Protect private pages hosted on Heroku by authenticating with Github using Flask-Dance. Also, attack rabbits.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Charles Reid a49a132c08 fix img location in readme 6 years ago
docs update docs 6 years ago
mkdocs-material@ff95dcb846 add mkdocs submodule 6 years ago
.gitignore update gitignore 6 years ago
.gitmodules add mkdocs submodule 6 years ago
LICENSE init version of readme 6 years ago fix img location in readme 6 years ago
mkdocs.yml update logo to bunny 6 years ago


What's this business all about, then?

This repository helps you protect your secret pages by (deep breath):

hosting your secret page of static and/or dynamic content using a free Heroku app running a Python Flask server that uses Flask-Dance to authenticate visitors with Github which allows you fine-grained access control over your pages based on user attributes like organization or team membership or even things like how many repositories a user has or how many vowels are in their username.

Also, did I mention the attack rabbits?

warning: attack rabbits ahead

Where is everything?

Final pages:

Two branches in this repo compose the github-heroku-attack-rabbits documentation:

Two branches illustrate github-heroku-attack-rabbits in practice:

  • The secret branch contains the files needed to create the secret page. This repository is public, so obviously these aren't actually secret, but in practice this would be in a protected repository.

  • The heroku-pages branch contains the content that is actually pushed to Heroku - that is, the final Flask app.

Where do I start?

See the documentation or docs/


This is released under the WTFPL.