Skip to content

Commit

Permalink
Upgrade plugin for usage with 0.4.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@josegonzalez
josegonzalez committed Sep 27, 2015
1 parent 35194b3 commit f29d97c
Show file tree
Hide file tree
Showing 8 changed files with 147 additions and 96 deletions.
16 changes: 16 additions & 0 deletions .editorconfig
View file
@@ -0,0 +1,16 @@
root = true

[*]
insert_final_newline = true
indent_style = space
indent_size = 2

[Makefile]
insert_final_newline = true
indent_style = tab
indent_size = 4

[*.mk]
insert_final_newline = true
indent_style = tab
indent_size = 4
6 changes: 5 additions & 1 deletion .travis.yml
View file
@@ -1,5 +1,9 @@
sudo: required
language: bash
script: make test
env:
- DOKKU_VERSION=master
before_install: make setup
install:
- 'sudo apt-get update -qq'
- 'sudo apt-get install -y bc'
script: make test
19 changes: 19 additions & 0 deletions LICENSE.txt
View file
@@ -0,0 +1,19 @@
Copyright (c) 2014 Matthew Oakes

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
35 changes: 33 additions & 2 deletions Makefile
View file
@@ -1,4 +1,35 @@
.PHONY: all test clean
shellcheck:
ifeq ($(shell shellcheck > /dev/null 2>&1 ; echo $$?),127)
ifeq ($(shell uname),Darwin)
brew install shellcheck
else
sudo add-apt-repository 'deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse'
sudo apt-get update -qq && sudo apt-get install -qq -y shellcheck
endif
endif

test:
bats:
ifeq ($(shell bats > /dev/null 2>&1 ; echo $$?),127)
ifeq ($(shell uname),Darwin)
brew install shellcheck
else
sudo add-apt-repository ppa:duggan/bats --yes
sudo apt-get update -qq && sudo apt-get install -qq -y bats
endif
endif

ci-dependencies: shellcheck bats

lint:
# these are disabled due to their expansive existence in the codebase. we should clean it up though
# SC2046: Quote this to prevent word splitting. - https://github.com/koalaman/shellcheck/wiki/SC2046
# SC2068: Double quote array expansions, otherwise they're like $* and break on spaces. - https://github.com/koalaman/shellcheck/wiki/SC2068
# SC2086: Double quote to prevent globbing and word splitting - https://github.com/koalaman/shellcheck/wiki/SC2086
@echo linting...
@$(QUIET) find ./ -maxdepth 1 -not -path '*/\.*' | xargs file | egrep "shell|bash" | awk '{ print $$1 }' | sed 's/://g' | xargs shellcheck -e SC2046,SC2068,SC2086

setup:
$(MAKE) ci-dependencies

test: setup lint
test/commands_test.sh
53 changes: 13 additions & 40 deletions README.md
View file
@@ -1,20 +1,22 @@
Dokku Secure App Plugin [![Build Status](https://travis-ci.org/matto1990/dokku-secure-apps.svg?branch=master)](https://travis-ci.org/matto1990/dokku-secure-apps)
=======================
# Dokku Secure App Plugin [![Build Status](https://travis-ci.org/matto1990/dokku-secure-apps.svg?branch=master)](https://travis-ci.org/matto1990/dokku-secure-apps)

This is a plugin for [Dokku](https://github.com/progrium/dokku) which secures an individual app with HTTP Basic authentication.

Installation
------------
## installation

```bash
git clone https://github.com/matto1990/dokku-secure-apps.git /var/lib/dokku/plugins/secure-apps
```shell
# on 0.3.x
cd /var/lib/dokku/plugins
git clone https://github.com/matto1990/dokku-secure-apps.git secure-apps
dokku plugins-install

# on 0.4.x
dokku plugin:install https://github.com/matto1990/dokku-secure-apps.git secure-apps
```

Commands
--------
## commands

```
```shell
$ dokku help
secure:disable <app> remove security for this app
secure:enable <app> enable security for this app
Expand All @@ -24,8 +26,7 @@ $ dokku help
secure:list <app> list users for app
```

Unit Tests
----------
## Unit Tests

This plugins test were inspired by the tests in [https://github.com/neam/dokku-custom-domains](https://github.com/neam/dokku-custom-domains). It uses [assert.sh 1.0 - bash unit testing framework](http://github.com/lehmannro/assert.sh).

Expand All @@ -35,34 +36,6 @@ To run the tests:
make test
```

TODO
----
## TODO

- Globally secure all apps (with opt-out for specific apps)

Licence
-------

```
The MIT License (MIT)
Copyright (c) 2014 Matthew Oakes
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
```
106 changes: 54 additions & 52 deletions commands
View file
Expand Up @@ -17,121 +17,123 @@ if [[ $1 == secure:* ]]; then
fi

case "$1" in

secure:delete)
[ $# -ne 2 ] && echo "Usage: dokku secure:delete <app>" && exit 1
[[ -z $2 ]] && dokku_log_fail "Please specify an app to run the command on"
APP="$2"; verify_app_name "$APP"
readonly HTPASSWD_FILE="$DOKKU_ROOT/$APP/HTPASSWD"
readonly NGINX_CONF="$DOKKU_ROOT/$APP/nginx.conf.d/secure.conf"

if [ -f "$NGINX_CONF" ]; then
echo "Error: can't delete htpasswd for app $APP"
echo "Please run dokku secure:disable first"
[[ -f "$NGINX_CONF" ]] && dokku_log_fail "Error: can't delete htpasswd for app $APP\nPlease run dokku secure:disable first"

exit 1
fi

if [ -f "$HTPASSWD_FILE" ]; then
if [[ -f "$HTPASSWD_FILE" ]]; then
rm "$HTPASSWD_FILE"
echo "Removed htpasswd file for app $APP"
dokku_log_verbose_quiet "Removed htpasswd file for app $APP"
else
echo "No htpasswd file for app $APP"
dokku_log_verbose_quiet "No htpasswd file for app $APP"
fi

;;

secure:disable)
[ $# -ne 2 ] && echo "Usage: dokku secure:disable <app>" && exit 1
[[ -z $2 ]] && dokku_log_fail "Please specify an app to run the command on"
APP="$2"; verify_app_name "$APP"
readonly NGINX_CONF="$DOKKU_ROOT/$APP/nginx.conf.d/secure.conf"

if [[ -f "$NGINX_CONF" ]]; then
rm "$NGINX_CONF"

sudo /etc/init.d/nginx reload
echo "htpasswd disabled for app $APP"
dokku_log_verbose_quiet "htpasswd disabled for app $APP"
else
echo "htpasswd already disabled for app $APP"
dokku_log_verbose_quiet "htpasswd already disabled for app $APP"
fi
;;

secure:enable)
[ $# -ne 2 ] && echo "Usage: dokku secure:enable <app>" && exit 1
[[ -z $2 ]] && dokku_log_fail "Please specify an app to run the command on"
APP="$2"; verify_app_name "$APP"
readonly HTPASSWD_FILE="$DOKKU_ROOT/$APP/HTPASSWD"
readonly NGINX_CONF_D="$DOKKU_ROOT/$APP/nginx.conf.d"
readonly NGINX_CONF="$DOKKU_ROOT/$APP/nginx.conf.d/secure.conf"

if [[ ! -f "$HTPASSWD_FILE" ]]; then
echo "Error: no htpasswd file"
echo "Add users with dokku secure:add before enabling"
exit 1
fi
[[ ! -f "$HTPASSWD_FILE" ]] && dokku_log_fail "Error: no htpasswd file\nAdd users with dokku secure:add before enabling"

if [[ ! -f $NGINX_CONF ]]; then
[ -d "$NGINX_CONF_D" ] || mkdir "$NGINX_CONF_D"
[[ -d "$NGINX_CONF_D" ]] || mkdir -p "$NGINX_CONF_D"

# update app nginx.conf with the security parameters
echo 'auth_basic "Restricted";' > "$NGINX_CONF"
echo "auth_basic_user_file $HTPASSWD_FILE;" >> "$NGINX_CONF"

sudo /etc/init.d/nginx reload

echo "htpasswd enabled for app $APP"
dokku_log_verbose_quiet "htpasswd enabled for app $APP"
else
echo "htpasswd already enabled for app $APP"
dokku_log_verbose_quiet "htpasswd already enabled for app $APP"
fi
;;

secure:set)
if [ $# -ne 4 ]; then
echo "Usage: dokku secure:set APP USERNAME PASSWORD"
echo "Must specify a USERNAME and PASSWORD."
exit 1
fi
[[ -z $2 ]] && dokku_log_fail "Please specify an app to run the command on"
[[ -z $3 ]] && dokku_log_fail "Please specify a username"
[[ -z $4 ]] && dokku_log_fail "Please specify a password"
APP="$2"; verify_app_name "$APP"

if [ ! -f "$HTPASSWD_FILE" ]; then
if [[ ! -f "$HTPASSWD_FILE" ]]; then
touch "$HTPASSWD_FILE"
fi

if ! grep "^$3:" "$HTPASSWD_FILE" > /dev/null; then
htpasswd -b "$HTPASSWD_FILE" "$3" "$4" || exit 1
echo "User '$3' added for app $APP"
dokku_log_verbose_quiet "User '$3' added for app $APP"
else
htpasswd -b "$HTPASSWD_FILE" "$3" "$4" || exit 1
echo "Password for user '$3' updated for app $APP"
dokku_log_verbose_quiet "Password for user '$3' updated for app $APP"
fi

;;

secure:unset)
if [ $# -ne 3 ]; then
echo "Usage: dokku secure:unset APP USERNAME"
echo "Must specify a USERNAME."
exit 1
fi
[[ -z $2 ]] && dokku_log_fail "Please specify an app to run the command on"
[[ -z $3 ]] && dokku_log_fail "Please specify a username"
APP="$2"; verify_app_name "$APP"

if ! grep "^$3:" "$HTPASSWD_FILE" > /dev/null; then
echo "User '$3' doesn't exist for app $APP"
exit 1
dokku_log_fail "User '$3' doesn't exist for app $APP"
fi

if [ "$(wc -l "$HTPASSWD_FILE" | cut -d' ' -f1)" -lt 2 ]; then
echo "Error: can't delete last user for app $APP"
exit 1
if [[ "$(wc -l "$HTPASSWD_FILE" | cut -d' ' -f1)" -lt 2 ]]; then
dokku_log_fail "Error: can't delete last user for app $APP"
fi

htpasswd -D "$HTPASSWD_FILE" "$3" || exit 2
echo "User '$3' deleted for app $APP"
dokku_log_verbose_quiet "User '$3' deleted for app $APP"
;;

secure:list)
APP="$2"; verify_app_name "$APP"

USER_COUNT="$(wc -l "$HTPASSWD_FILE" | cut -d' ' -f1)"

echo "Users for app $APP (Total: $USER_COUNT)"
cut -d':' -f1 "$HTPASSWD_FILE"
;;

help)
cat && cat<<EOF
secure:disable <app> remove security for this app
secure:enable <app> enable security for this app
secure:delete <app> delete htpasswd file for this app
secure:set <app> username password add user to app or update their password
secure:unset <app> username remove user from app
secure:list <app> list users for app
help | secure:help)
HELP=$(cat<<EOF
secure:disable <app>, remove security for this app
secure:enable <app>, enable security for this app
secure:delete <app>, delete htpasswd file for this app
secure:set <app> username password, add user to app or update their password
secure:unset <app> username, remove user from app
secure:list <app>, list users for app
EOF
)
if [[ -n $DOKKU_API_VERSION ]]; then
echo "$HELP"
else
cat && echo "$HELP"
fi
;;

*)
exit $DOKKU_NOT_IMPLEMENTED_EXIT
;;
Expand Down
4 changes: 3 additions & 1 deletion install
View file
@@ -1,3 +1,5 @@
#!/bin/bash
#!/usr/bin/env bash
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x

apt-get update
apt-get -y install apache2-utils
4 changes: 4 additions & 0 deletions plugin.toml
View file
@@ -0,0 +1,4 @@
[plugin]
description = "secures an application using basic authentication"
version = "1.0.0"
[plugin.config]

0 comments on commit f29d97c

Please sign in to comment.