Feature: dynamic aspects preparation

.gitignore

@@ -5,6 +5,6 @@ output.diff
 crash.log
 *.autosave
 *.bak
-items/assets/components/
+items/static/assets/components/
 tmp/
 .bundle

.gitmodules

@@ -1,6 +1,6 @@
 [submodule "specifications"]
 	path = specifications
 	url = [email protected]:pentandra/specifications.git
-[submodule "items/company/benefit-reports"]
-	path = items/company/benefit-reports
+[submodule "benefit-reports"]
+	path = items/static/company/benefit-reports
 	url = [email protected]:pentandra/benefit-reports.git

Checks

@@ -27,10 +27,26 @@ check :no_unprocessed_markdown do
   end
 end
 
+check :no_static_build_paths do
+  filenames = @output_filenames.select { |f| File.extname(f) == '.html' }
+  hrefs_with_filenames = ::Nanoc::Extra::LinkCollector.new(filenames, :internal).filenames_per_href
+  resource_uris_with_filenames = ::Nanoc::Extra::LinkCollector.new(filenames, :internal).filenames_per_resource_uri
+
+  uris = hrefs_with_filenames.merge(resource_uris_with_filenames)
+  uris.each_pair do |href, fns|
+    fns.each do |filename|
+      if href.start_with?(@config[:static_root])
+        add_issue("private build path present in #{href}", subject: filename)
+      end
+    end
+  end
+end
+
 deploy_check :internal_links
 deploy_check :mixed_content
 deploy_check :stale
 deploy_check :no_unprocessed_erb
 deploy_check :no_unprocessed_markdown
+deploy_check :no_static_build_paths
 
 # vi: ft=ruby

Gemfile

@@ -24,6 +24,7 @@ gem 'rouge'
 gem 'haml'
 gem 'pandoc-ruby'        # for benefit reports in ConTeXt
 gem 'git'                # for version history and tagging info
+gem 'builder'            # for XML stuff, such as sitemap and atom feeds
 
 group :development, optional: true do
   gem 'guard'

Gemfile.lock

@@ -25,7 +25,7 @@ GIT
 
 GIT
   remote: https://github.com/ruby-rdf/rdf.git
-  revision: e1ff91841066369b8917dd21be9564452a6ea18a
+  revision: 4740b4a52bf358656d01d93adc5174d5fe07aec8
   branch: develop
   specs:
     rdf (2.1.0)
@@ -40,7 +40,8 @@ GEM
       i18n (~> 0.7)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.4.0)
+    addressable (2.5.0)
+      public_suffix (~> 2.0, >= 2.0.2)
     adsf (1.2.1)
       rack (>= 1.0.0)
     bcp47 (0.3.3)
@@ -191,11 +192,12 @@ GEM
     pandoc-ruby (2.0.1)
     parallel (1.9.0)
     pipe-run (0.3.0)
-    posix-spawn (0.3.11)
+    posix-spawn (0.3.12)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
+    public_suffix (2.0.4)
     pygments.rb (0.6.3)
       posix-spawn (~> 0.3.6)
       yajl-ruby (~> 1.2.0)
@@ -330,6 +332,7 @@ PLATFORMS
 DEPENDENCIES
   activesupport
   adsf
+  builder
   chunky_png
   compass
   ghi

README.md

@@ -23,6 +23,7 @@ in scope before compiling:
 #### Optional dependencies
 * [optipng] for optimizing PNG images
 * A Java 8 runtime for running the [Nu HTML] checker.
+* [OpenResty] for running the dynamic parts of the site via `nanoc server`.
 
 ### Then clone this repo (including submodules), install bower components and Ruby gems…
 
@@ -58,7 +59,8 @@ $ nanoc view   # if you are only dealing with statically generated pages
 $ nanoc server # if you are dealing with both the static and dynamic aspects of the site
 ```
 
-And view the page in your browser.
+And view the page in your browser at [port 3000](http://localhost:3000/) for
+`nanoc view` or [port 4125](https://localhost:4125/) for `nanoc server`.
 
 ## Contributing
 
@@ -95,3 +97,4 @@ Also, please see [the colophon][colophon] for more raving attributions!
 [pygments]: <http://pygments.org/>
 [bundler]: <http://bundler.io/>
 [colophon]: <https://pentandra.com/colophon/>
+[OpenResty]: <http://openresty.org/>

Rules.rb

@@ -13,5 +13,7 @@
 include_rules 'rules/company'
 include_rules 'rules/blog'
 
+include_rules 'rules/dynamic'
+
 # This should always be last
 include_rules 'rules/catch_all'

commands/server.rb

@@ -0,0 +1,98 @@
+usage 'server [options]'
+summary 'start the dynamic web server (nginx/OpenResty)'
+description <<-EOS
+Start the dynamic web server. Running this web server requires OpenResty
+to be installed and in scope.
+EOS
+
+required :c, :conf,   'specify the configuration file to use (default: nginx.conf)'
+required :g, :global, 'specify any global directives (default: daemon off;)'
+
+module LifePreserver
+  class Server < ::Nanoc::CLI::CommandRunner
+    NGINX_BIN = 'nginx'
+    NGINX_SEARCH_PATHS = [
+      '/usr/local/openresty/nginx/sbin/',
+      '/usr/local/opt/openresty/bin/',
+      '/usr/local/bin/',
+      '/usr/sbin/',
+      '/opt/openresty/nginx/sbin/'
+    ]
+
+    class Error < ::Nanoc::Int::Errors::Generic
+      def initialize(command, exit_code)
+        @command   = command
+        @exit_code = exit_code
+      end
+
+      def message
+        "command exited with a nonzero status code #{@exit_code} (command: #{@command.join(' ')})"
+      end
+    end
+
+    def run
+      require 'open3'
+
+      load_site
+
+      conf = options[:conf] || 'nginx.conf'
+      directives = options[:global] || 'daemon off;'
+
+
+      nginx = find_nginx
+      output_dir = site.config[:output_dir]
+      cmd = [ nginx, '-p', output_dir, '-c', conf, '-g', directives ]
+
+      Open3.popen3(*cmd) do |_stdin, stdout, stderr, wait_thr|
+        puts "Starting OpenResty (#{nginx}) in path (#{output_dir}) with config (#{conf}) and global directives (#{directives})"
+
+        stdout_thread = Thread.new do
+          while (line = stdout.gets)
+            puts line
+          end
+        end
+
+        stderr_thread = Thread.new do
+          while (line = stderr.gets)
+            puts line
+          end
+        end
+
+        stdout_thread.join
+        stderr_thread.join
+
+        exit_status = wait_thr.value
+        unless exit_status.success?
+          raise Error.new(cmd, exit_status.to_i)
+        end
+      end
+    end
+
+    protected
+
+    def find_nginx
+      NGINX_SEARCH_PATHS.each do |path|
+        to_check = path + NGINX_BIN
+        if File.file?(to_check) && openresty?(to_check)
+          return to_check
+        end
+      end
+
+      # As a last resort, check the PATH
+      require 'mkmf'
+      to_check = find_executable0(NGINX_BIN)
+      if to_check && openresty?(to_check)
+        return to_check
+      end
+
+      raise "Cannot find the OpenResty executable in any of the following places: #{NGINX_SEARCH_PATHS.join(':')} or in the current path: #{ENV['PATH']}"
+    end
+
+    def openresty?(path_to_check)
+      output, _status = Open3.capture2e(path_to_check, '-v')
+      output && output['openresty']
+    end
+  end
+end
+
+runner LifePreserver::Server

commands/view.rb

@@ -0,0 +1,91 @@
+usage 'view [options]'
+summary 'start the web server that serves static files'
+description <<-EOS
+Start the static web server. Unless specified, the web server will run on port
+3000 and listen on all IP addresses. Running this static web server requires
+`adsf` (not `asdf`!).
+EOS
+
+required :H, :handler, 'specify the handler to use (webrick/mongrel/...)'
+required :o, :host,    'specify the host to listen on (default: 0.0.0.0)'
+required :p, :port,    'specify the port to listen on (default: 3000)'
+
+module Nanoc::CLI::Commands
+  class View < ::Nanoc::CLI::CommandRunner
+    DEFAULT_HANDLER_NAME ||= :thin
+
+    def run
+      load_adsf
+      require 'rack'
+
+      load_site
+
+      # Set options
+      options_for_rack = {
+        Port: (options[:port] || 3000).to_i,
+        Host: (options[:host] || '0.0.0.0'),
+      }
+
+      # Get handler
+      if options.key?(:handler)
+        handler = Rack::Handler.get(options[:handler])
+      else
+        begin
+          handler = Rack::Handler.get(DEFAULT_HANDLER_NAME)
+        rescue LoadError
+          handler = Rack::Handler::WEBrick
+        end
+      end
+
+      # Build app
+      site = self.site
+      site_root = site.config[:output_dir] + view_config_root
+
+      app = Rack::Builder.new do
+        use Rack::CommonLogger
+        use Rack::ShowExceptions
+        use Rack::Lint
+        use Rack::Head
+        use Adsf::Rack::IndexFileFinder, root: site_root
+        run Rack::File.new(site_root)
+      end.to_app
+
+      # Run autocompiler
+      handler.run(app, options_for_rack)
+    end
+
+    protected
+
+    def view_config
+      site.config[:view] || {}
+    end
+
+    def view_config_root
+      view_config[:static_root]
+    end
+
+    def load_adsf
+      # Load adsf
+      begin
+        require 'adsf'
+        return
+      rescue LoadError
+        $stderr.puts "Could not find the required 'adsf' gem, " \
+          'which is necessary for the view command.'
+      end
+
+      # Check asdf
+      begin
+        require 'asdf'
+        $stderr.puts "You appear to have 'asdf' installed, " \
+          "but not 'adsf'. Please install 'adsf' (check the spelling)!"
+      rescue LoadError
+      end
+
+      # Done
+      exit 1
+    end
+  end
+end
+
+runner Nanoc::CLI::Commands::View

etc/compass/config.rb

@@ -1,15 +1,15 @@
 require 'compass/import-once/activate'
 # Require any additional compass plugins here.
 
-add_import_path "items/assets/components/retina.js/src"
+add_import_path "items/static/assets/components/retina.js/src"
 
 http_path             = "/"
 project_path          = File.expand_path(File.join(File.dirname(__FILE__), '../../'))
-css_dir               = "items/assets/stylesheets"
-sass_dir              = "items/assets/stylesheets"
-images_dir            = "items/assets/images"
-javascripts_dir       = "items/assets/scripts"
-fonts_dir             = "items/assets/fonts"
+css_dir               = "items/static/assets/stylesheets"
+sass_dir              = "items/static/assets/stylesheets"
+images_dir            = "items/static/assets/images"
+javascripts_dir       = "items/static/assets/scripts"
+fonts_dir             = "items/static/assets/fonts"
 http_javascripts_path = "js"
 http_stylesheets_path = "css"
 http_images_path      = "images"

items/directives/cache-file-descriptors.conf

@@ -0,0 +1,21 @@
+# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
+#
+# The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
+# and will also know to immediately send a 404 if a file is missing on disk, and so on.
+#
+# However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
+#
+# In the below configuration, inactive files are released from the cache after 20 seconds, whereas
+# active (recently requested) files are re-validated every 30 seconds.
+#
+# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
+#
+# A maximum of the 1000 most recently used file descriptors can be cached at any time.
+#
+# Production servers with stable file collections will definitely want to enable the cache.
+open_file_cache          max=1000 inactive=20s;
+open_file_cache_valid    30s;
+open_file_cache_min_uses 2;
+open_file_cache_errors   on;
+
+# vi: ft=nginx

items/directives/cross-domain-insecure.conf

@@ -0,0 +1,16 @@
+# Cross domain AJAX requests
+
+# http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
+
+# **Security Warning**
+# Do not use this without understanding the consequences.
+# This will permit access from any other website.
+#
+add_header "Access-Control-Allow-Origin" "*";
+
+# Instead of using this file, consider using a specific rule such as:
+#
+# Allow access based on [sub]domain:
+#    add_header "Access-Control-Allow-Origin" "subdomain.example.com";
+
+# vi: ft=nginx

items/directives/extra-security.conf

@@ -0,0 +1,19 @@
+# The X-Frame-Options header indicates whether a browser should be allowed
+# to render a page within a frame or iframe.
+add_header X-Frame-Options SAMEORIGIN;
+
+# MIME type sniffing security protection
+#	There are very few edge cases where you wouldn't want this enabled.
+add_header X-Content-Type-Options nosniff;
+
+# The X-XSS-Protection header is used by Internet Explorer version 8+
+# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
+add_header X-XSS-Protection "1; mode=block";
+
+# with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
+# you can tell the browser that it can only download content from the domains you explicitly allow
+# CSP can be quite difficult to configure, and cause real issues if you get it wrong
+# There is website that helps you generate a policy here http://cspisawesome.com/
+# add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;";
+
+# vi: ft=nginx