middleman-gibberish
password protected senstive web content with javascript only.
the implementation is serverless and works even on s3.
middleman-gibberish encrypts senstive content at build time, before deployment, and wraps it with a teeny script that will prompt the user to enter a password in order to decrypt and display it. it relies on the excellent, openssl compatible, gibberish implementations for ruby and javascript:
please note that the encryption is done in ruby, the decryption is done in javascript and is therefore quite safe.
# in ruby - at build time
file = 'index.html'
content = IO.binread(file)
encrypted = encrypt(content, password)
script = <<-____
var encrypted = #{ encrypted.to_json };
var cookie = #{ file.to_json };
var password = (
get_cookie(cookie) ||
prompt('entre teh sekrit p@ssw0rd: ')
);
decrypted = decrypt(encrypted);
set_cookie(cookie, password);
document.write(decrypted);
____
IO.binwrite("index.html", "<script>#{ script }</script>")
# and then deploy 'index.html'
gem install middleman-gibberish
http://ahoward.github.io/middleman-gibberish/ (password=gibberish)
# activate the extenstion
activate :gibberish do |gibberish|
# set the default password
gibberish.password = 'gibberish'
# encrypt a page with the default password
gibberish.encrypt 'foo.html'
# encrypt a page with a different password
gibberish.encrypt 'bar.html', 'p@55w0rd'
# encrypt at set of pages with the default password
gibberish.encrypt 'seKrit/**/**'
# encrypt at set of pages with a different password
gibberish.encrypt 'kayne/**/**', 'i can hold my liquor'
end
- the DSL refers to files RELATIVE TO THE BUILD DIRECTORY, thus you may have to say
gibberish.encrypt '/about-us/index.html'
vs.
gibberish.encrypt '/about-us'
if you activated directory indexes.
-
gibberish encrypts only in the build directory via an
after_build
callback. this means you won't see encrypted content in development mode runningmiddleman server
: you will only see encrypted content in the build directory after runningmiddleman build
-
if you change your config/password and rebuild it'll just work. even for people with previously set cookies.
-
cookies expire in 1 day. in a future release this'll be configurable.
-
the sytanx for what to encrypt is a file glob not regular expression. it is always interpreted relative to the build_dir of your app
middleman-gibberish relies on the gibberish gem, and that is handled the normal/rubygem way.
middleman-gibberish also relies on the following three javascript libs at runtime for it to function
- jquery.js
- jquery.cookie.js
- gibberish.js
all three are included in this repo. if your application has checked them into source/gibberish/javascripts then they will be used, otherwise the lib uses versions hosted on github's CDN here:
- http://ahoward.github.io/middleman-gibberish/assets/jquery.js
- http://ahoward.github.io/middleman-gibberish/assets/jquery.cookie.js
- http://ahoward.github.io/middleman-gibberish/assets/gibberish.js
if you decide to use local copies, make sure the names match exactly, that is to say, you must have jquery.js and not jquery-1.2.3.4.js in source/javascripts. if you aren't in the habbit of using symlinks it'd be a good time to figure that out.