Protect private pages hosted on Heroku by authenticating with Github using Flask-Dance. Also, attack rabbits.
Charles Reid a49a132c08 fix img location in readme 10 months ago
docs update docs 10 months ago
mkdocs-material @ ff95dcb846 add mkdocs submodule 11 months ago
.gitignore update gitignore 11 months ago
.gitmodules add mkdocs submodule 11 months ago
LICENSE init version of readme 11 months ago fix img location in readme 10 months ago
mkdocs.yml update logo to bunny 11 months ago


What’s this business all about, then?

This repository helps you protect your secret pages by (deep breath):

hosting your secret page of static and/or dynamic content using a free Heroku app running a Python Flask server that uses Flask-Dance to authenticate visitors with Github which allows you fine-grained access control over your pages based on user attributes like organization or team membership or even things like how many repositories a user has or how many vowels are in their username.

Also, did I mention the attack rabbits?

Where is everything?

Final pages:

Two branches in this repo compose the github-heroku-attack-rabbits documentation:

Two branches illustrate github-heroku-attack-rabbits in practice:

  • The secret branch contains the files needed to create the secret page. This repository is public, so obviously these aren’t actually secret, but in practice this would be in a protected repository.

  • The heroku-pages branch contains the content that is actually pushed to Heroku - that is, the final Flask app.

Where do I start?

See the documentation or docs/


This is released under the WTFPL.