Tuesday, October 15, 2013

Securing Site That Runs on Github Pages With JSON Backend In Private Repository

I have been deploying websites that run 100% on Github, using Github Pages and Jekyll for a while now. I'm pushing forward with different approaches to deploying sites and applications using this model, and my recent evolution is securing a website, only allowing specific people to access and interact with the site or application.

In this case, I have a web application that I am developing, and will run on Github, but I'm not ready for it to be public. So I created a private repository, then using the Automatic Page Generator under Github settings, I created a public site for the repository using Github Pages.

Next I created a JSON file that contained the navigation for the site, and each page and its content:

I put this JSON file in the master branch of the repository, which is private. After that, using Github.js I wrote a little bit of JavaScript using Jquery that pulled the JSON from the master branch and built the navigation and page content on the page:

Before the page will build, you have to have a valid oAuth token for the repository. In this particular scenario I am just passing the oAuth token through URL as a parameter, and if the variable isn't present or is invalid, the request for the JSON file just returns a 404 and none of the navigation or site content is updated. For other version I will be using oAuth.io to secure the application and just add people as Github team members if I want them to have access to the application.

Once I'm done with this particular application, and I am ready to make public I will just make the Github repository public and replace the pulling of master JSON file with a regular JQuery getJSON call, and use the JSON to build the site just like I do now.

This approach is definitely not for all applications, but easily allows me to run applications on Github and maintain a private, secure back-end. I just use Github OAuth security to access any files I want to keep private, and make only what I need public. In this case, unless you have access you just see a splash page.

from http://feedproxy.google.com/~r/KinLane/~3/jbihd2BdiPM/securing-site-that-runs-on-github-pages-with-json-backend-in-private-repository

No comments: