diff options
author | Ben Sima <ben@bsima.me> | 2021-08-23 13:06:15 -0400 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2021-11-26 13:47:38 -0500 |
commit | 45f352f9cb3bdc16048a0f0d70eef6a59272472b (patch) | |
tree | 7cae4b608e45360085d950d7c14d80911ce46b7c /Biz | |
parent | aa2eb2d3e08fb74b93acc9608a78582834a65e8c (diff) |
Fix GitHub OAuth args
This makes it explicit that we are using GitHub vs some other OAuth args. The
idea is that we should be making a new type for every service, this allows us to
have type safety in the implementation but a common set or pattern of names for
the environment variables and record fields.
Also using 'notset' instead of 'mempty' is really helpful for debugging when
this breaks, as I found out.
Diffstat (limited to 'Biz')
-rw-r--r-- | Biz/Auth.hs | 45 | ||||
-rw-r--r-- | Biz/Bild/ShellHook.sh | 2 | ||||
-rw-r--r-- | Biz/Cloud/Web.nix | 8 | ||||
-rw-r--r-- | Biz/Dragons.hs | 22 | ||||
-rwxr-xr-x | Biz/Dragons/get-examples.sh | 5 | ||||
-rw-r--r-- | Biz/Dragons/pitch.md | 14 | ||||
-rwxr-xr-x | Biz/Ide/bild | 2 |
7 files changed, 70 insertions, 28 deletions
diff --git a/Biz/Auth.hs b/Biz/Auth.hs index ed904b9..1c3e45c 100644 --- a/Biz/Auth.hs +++ b/Biz/Auth.hs @@ -13,6 +13,7 @@ module Biz.Auth OAuthArgs (..), -- * GitHub Authentication + GitHub (..), githubOauth, -- * Servant Helpers @@ -28,6 +29,10 @@ import Servant (Header, Headers) import qualified Servant.Auth.Server as Auth import qualified System.Envy as Envy +-- | Use this instead of 'mempty' for explicity. +notset :: Text +notset = "notset" + -- | Wrapper around 'Auth.SetCookie' that you can put in a servant path -- descriptor. type SetCookies ret = @@ -45,9 +50,9 @@ data OAuthArgs = OAuthArgs instance Envy.DefConfig OAuthArgs where defConfig = OAuthArgs - { clientSecret = mempty, - clientId = mempty, - clientState = mempty + { clientSecret = notset, + clientId = notset, + clientState = notset } instance Envy.FromEnv OAuthArgs @@ -61,13 +66,43 @@ data OAuthResponse = OAuthResponse } deriving (Generic, Aeson.FromJSON) +newtype GitHub = GitHub OAuthArgs + deriving (Show, Generic) + +instance Envy.DefConfig GitHub where + defConfig = + GitHub + <| OAuthArgs + { clientSecret = notset, + clientId = notset, + clientState = notset + } + +instance Envy.FromEnv GitHub where + fromEnv Nothing = + GitHub + </ Envy.gFromEnvCustom + Envy.Option + { Envy.dropPrefixCount = 0, + Envy.customPrefix = "GITHUB" + } + Nothing + fromEnv (Just (GitHub x)) = + GitHub + </ Envy.gFromEnvCustom + Envy.Option + { Envy.dropPrefixCount = 0, + Envy.customPrefix = "GITHUB" + } + (Just x) + -- | POST to GitHub's OAuth service and get the user's oAuth token. githubOauth :: - OAuthArgs -> + GitHub -> -- | This should be GitHub.Token but GitHub.Auth doesn't export Token. Text -> IO OAuthResponse -githubOauth OAuthArgs {..} code = +githubOauth (GitHub OAuthArgs {..}) code = accessTokenRequest /> Req.responseBody |> Req.runReq Req.defaultHttpConfig diff --git a/Biz/Bild/ShellHook.sh b/Biz/Bild/ShellHook.sh index 11954a7..00cd65a 100644 --- a/Biz/Bild/ShellHook.sh +++ b/Biz/Bild/ShellHook.sh @@ -79,7 +79,7 @@ function sentry() { function run-ci() { lint **/* && bild --test **/* } -alias ci="time run-ci" +alias ci="time timeout 5m run-ci" export PS1='\n$(r=$? && [ $r -eq 0 ] && printf "biz" || printf "%3.*s" $r $r)> ' diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index 853c967..9899258 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -118,6 +118,12 @@ in useACMEHost = rootDomain; }; + "devalloc.io" = { + forceSSL = true; + useACMEHost = rootDomain; + globalRedirect = "dragons.dev"; + }; + "dragons.dev" = { locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.dragons}"; forceSSL = true; @@ -166,7 +172,7 @@ in # This must contain all of the other domains we host security.acme.certs.${rootDomain}.extraDomainNames = [ "bsima.me" "www.bsima.me" - "dragons.dev" + "dragons.dev" "devalloc.io" ] ++ map (sub: "${sub}.${rootDomain}") [ "tv" "matrix" diff --git a/Biz/Dragons.hs b/Biz/Dragons.hs index 6cb5fed..da5f3c5 100644 --- a/Biz/Dragons.hs +++ b/Biz/Dragons.hs @@ -928,7 +928,7 @@ htmlApp :: Acid.AcidState Keep -> Config -> JWK -> - Auth.OAuthArgs -> + Auth.GitHub -> Paths AsServer htmlApp cooks kp cfg jwk oAuthArgs = Paths @@ -1174,7 +1174,7 @@ instance Lucid.ToHtml AdminDashboard where -- | The front page pitch. Eventually I'd like to load the content from markdown -- files or some other store of data so I can A/B test. -data Home = Home Auth.OAuthArgs (Maybe AnalysisAction) +data Home = Home Auth.GitHub (Maybe AnalysisAction) instance App.HasCss Home where cssFor (Home _ mAnalysis) = do @@ -1226,15 +1226,15 @@ instance Lucid.ToHtml Home where section <| do h1 "Know your codebase." h1 "Know your team." - p "Dragons analyzes your codebase trends, finds patterns in how your developers work, and protects against tech debt." - p "Just hook it up to your CI system - Dragons warns you when it finds a problem." + p "Dragons.dev analyzes your codebase trends, finds patterns in how your developers work, and protects against tech debt." + p "Just hook it up to your CI system - Dragons.dev warns you when it finds a problem." Lucid.toHtml <| tryButton oAuthArgs "Give it a try with GitHub" mempty section <| do h2 "Identify blackholes in your codebase" p "What if none of your active employees have touched some part of the codebase? \ \ This happens too often with legacy code, and then it turns into a huge source of tech debt. \ - \ Dragons finds these \"blackholes\" and warns you about them so you can be proactive in eliminating tech debt." + \ Dragons.dev finds these \"blackholes\" and warns you about them so you can be proactive in eliminating tech debt." section <| do h2 "Find developer hotspots" p @@ -1250,14 +1250,14 @@ instance Lucid.ToHtml Home where analysis section <| do h2 "Protect against lost knowledge" - p "Not everyone can know every part of a codebase. By finding pieces of code that only 1 or 2 people have touched, dragons identifes siloed knowledge. This allows you to protect against the risk of this knowledge leaving the company if an employee leaves." + p "Not everyone can know every part of a codebase. By finding pieces of code that only 1 or 2 people have touched, Dragons.dev identifes siloed knowledge. This allows you to protect against the risk of this knowledge leaving the company if an employee leaves." section <| do h2 "Don't just measure code coverage - also know your dev coverage" p "No matter how smart your employees are, if you are under- or over-utilizing your developers then you will never get optimal performance from your team." p "Know how your devs work best: which ones have depth of knowledge, and which ones have breadth?" section <| do h2 "See how your teams *actually* organize themselves with cluster analysis" - p "Does your team feel splintered or not cohesive? Which developers work best together? Dragons analyzes the collaboration patterns between devs and helps you form optimal pairings and teams based on shared code and mindspace." + p "Does your team feel splintered or not cohesive? Which developers work best together? Dragons.dev analyzes the collaboration patterns between devs and helps you form optimal pairings and teams based on shared code and mindspace." section <| do h1 <| "Ready to get going?" Lucid.toHtml @@ -1358,8 +1358,8 @@ userGitHubAuth = GitHub.OAuth <. Encoding.encodeUtf8 -- GitHub OAuth endpoint. For what the parameters mean, see: -- https://docs.github.com/en/developers/apps/authorizing-oauth-apps -githubLoginUrl :: Auth.OAuthArgs -> Text -githubLoginUrl Auth.OAuthArgs {..} = +githubLoginUrl :: Auth.GitHub -> Text +githubLoginUrl (Auth.GitHub Auth.OAuthArgs {..}) = "https://github.com/login/oauth/authorize?" <> encodeParams [ ("client_id", clientId), @@ -1428,7 +1428,7 @@ encodeParams = <. Web.urlEncodeParams -- | Login button for GitHub. -tryButton :: Auth.OAuthArgs -> Text -> Text -> Lucid.Html () +tryButton :: Auth.GitHub -> Text -> Text -> Lucid.Html () tryButton oAuthArgs title subtitle = Lucid.a_ [Lucid.id_ "try-button", Lucid.href_ <| githubLoginUrl oAuthArgs] @@ -1441,7 +1441,7 @@ header :: Monad m => Maybe User -> Lucid.HtmlT m () header muser = Lucid.header_ <| do Lucid.nav_ <| do - a "Dragons" <| fieldLink home + a "Dragons.dev" <| fieldLink home case muser of Nothing -> Lucid.ul_ <| do diff --git a/Biz/Dragons/get-examples.sh b/Biz/Dragons/get-examples.sh index a35a282..35f024f 100755 --- a/Biz/Dragons/get-examples.sh +++ b/Biz/Dragons/get-examples.sh @@ -6,8 +6,9 @@ then exit 1 fi cookie="$1" -curl 'https://dragons.dev/analysis?user=github&repo=training-kit' \ +curl 'https://dragons.dev/analysis' \ + -d "owner=github&repo=training-kit" \ -X POST \ -H 'Content-Type: application/x-www-form-urlencoded' \ -H "Cookie: JWT-Cookie=$cookie" \ - --compressed --insecure + --compressed diff --git a/Biz/Dragons/pitch.md b/Biz/Dragons/pitch.md index a4d4ffa..91352fc 100644 --- a/Biz/Dragons/pitch.md +++ b/Biz/Dragons/pitch.md @@ -1,6 +1,6 @@ -# Dragons +# Dragons.dev -Dragons analyzes your codebase trends, finds patterns in how your developers +Dragons.dev analyzes your codebase trends, finds patterns in how your developers work, and protects against tech debt. Just hook it up to your CI system - it will warn you when it finds a problem. @@ -9,15 +9,15 @@ Just hook it up to your CI system - it will warn you when it finds a problem. What if none of your active employees have touched some part of the codebase? This happens too often with legacy code, and then it turns into a huge source of -tech debt. Dragons finds these "blackholes" and warns you about them so you +tech debt. Dragons.dev finds these "blackholes" and warns you about them so you can be proactive in eliminating tech debt. ## Protect against lost knowledge Not everyone can know every part of a codebase. By finding pieces of code -that only 1 or 2 people have touched, dragons identifes siloed knowledge. This -allows you to protect against the risk of this knowledge leaving the company if -an employee leaves. +that only 1 or 2 people have touched, Dragons.dev identifes siloed knowledge. +This allows you to protect against the risk of this knowledge leaving the +company if an employee leaves. ## Don't just measure "code coverage" - also know your "dev coverage" @@ -34,7 +34,7 @@ developers then you will never get optimal performance from your team. ## See how your teams *actually* organize themselves with cluster analysis Does your team feel splintered or not cohesive? Which developers work best -together? Dragons analyzes the collaboration patterns between devs and helps +together? Dragons.dev analyzes the collaboration patterns between devs and helps you form optimal pairings and teams based on shared code and mindspace. (Paid only) diff --git a/Biz/Ide/bild b/Biz/Ide/bild index 0dd4afb..1305e21 100755 --- a/Biz/Ide/bild +++ b/Biz/Ide/bild @@ -1,2 +1,2 @@ #!/usr/bin/env bash -timeout 5m runghc -i$BIZ_ROOT Biz.Bild $@ +runghc -i$BIZ_ROOT Biz.Bild $@ |