding a team's numeric ID, you can use the `jekyll-auth team_id` command.
63
+
64
+ For example, to find the team ID for @jekyll/maintainers you'd run the command:
65
+
66
+ ```
67
+ jekyll-auth team_id --org jekyll --team maintainers
68
+ ```
69
+
70
+ You'll want to add a [personal access token](https://github.com/settings/tokens/new) to your `.env` file so that Jekyll-Auth can make the necessary API request, but the command will run you through the process if you dont.
71
+
72
+ ## Configuration
73
+
74
+ ### Whitelisting
75
+
76
+ Don't want to require authentication for every part of your site? Fine! Add a whitelist to your Jekyll's *_config.yml_* file:
77
+
78
+ ```yaml
79
+ jekyll_auth:
80
+ whitelist:
81
+ - drafts?
82
+ ```
83
+
84
+ `jekyll_auth.whitelist` takes an array of regular expressions as strings. The default auth behavior checks (and blocks) against root (`/`). Any path defined in the whitelist won't require authentication on your site.
85
+
86
+ What if you want to go the other way, and unauthenticate the entire site _except_ for certain portions? You can define some regex magic for that:
87
+
88
+ ```yaml
89
+ jekyll_auth:
90
+ whitelist:
91
+ - "^((?!draft).)*$"
92
+ ```
93
+
94
+ There is also a more [extensive article containing installation instructions for Jekyll-Auth](http://fabian-kostadinov.github.io/2014/11/13/installation-of-jekyll-auth/) and a second one on [how to find your GitHub team ID](http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/).
95
+
96
+ ### Requiring SSL
97
+
98
+ If [you've got SSL set up](https://devcenter.heroku.com/articles/ssl-endpoint), simply add the following your your `_config.yml` file to ensure SSL is enforced.
99
+
100
+ ```yaml
101
+ jekyll_auth:
102
+ ssl: true
103
+ ```
104
+
105
+ ### Using a custom 404
106
+
107
+ Just like GitHub Pages, Jekyll Auth will honor a custom 404 page, if it's generated as `/404.html` in the built site.
108
+
109
+ ## Running locally
110
+
111
+ Want to run it locally?
112
+
113
+ ### Without authentication
114
+
115
+ Just run `jekyll serve` as you would normally
116
+
117
+ ### With authentication
118
+
119
+ 1. `export GITHUB_CLIENT_ID=[your github app client id]`
120
+ 2. `export GITHUB_CLIENT_SECRET=[your github app client secret]`
121
+ 3. `export GITHUB_ORG_ID=[org id]` or `export GITHUB_TEAM_ID=[team id]` or `export GITHUB_TEAM_IDS=1234,5678`
122
+ 4. `jekyll-auth serve`
123
+
124
+ *Pro-tip #1:* For sanity sake, and to avoid problems with your callback URL, you may want to have two apps, one with a local oauth callback, and one for production if you're going to be testing auth locally.
125
+
126
+ *Pro-tip #2*: Jekyll Auth supports [dotenv](https://github.com/bkeepers/dotenv) out of the box. You can create a `.env` file in the root of site and add your configuration variables there. It's ignored by `.gitignore` if you use `jekyll-auth new`, but be sure not to accidentally commit your `.env` file. Here's what your `.env` file might look like:
127
+
128
+ ```
129
+ GITHUB_CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz0123456789
130
+ GITHUB_CLIENT_ID=qwertyuiop0001
131
+ GITHUB_TEAM_ID=12345
132
+ ```
133
+
134
+ ## Under the hood
135
+
136
+ Every time you push to Heroku, we take advantage of the fact that Heroku automatically runs the `rake assets:precompile` command (normally used for Rails sites) to build our Jekyll site and store it statically, just like GitHub pages would.
137
+
138
+ Anytime a request comes in for a page, we run it through [Sinatra](http://www.sinatrarb.com/) (using the `_site` folder as the static file folder, just as `public` would be normally), and authenticate it using [sinatra_auth_github](https://github.com/atmos/sinatra_auth_github).
139
+
140
+ If they're in the org, they get the page. Otherwise, all they ever get is [the bouncer](http://octodex.github.com/bouncer/).
141
+
142
+ ## Upgrading from Jekyll Auth < 0.1.0
143
+
144
+ 1. `cd` to your project directory
145
+ 2. `rm config.ru`
146
+ 3. `rm Procfile`
147
+ 4. Remove any Jekyll Auth specific requirements from your `Gemfile`
148
+ 5. Follow [the instructions above](https://github.com/benbalter/jekyll-auth#add-jekyll-auth-to-your-site) to get started
149
+ 6. When prompted, select "n" if Heroku is already set up
data/Rakefile CHANGED
@@ -1,9 +1,20 @@
1
- # This file is auto-generated by Jekyll Auth
2
- # Feel free to add additional Rake tasks so long as
3
- # `rake assets:precompile` continues to generate the jekyll site
1
+ require 'rubygems/package_task'
2
+ require 'rubygems/specification'
3
+ require 'bundler'
4
+ require 'fileutils'
5
+ require 'dotenv'
4
6
 
5
- namespace :assets do
6
- task :precompile do
7
- sh "bundle exec jekyll-auth build"
8
- end
7
+ task :default => [:spec]
8
+
9
+ task :site do
10
+ Dotenv.load
11
+ FileUtils.chdir "templates"
12
+ `bundle exec jekyll-auth`
13
+ end
14
+
15
+ require 'rspec/core/rake_task'
16
+ desc "Run specs"
17
+ RSpec::Core::RakeTask.new do |t|
18
+ t.pattern = 'spec/**/*_spec.rb'
19
+ t.rspec_opts = ["--order", "rand", "--color"]
9
20
  end
@@ -1,145 +1,133 @@
1
1
  #!/usr/bin/env ruby
2
2
  # Command-line interface for jekyll-auth
3
3
 
4
- require 'rubygems'
5
- require 'commander/import'
6
- require 'rake'
4
+ require 'mercenary'
7
5
  require 'jekyll-auth'
8
- require 'git'
9
- require 'mkmf'
6
+ require 'open3'
10
7
 
11
- def changed?
12
- git = Git.init
13
- git.diff('HEAD', 'config.ru').entries.length != 0 || git.diff('HEAD', 'Rakefile').entries.length != 0
14
- end
8
+ Mercenary.program("jekyll-auth") do |p|
9
+ p.version JekyllAuth::VERSION
10
+ p.description "A simple way to use Github OAuth to serve a protected jekyll site to your GitHub organization"
11
+ p.syntax 'jekyll-auth <subcommand> options'
15
12
 
16
- program :version, JekyllAuth::VERSION
17
- program :description, 'A simple way to use Github Oauth to serve a protected jekyll site to your GitHub organization'
13
+ p.command(:new) do |c|
14
+ c.syntax 'new'
15
+ c.description "Initialize an existing Jekyll site as a Jekyll Auth site"
16
+ c.action do |args, options|
18
17
 
19
- command :new do |c|
20
- c.syntax = 'jekyll-auth new'
21
- c.description = "Initialize an existing Jekyll site as a Jekyll Auth site"
22
- c.action do |args, options|
23
- source = File.expand_path( "../", File.dirname(__FILE__) )
24
- destination = Dir.pwd
25
- say "Initiating new Jekyll Auth site in #{destination}"
18
+ JekyllAuth::Commands.copy_templates
26
19
 
27
- ["Rakefile", "config.ru", ".gitignore"].each do |file|
28
- if File.exist? "#{destination}/#{file}"
29
- say "* #{destination}/#{file} already exists... skipping."
30
- else
31
- say "* creating #{destination}/#{file}"
32
- FileUtils.cp "#{source}/#{file}", "#{destination}/#{file}"
20
+ if JekyllAuth::Commands.changed?
21
+ puts "Looks like we've made some changes, you may want to do a git commit and git push sometime soon".yellow
33
22
  end
34
- end
35
-
36
- command(:setup).run if agree "Would you like to set up Heroku now? (Y/n)"
37
23
 
38
- if changed?
39
- system "git status"
40
- say "Looks like we've made some changes, you may want to do a git commit and git push sometime soon"
24
+ puts "Setup complete. Run `jekyll-auth` to view the authenticated site."
41
25
  end
26
+ end
42
27
 
43
- say "Setup complete. Run jekyll-auth to view the authenticated site."
28
+ # Run the standard jekyll build command
29
+ # Called by Rake task, to allow the gem
30
+ # to add functionality here in the future
31
+ p.command(:build) do |c|
32
+ c.syntax 'build'
33
+ c.description "Build the Jekyll site"
34
+ c.action do |args, options|
35
+ require 'jekyll'
36
+ Jekyll::Commands::Build.process(options)
37
+ end
44
38
  end
45
- end
46
39
 
47
- command :setup do |c|
48
- c.syntax = "jekyll-auth setup"
49
- c.description = "Configure Heroku for use with your Jekyll Auth site"
50
- c.action do |args, options|
40
+ p.command(:team_id) do |c|
41
+ c.syntax 'team_id --org <ORG> --team <TEAM>'
42
+ c.description "Retrieve a team's ID"
43
+ c.option 'org', '--org <ORG>', 'The GitHub Organization, e.g., "jekyll"'
44
+ c.option 'team', '--team <TEAM>', 'The team name, e.g., "maintainers"'
51
45
 
52
- if find_executable("heroku").nil?
53
- say "Looks like we're missing the Heroku client. Let's see if we can't install it..."
54
- `wget -qO- https://toolbelt.heroku.com/install.sh | sh`
55
- end
56
-
57
- git = Git.init
58
- git.add "config.ru"
59
- git.add "Rakefile"
46
+ c.action do |args, options|
60
47
 
61
- if changed?
62
- git.commit "[Jekyll Auth] Initial setup"
63
- end
48
+ if !JekyllAuth::Commands.env_var_set? "GITHUB_TOKEN"
49
+ puts "You'll need to go to https://github.com/settings/tokens/new and create a personal access token".red
50
+ puts "Once you've got the token, prefix the jekyll-auth command with GITHUB_TOKEN=[YOUR TOKEN]".red
51
+ puts "You can also add it to a `.env` file in this directory".red
52
+ exit 1
53
+ end
64
54
 
65
- if git.remotes.any? { |remote| remote.name == "heroku" }
66
- say "Looks like you've already got heroku set up... skipping."
67
- else
55
+ org = options["org"] || ENV["GITHUB_ORG_ID"]
56
+ team = options["team"]
68
57
 
69
- say "If you already created an app, enter it's name"
70
- say "otherwise, hit enter, and we'll get you set up with one."
71
- app = ask "Heroku App name?"
58
+ if org.nil? || team.nil?
59
+ puts "An org name and team ID are required.".red
60
+ puts "Usage: jekyll-auth team_id --org <ORG> --team <TEAM>"
61
+ exit 1
62
+ end
63
+
64
+ team_id = JekyllAuth::Comands.team_id(org, team)
72
65
 
73
- if app == ""
74
- say "Not a problem, let's create that heroku app for you."
75
- sh "heroku create"
66
+ if found
67
+ puts "The team ID for `@#{org}/#{team}` is `#{team_id}`".green
76
68
  else
77
- say "Great. Let's tell Heroku to use our existing app."
78
- sh "heroku git:remote -a #{app}"
69
+ puts "Couldn't find the `@#{org}/#{team}` team.".red
79
70
  end
80
71
  end
72
+ end
81
73
 
82
- say "Awesome. Let's teach Heroku about our GitHub app."
74
+ p.command(:serve) do |c|
75
+ c.syntax "serve"
76
+ c.description "Run Jekyll Auth site locally"
77
+ c.action do |args, options|
78
+
79
+ # Ensure environmental variables are set
80
+ unless ["GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET"].all? { |v| JekyllAuth::Commands.env_var_set?(v) }
81
+ puts "Whoops. Looks like you forgot to tell Jekyll Auth about your app".red
82
+ puts "Be sure to run export GITHUB_CLIENT_ID=[client id], export GITHUB_CLIENT_SECRET=[client secret], and export GITHUB_ORG_ID=[org id] (or GITHUB_TEAM_ID)".red
83
+ puts "See the readme for more information on where to find these".red
84
+ exit 1
85
+ end
83
86
 
84
- client_id = ask "What's your GitHub Client ID? "
85
- sh "heroku config:set GITHUB_CLIENT_ID=#{client_id}"
87
+ # build site
88
+ p.go ["build"]
86
89
 
87
- client_secret = ask "What's your GitHub Client Secret? "
88
- sh "heroku config:set GITHUB_CLIENT_SECRET=#{client_secret}"
90
+ puts "Spinning up the server with authentication. Use CTRL-C to stop."
91
+ puts "To preview the site without authentication, use the `jekyll serve` command"
92
+ execute_command "bundle", "exec", "rackup", "-p", "4000"
89
93
 
90
- team_id = ask "What's your GitHub Team ID? (you can skip this in favor of an org if you prefer) "
91
- if team_id.length > 0
92
- sh "heroku config:set GITHUB_TEAM_ID=#{team_id}"
93
- else
94
- org_id = ask "What's your GitHub Org ID? "
95
- sh "heroku config:set GITHUB_ORG_ID=#{org_id}"
96
94
  end
95
+ end
97
96
 
98
- say "We're all set. Time to deploy our code to Heroku"
99
- system "git push heroku master --force"
97
+ p.command(:setup) do |c|
98
+ c.syntax "setup"
99
+ c.description "Configure Heroku for use with your Jekyll Auth site"
100
+ c.option "client_id", "--client_id", "Your oauth app client id"
101
+ c.option "client_secret", "--client_secret", "Your oauth app client secret"
102
+ c.option "team_id", "--team_id", "The team to authenticate against"
103
+ c.option "org_id", "--org_id", "An organization to authenticate against"
104
+ c.action do |args, options|
105
+
106
+ if find_executable("heroku").nil?
107
+ say "Looks like we're missing the Heroku client. Let's see if we can't install it..."
108
+ JekyllAuth::Commands.execute_command "wget", "-qO-", "https://toolbelt.heroku.com/install.sh", "|", "sh"
109
+ end
100
110
 
101
- say "Let's check if it worked..."
102
- sh "heroku open"
111
+ JekyllAuth::Commands.init_repo
112
+ JekyllAuth::Commands.initial_commit if JekyllAuth::Commands.changed?
103
113
 
104
- say "fin."
105
- end
106
- end
107
-
108
- command :serve do |c|
109
- c.syntax = "jekyll-auth serve"
110
- c.description = "Run Jekyll Auth site locally"
111
- c.action do |args, options|
112
-
113
- # Ensure environmental variables are set
114
- ["GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET"].each do |var|
115
- next unless ENV[var].nil?
116
- say "Whoops. Looks like you forgot to tell Jekyll Auth about your app"
117
- say "Be sure to run export GITHUB_CLIENT_ID=[client id], export GITHUB_CLIENT_SECRET=[client secret], and export GITHUB_ORG_ID=[org id] (or GITHUB_TEAM_ID)"
118
- say "See the readme for more information on where to find these"
119
- exit(1)
120
- end
114
+ if JekyllAuth::Commands.heroku_remote_set?
115
+ puts "Looks like you've already got heroku set up... skipping.".green
116
+ else
117
+ puts "Creating a new Heroku app."
118
+ JekyllAuth::Commands.execute_command "heroku", "create"
119
+ end
121
120
 
122
- # build site
123
- command(:build).run
121
+ puts "Configuring the Heroku app"
122
+ JekyllAuth::Commands.configure_heroku(options)
124
123
 
125
- say "Spinning up the server with authentication. Use CTRL-C to stop."
126
- say "To preview the site without authentication, use the `jekyll serve` command"
127
- sh "bundle exec rackup -p 4000"
124
+ puts "Pushing to Heroku"
125
+ JekyllAuth::Commands.execute_command "git", "push", "heroku", "master", "--force"
128
126
 
127
+ puts "Lets check if it worked"
128
+ JekyllAuth::Commands.execute_command "heroku", "open"
129
+ end
129
130
  end
130
- end
131
131
 
132
- # Run the standard jekyll build command
133
- # Called by Rake task, to allow the gem
134
- # to add functionality here in the future
135
- command :build do |c|
136
- c.syntax = 'jekyll-auth build'
137
- c.description = "Build Jekyll site"
138
- c.action do |args, options|
139
- say "building the site..."
140
- sh "bundle exec jekyll build"
141
- say "site built."
142
- end
132
+ p.default_command(:serve)
143
133
  end
144
-
145
- default_command :serve