search

observablehq / framework

A static site generator for data apps, dashboards, reports, and more. Observable Framework combines JavaScript on the front-end for interactive graphics with any language on the back-end for data analysis.
https://observablehq.com/framework/
ISC License
2.37k stars 104 forks source link

Make the cli GitHub Pages password-protected #164

Closed mbostock closed 8 months ago

mbostock commented 10 months ago

We’ll use a Cloudflare worker to enforce basic auth password protection for early access customers.

mcglincy commented 8 months ago
  1. set the Cloudflare DNS CNAME to proxying
  2. add a worker, assigned for the particular zone / host / path. Here's the worker we use for staging: https://github.com/observablehq/observablehq/blob/main/infrastructure/cloudflare/observable-production-and-staging/workers/basic-authentication/worker.js
  3. set a Cloudflare environment password and share that password with early access customers

I think (?) we can probably reuse that worker code and env.BASIC_AUTH_PASSWORD as-is, since observablehq.com and viewablehq.com are separate zones with separate worker envs.

Q: if these help pages are on github pages, can't users still go to those URLs directly and bypass anything we're checking at the Cloudflare layer?

cinxmo commented 8 months ago

Relates to https://github.com/observablehq/cli/issues/463

mbostock commented 8 months ago

Q: if these help pages are on github pages, can't users still go to those URLs directly and bypass anything we're checking at the Cloudflare layer?

What if we set a custom domain to something obscure, say, <random-hex>.observablehq.com. Then guessing the domain should be as hard as guessing the password?

cinxmo commented 8 months ago

To clarify, we'd have to make the GH pages public but the random domain would make it difficult to guess the URL?

I assumed we just don't want a large number of people accessing the CLI GH pages before we officially launch. One concern would be the site is indexed and shows up in search results.

mootari commented 8 months ago

As a word of caution, subdomains can still get exposed through Certificate Transparency logs if certificates get issued for them.

mcglincy commented 8 months ago

Cindy and I looked into GIthub pages custom domains setup. It looks like configuring that causes requests to the original github.io domain to get 301'd to the custom domain.

https://ouyi.github.io/post/2018/01/14/github-pages-cname-file.html

So, that would protect again attempts to bypass the custom domain (good!). My remaining question is whether that would also redirect the Cloudflare worker's proxy fetch (bad!).

cinxmo commented 8 months ago

@mbostock I am in favor of the <random-hex>.observablehq.com approach for now to avoid an extra step of authenticating to access documentation/examples. We can add the link as part of the create template