Skip to content

Commit

Permalink
Merge branch 'develop' of github.com:pentandra/lifepreserver into dev…
Browse files Browse the repository at this point in the history
…elop
  • Loading branch information
cdchapman committed Nov 9, 2016
2 parents 06b0cb1 + 30571b3 commit b579000
Show file tree
Hide file tree
Showing 353 changed files with 1,467 additions and 298 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@ output.diff
crash.log
*.autosave
*.bak
items/assets/components/
items/static/assets/components/
tmp/
.bundle
4 changes: 2 additions & 2 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[submodule "specifications"]
path = specifications
url = [email protected]:pentandra/specifications.git
[submodule "items/company/benefit-reports"]
path = items/company/benefit-reports
[submodule "benefit-reports"]
path = items/static/company/benefit-reports
url = [email protected]:pentandra/benefit-reports.git
16 changes: 16 additions & 0 deletions Checks
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,26 @@ check :no_unprocessed_markdown do
end
end

check :no_static_build_paths do
filenames = @output_filenames.select { |f| File.extname(f) == '.html' }
hrefs_with_filenames = ::Nanoc::Extra::LinkCollector.new(filenames, :internal).filenames_per_href
resource_uris_with_filenames = ::Nanoc::Extra::LinkCollector.new(filenames, :internal).filenames_per_resource_uri

uris = hrefs_with_filenames.merge(resource_uris_with_filenames)
uris.each_pair do |href, fns|
fns.each do |filename|
if href.start_with?(@config[:static_root])
add_issue("private build path present in #{href}", subject: filename)
end
end
end
end

deploy_check :internal_links
deploy_check :mixed_content
deploy_check :stale
deploy_check :no_unprocessed_erb
deploy_check :no_unprocessed_markdown
deploy_check :no_static_build_paths

# vi: ft=ruby
1 change: 1 addition & 0 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ gem 'rouge'
gem 'haml'
gem 'pandoc-ruby' # for benefit reports in ConTeXt
gem 'git' # for version history and tagging info
gem 'builder' # for XML stuff, such as sitemap and atom feeds

group :development, optional: true do
gem 'guard'
Expand Down
9 changes: 6 additions & 3 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ GIT

GIT
remote: https://github.com/ruby-rdf/rdf.git
revision: e1ff91841066369b8917dd21be9564452a6ea18a
revision: 4740b4a52bf358656d01d93adc5174d5fe07aec8
branch: develop
specs:
rdf (2.1.0)
Expand All @@ -40,7 +40,8 @@ GEM
i18n (~> 0.7)
minitest (~> 5.1)
tzinfo (~> 1.1)
addressable (2.4.0)
addressable (2.5.0)
public_suffix (~> 2.0, >= 2.0.2)
adsf (1.2.1)
rack (>= 1.0.0)
bcp47 (0.3.3)
Expand Down Expand Up @@ -191,11 +192,12 @@ GEM
pandoc-ruby (2.0.1)
parallel (1.9.0)
pipe-run (0.3.0)
posix-spawn (0.3.11)
posix-spawn (0.3.12)
pry (0.10.4)
coderay (~> 1.1.0)
method_source (~> 0.8.1)
slop (~> 3.4)
public_suffix (2.0.4)
pygments.rb (0.6.3)
posix-spawn (~> 0.3.6)
yajl-ruby (~> 1.2.0)
Expand Down Expand Up @@ -330,6 +332,7 @@ PLATFORMS
DEPENDENCIES
activesupport
adsf
builder
chunky_png
compass
ghi
Expand Down
5 changes: 4 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ in scope before compiling:
#### Optional dependencies
* [optipng] for optimizing PNG images
* A Java 8 runtime for running the [Nu HTML] checker.
* [OpenResty] for running the dynamic parts of the site via `nanoc server`.

### Then clone this repo (including submodules), install bower components and Ruby gems…

Expand Down Expand Up @@ -58,7 +59,8 @@ $ nanoc view # if you are only dealing with statically generated pages
$ nanoc server # if you are dealing with both the static and dynamic aspects of the site
```

And view the page in your browser.
And view the page in your browser at [port 3000](http://localhost:3000/) for
`nanoc view` or [port 4125](https://localhost:4125/) for `nanoc server`.

## Contributing

Expand Down Expand Up @@ -95,3 +97,4 @@ Also, please see [the colophon][colophon] for more raving attributions!
[pygments]: <http://pygments.org/>
[bundler]: <http://bundler.io/>
[colophon]: <https://pentandra.com/colophon/>
[OpenResty]: <http://openresty.org/>
2 changes: 2 additions & 0 deletions Rules.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,7 @@
include_rules 'rules/company'
include_rules 'rules/blog'

include_rules 'rules/dynamic'

# This should always be last
include_rules 'rules/catch_all'
98 changes: 98 additions & 0 deletions commands/server.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
usage 'server [options]'
summary 'start the dynamic web server (nginx/OpenResty)'
description <<-EOS
Start the dynamic web server. Running this web server requires OpenResty
to be installed and in scope.
EOS

required :c, :conf, 'specify the configuration file to use (default: nginx.conf)'
required :g, :global, 'specify any global directives (default: daemon off;)'

module LifePreserver
class Server < ::Nanoc::CLI::CommandRunner
NGINX_BIN = 'nginx'
NGINX_SEARCH_PATHS = [
'/usr/local/openresty/nginx/sbin/',
'/usr/local/opt/openresty/bin/',
'/usr/local/bin/',
'/usr/sbin/',
'/opt/openresty/nginx/sbin/'
]

class Error < ::Nanoc::Int::Errors::Generic
def initialize(command, exit_code)
@command = command
@exit_code = exit_code
end

def message
"command exited with a nonzero status code #{@exit_code} (command: #{@command.join(' ')})"
end
end

def run
require 'open3'

load_site

conf = options[:conf] || 'nginx.conf'
directives = options[:global] || 'daemon off;'


nginx = find_nginx
output_dir = site.config[:output_dir]
cmd = [ nginx, '-p', output_dir, '-c', conf, '-g', directives ]

Open3.popen3(*cmd) do |_stdin, stdout, stderr, wait_thr|
puts "Starting OpenResty (#{nginx}) in path (#{output_dir}) with config (#{conf}) and global directives (#{directives})"

stdout_thread = Thread.new do
while (line = stdout.gets)
puts line
end
end

stderr_thread = Thread.new do
while (line = stderr.gets)
puts line
end
end

stdout_thread.join
stderr_thread.join

exit_status = wait_thr.value
unless exit_status.success?
raise Error.new(cmd, exit_status.to_i)
end
end
end

protected

def find_nginx
NGINX_SEARCH_PATHS.each do |path|
to_check = path + NGINX_BIN
if File.file?(to_check) && openresty?(to_check)
return to_check
end
end

# As a last resort, check the PATH
require 'mkmf'
to_check = find_executable0(NGINX_BIN)
if to_check && openresty?(to_check)
return to_check
end

raise "Cannot find the OpenResty executable in any of the following places: #{NGINX_SEARCH_PATHS.join(':')} or in the current path: #{ENV['PATH']}"
end

def openresty?(path_to_check)
output, _status = Open3.capture2e(path_to_check, '-v')
output && output['openresty']
end
end
end

runner LifePreserver::Server
91 changes: 91 additions & 0 deletions commands/view.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
usage 'view [options]'
summary 'start the web server that serves static files'
description <<-EOS
Start the static web server. Unless specified, the web server will run on port
3000 and listen on all IP addresses. Running this static web server requires
`adsf` (not `asdf`!).
EOS

required :H, :handler, 'specify the handler to use (webrick/mongrel/...)'
required :o, :host, 'specify the host to listen on (default: 0.0.0.0)'
required :p, :port, 'specify the port to listen on (default: 3000)'

module Nanoc::CLI::Commands
class View < ::Nanoc::CLI::CommandRunner
DEFAULT_HANDLER_NAME ||= :thin

def run
load_adsf
require 'rack'

load_site

# Set options
options_for_rack = {
Port: (options[:port] || 3000).to_i,
Host: (options[:host] || '0.0.0.0'),
}

# Get handler
if options.key?(:handler)
handler = Rack::Handler.get(options[:handler])
else
begin
handler = Rack::Handler.get(DEFAULT_HANDLER_NAME)
rescue LoadError
handler = Rack::Handler::WEBrick
end
end

# Build app
site = self.site
site_root = site.config[:output_dir] + view_config_root

app = Rack::Builder.new do
use Rack::CommonLogger
use Rack::ShowExceptions
use Rack::Lint
use Rack::Head
use Adsf::Rack::IndexFileFinder, root: site_root
run Rack::File.new(site_root)
end.to_app

# Run autocompiler
handler.run(app, options_for_rack)
end

protected

def view_config
site.config[:view] || {}
end

def view_config_root
view_config[:static_root]
end

def load_adsf
# Load adsf
begin
require 'adsf'
return
rescue LoadError
$stderr.puts "Could not find the required 'adsf' gem, " \
'which is necessary for the view command.'
end

# Check asdf
begin
require 'asdf'
$stderr.puts "You appear to have 'asdf' installed, " \
"but not 'adsf'. Please install 'adsf' (check the spelling)!"
rescue LoadError
end

# Done
exit 1
end
end
end

runner Nanoc::CLI::Commands::View
12 changes: 6 additions & 6 deletions etc/compass/config.rb
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
require 'compass/import-once/activate'
# Require any additional compass plugins here.

add_import_path "items/assets/components/retina.js/src"
add_import_path "items/static/assets/components/retina.js/src"

http_path = "/"
project_path = File.expand_path(File.join(File.dirname(__FILE__), '../../'))
css_dir = "items/assets/stylesheets"
sass_dir = "items/assets/stylesheets"
images_dir = "items/assets/images"
javascripts_dir = "items/assets/scripts"
fonts_dir = "items/assets/fonts"
css_dir = "items/static/assets/stylesheets"
sass_dir = "items/static/assets/stylesheets"
images_dir = "items/static/assets/images"
javascripts_dir = "items/static/assets/scripts"
fonts_dir = "items/static/assets/fonts"
http_javascripts_path = "js"
http_stylesheets_path = "css"
http_images_path = "images"
Expand Down
1 change: 0 additions & 1 deletion items/assets/scripts/jsonld.js.erb

This file was deleted.

1 change: 0 additions & 1 deletion items/company/benefit-reports
Submodule benefit-reports deleted from 88409e
21 changes: 21 additions & 0 deletions items/directives/cache-file-descriptors.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
#
# The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
# and will also know to immediately send a 404 if a file is missing on disk, and so on.
#
# However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
#
# In the below configuration, inactive files are released from the cache after 20 seconds, whereas
# active (recently requested) files are re-validated every 30 seconds.
#
# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
#
# A maximum of the 1000 most recently used file descriptors can be cached at any time.
#
# Production servers with stable file collections will definitely want to enable the cache.
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;

# vi: ft=nginx
16 changes: 16 additions & 0 deletions items/directives/cross-domain-insecure.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Cross domain AJAX requests

# http://www.w3.org/TR/cors/#access-control-allow-origin-response-header

# **Security Warning**
# Do not use this without understanding the consequences.
# This will permit access from any other website.
#
add_header "Access-Control-Allow-Origin" "*";

# Instead of using this file, consider using a specific rule such as:
#
# Allow access based on [sub]domain:
# add_header "Access-Control-Allow-Origin" "subdomain.example.com";

# vi: ft=nginx
19 changes: 19 additions & 0 deletions items/directives/extra-security.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# The X-Frame-Options header indicates whether a browser should be allowed
# to render a page within a frame or iframe.
add_header X-Frame-Options SAMEORIGIN;

# MIME type sniffing security protection
# There are very few edge cases where you wouldn't want this enabled.
add_header X-Content-Type-Options nosniff;

# The X-XSS-Protection header is used by Internet Explorer version 8+
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
add_header X-XSS-Protection "1; mode=block";

# with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
# you can tell the browser that it can only download content from the domains you explicitly allow
# CSP can be quite difficult to configure, and cause real issues if you get it wrong
# There is website that helps you generate a policy here http://cspisawesome.com/
# add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;";

# vi: ft=nginx
Loading

0 comments on commit b579000

Please sign in to comment.