Fix GitHub OAuth args

This makes it explicit that we are using GitHub vs some other OAuth args. The
idea is that we should be making a new type for every service, this allows us to
have type safety in the implementation but a common set or pattern of names for
the environment variables and record fields.

Also using 'notset' instead of 'mempty' is really helpful for debugging when
this breaks, as I found out.

8 files changed, 71 insertions, 29 deletions

diff --git a/.envrc b/.envrc
index 19be922..cbf6eda 100644
--- a/.envrc
+++ b/.envrc
@@ -8,7 +8,7 @@ export GUILE_LOAD_PATH=$BIZ_ROOT
 
 # Biz/Devalloc.hs:
 export GITHUB_CLIENT_ID=aa575dc96263bc99556d
-export GITHUB_STATE=$(cat /proc/sys/kernel/random/uuid)
+export GITHUB_CLIENT_STATE=$(cat /proc/sys/kernel/random/uuid)
 export STRIPE_PUBKEY=pk_test_51I3jv1IC3f10BNLClrBmNr485mWSzQkITvjO0MmSeFn4chFqmODJaHcI7IiN1sqSJYusmRhuPzeGTbCrl8dMsSQP00JXUmlVFC
 
 if type lorri &>/dev/null
diff --git a/Biz/Auth.hs b/Biz/Auth.hs
index ed904b9..1c3e45c 100644
--- a/Biz/Auth.hs
+++ b/Biz/Auth.hs
@@ -13,6 +13,7 @@ module Biz.Auth
     OAuthArgs (..),
 
     -- * GitHub Authentication
+    GitHub (..),
     githubOauth,
 
     -- * Servant Helpers
@@ -28,6 +29,10 @@ import Servant (Header, Headers)
 import qualified Servant.Auth.Server as Auth
 import qualified System.Envy as Envy
 
+-- | Use this instead of 'mempty' for explicity.
+notset :: Text
+notset = "notset"
+
 -- | Wrapper around 'Auth.SetCookie' that you can put in a servant path
 -- descriptor.
 type SetCookies ret =
@@ -45,9 +50,9 @@ data OAuthArgs = OAuthArgs
 instance Envy.DefConfig OAuthArgs where
   defConfig =
     OAuthArgs
-      { clientSecret = mempty,
-        clientId = mempty,
-        clientState = mempty
+      { clientSecret = notset,
+        clientId = notset,
+        clientState = notset
       }
 
 instance Envy.FromEnv OAuthArgs
@@ -61,13 +66,43 @@ data OAuthResponse = OAuthResponse
   }
   deriving (Generic, Aeson.FromJSON)
 
+newtype GitHub = GitHub OAuthArgs
+  deriving (Show, Generic)
+
+instance Envy.DefConfig GitHub where
+  defConfig =
+    GitHub
+      <| OAuthArgs
+        { clientSecret = notset,
+          clientId = notset,
+          clientState = notset
+        }
+
+instance Envy.FromEnv GitHub where
+  fromEnv Nothing =
+    GitHub
+      </ Envy.gFromEnvCustom
+        Envy.Option
+          { Envy.dropPrefixCount = 0,
+            Envy.customPrefix = "GITHUB"
+          }
+        Nothing
+  fromEnv (Just (GitHub x)) =
+    GitHub
+      </ Envy.gFromEnvCustom
+        Envy.Option
+          { Envy.dropPrefixCount = 0,
+            Envy.customPrefix = "GITHUB"
+          }
+        (Just x)
+
 -- | POST to GitHub's OAuth service and get the user's oAuth token.
 githubOauth ::
-  OAuthArgs ->
+  GitHub ->
   -- | This should be GitHub.Token but GitHub.Auth doesn't export Token.
   Text ->
   IO OAuthResponse
-githubOauth OAuthArgs {..} code =
+githubOauth (GitHub OAuthArgs {..}) code =
   accessTokenRequest
     /> Req.responseBody
     |> Req.runReq Req.defaultHttpConfig
diff --git a/Biz/Bild/ShellHook.sh b/Biz/Bild/ShellHook.sh
index 11954a7..00cd65a 100644
--- a/Biz/Bild/ShellHook.sh
+++ b/Biz/Bild/ShellHook.sh
@@ -79,7 +79,7 @@ function sentry() {
 function run-ci() {
   lint **/* && bild --test **/*
 }
-alias ci="time run-ci"
+alias ci="time timeout 5m run-ci"
 
 export PS1='\n$(r=$? && [ $r -eq 0 ] && printf "biz" || printf "%3.*s" $r $r)> '
 
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index 853c967..9899258 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -118,6 +118,12 @@ in
           useACMEHost = rootDomain;
         };
 
+        "devalloc.io" = {
+          forceSSL = true;
+          useACMEHost = rootDomain;
+          globalRedirect = "dragons.dev";
+        };
+
         "dragons.dev" = {
           locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dragons}";
           forceSSL = true;
@@ -166,7 +172,7 @@ in
   # This must contain all of the other domains we host
   security.acme.certs.${rootDomain}.extraDomainNames = [
     "bsima.me" "www.bsima.me"
-    "dragons.dev"
+    "dragons.dev" "devalloc.io"
   ] ++ map (sub: "${sub}.${rootDomain}") [
     "tv"
     "matrix"
diff --git a/Biz/Dragons.hs b/Biz/Dragons.hs
index 6cb5fed..da5f3c5 100644
--- a/Biz/Dragons.hs
+++ b/Biz/Dragons.hs
@@ -928,7 +928,7 @@ htmlApp ::
   Acid.AcidState Keep ->
   Config ->
   JWK ->
-  Auth.OAuthArgs ->
+  Auth.GitHub ->
   Paths AsServer
 htmlApp cooks kp cfg jwk oAuthArgs =
   Paths
@@ -1174,7 +1174,7 @@ instance Lucid.ToHtml AdminDashboard where
 
 -- | The front page pitch. Eventually I'd like to load the content from markdown
 -- files or some other store of data so I can A/B test.
-data Home = Home Auth.OAuthArgs (Maybe AnalysisAction)
+data Home = Home Auth.GitHub (Maybe AnalysisAction)
 
 instance App.HasCss Home where
   cssFor (Home _ mAnalysis) = do
@@ -1226,15 +1226,15 @@ instance Lucid.ToHtml Home where
       section <| do
         h1 "Know your codebase."
         h1 "Know your team."
-        p "Dragons analyzes your codebase trends, finds patterns in how your developers work, and protects against tech debt."
-        p "Just hook it up to your CI system - Dragons warns you when it finds a problem."
+        p "Dragons.dev analyzes your codebase trends, finds patterns in how your developers work, and protects against tech debt."
+        p "Just hook it up to your CI system - Dragons.dev warns you when it finds a problem."
         Lucid.toHtml <| tryButton oAuthArgs "Give it a try with GitHub" mempty
       section <| do
         h2 "Identify blackholes in your codebase"
         p
           "What if none of your active employees have touched some part of the codebase? \
           \ This happens too often with legacy code, and then it turns into a huge source of tech debt. \
-          \ Dragons finds these \"blackholes\" and warns you about them so you can be proactive in eliminating tech debt."
+          \ Dragons.dev finds these \"blackholes\" and warns you about them so you can be proactive in eliminating tech debt."
       section <| do
         h2 "Find developer hotspots"
         p
@@ -1250,14 +1250,14 @@ instance Lucid.ToHtml Home where
           analysis
       section <| do
         h2 "Protect against lost knowledge"
-        p "Not everyone can know every part of a codebase. By finding pieces of code that only 1 or 2 people have touched, dragons identifes siloed knowledge. This allows you to protect against the risk of this knowledge leaving the company if an employee leaves."
+        p "Not everyone can know every part of a codebase. By finding pieces of code that only 1 or 2 people have touched, Dragons.dev identifes siloed knowledge. This allows you to protect against the risk of this knowledge leaving the company if an employee leaves."
       section <| do
         h2 "Don't just measure code coverage - also know your dev coverage"
         p "No matter how smart your employees are, if you are under- or over-utilizing your developers then you will never get optimal performance from your team."
         p "Know how your devs work best: which ones have depth of knowledge, and which ones have breadth?"
       section <| do
         h2 "See how your teams *actually* organize themselves with cluster analysis"
-        p "Does your team feel splintered or not cohesive? Which developers work best together? Dragons analyzes the collaboration patterns between devs and helps you form optimal pairings and teams based on shared code and mindspace."
+        p "Does your team feel splintered or not cohesive? Which developers work best together? Dragons.dev analyzes the collaboration patterns between devs and helps you form optimal pairings and teams based on shared code and mindspace."
       section <| do
         h1 <| "Ready to get going?"
         Lucid.toHtml
@@ -1358,8 +1358,8 @@ userGitHubAuth = GitHub.OAuth <. Encoding.encodeUtf8
 
 -- GitHub OAuth endpoint. For what the parameters mean, see:
 -- https://docs.github.com/en/developers/apps/authorizing-oauth-apps
-githubLoginUrl :: Auth.OAuthArgs -> Text
-githubLoginUrl Auth.OAuthArgs {..} =
+githubLoginUrl :: Auth.GitHub -> Text
+githubLoginUrl (Auth.GitHub Auth.OAuthArgs {..}) =
   "https://github.com/login/oauth/authorize?"
     <> encodeParams
       [ ("client_id", clientId),
@@ -1428,7 +1428,7 @@ encodeParams =
     <. Web.urlEncodeParams
 
 -- | Login button for GitHub.
-tryButton :: Auth.OAuthArgs -> Text -> Text -> Lucid.Html ()
+tryButton :: Auth.GitHub -> Text -> Text -> Lucid.Html ()
 tryButton oAuthArgs title subtitle =
   Lucid.a_
     [Lucid.id_ "try-button", Lucid.href_ <| githubLoginUrl oAuthArgs]
@@ -1441,7 +1441,7 @@ header :: Monad m => Maybe User -> Lucid.HtmlT m ()
 header muser =
   Lucid.header_ <| do
     Lucid.nav_ <| do
-      a "Dragons" <| fieldLink home
+      a "Dragons.dev" <| fieldLink home
       case muser of
         Nothing ->
           Lucid.ul_ <| do
diff --git a/Biz/Dragons/get-examples.sh b/Biz/Dragons/get-examples.sh
index a35a282..35f024f 100755
--- a/Biz/Dragons/get-examples.sh
+++ b/Biz/Dragons/get-examples.sh
@@ -6,8 +6,9 @@ then
     exit 1
 fi
 cookie="$1"
-curl 'https://dragons.dev/analysis?user=github&repo=training-kit' \
+curl 'https://dragons.dev/analysis' \
+    -d "owner=github&repo=training-kit" \
     -X POST \
     -H 'Content-Type: application/x-www-form-urlencoded' \
     -H "Cookie: JWT-Cookie=$cookie" \
-    --compressed --insecure
+    --compressed
diff --git a/Biz/Dragons/pitch.md b/Biz/Dragons/pitch.md
index a4d4ffa..91352fc 100644
--- a/Biz/Dragons/pitch.md
+++ b/Biz/Dragons/pitch.md
@@ -1,6 +1,6 @@
-# Dragons
+# Dragons.dev
 
-Dragons analyzes your codebase trends, finds patterns in how your developers
+Dragons.dev analyzes your codebase trends, finds patterns in how your developers
 work, and protects against tech debt.
 
 Just hook it up to your CI system - it will warn you when it finds a problem.
@@ -9,15 +9,15 @@ Just hook it up to your CI system - it will warn you when it finds a problem.
 
 What if none of your active employees have touched some part of the codebase?
 This happens too often with legacy code, and then it turns into a huge source of
-tech debt. Dragons finds these "blackholes" and warns you about them so you
+tech debt. Dragons.dev finds these "blackholes" and warns you about them so you
 can be proactive in eliminating tech debt.
 
 ## Protect against lost knowledge
 
 Not everyone can know every part of a codebase. By finding pieces of code
-that only 1 or 2 people have touched, dragons identifes siloed knowledge. This
-allows you to protect against the risk of this knowledge leaving the company if
-an employee leaves.
+that only 1 or 2 people have touched, Dragons.dev identifes siloed knowledge.
+This allows you to protect against the risk of this knowledge leaving the
+company if an employee leaves.
 
 ## Don't just measure "code coverage" - also know your "dev coverage"
 
@@ -34,7 +34,7 @@ developers then you will never get optimal performance from your team.
 ## See how your teams *actually* organize themselves with cluster analysis
 
 Does your team feel splintered or not cohesive? Which developers work best
-together? Dragons analyzes the collaboration patterns between devs and helps
+together? Dragons.dev analyzes the collaboration patterns between devs and helps
 you form optimal pairings and teams based on shared code and mindspace.
 
 (Paid only)
diff --git a/Biz/Ide/bild b/Biz/Ide/bild
index 0dd4afb..1305e21 100755
--- a/Biz/Ide/bild
+++ b/Biz/Ide/bild
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-timeout 5m runghc -i$BIZ_ROOT Biz.Bild $@
+runghc -i$BIZ_ROOT Biz.Bild $@