middleman-gibberish

password protected senstive web content with javascript only.

the implementation is serverless and works even on s3.

middleman-gibberish encrypts senstive content at build time, before deployment, and wraps it with a teeny script that will prompt the user to enter a password in order to decrypt and display it. it relies on the excellent, openssl compatible, gibberish implementations for ruby and javascript:

• https://github.com/mdp/gibberish-aes
• https://github.com/mdp/gibberish

please note that the encryption is done in ruby, the decryption is done in javascript and is therefore quite safe.

  # in ruby - at build time

  file = 'index.html'

  content = IO.binread(file)

  encrypted = encrypt(content, password)

  script = <<-____

      var encrypted = #{ encrypted.to_json };
      var cookie = #{ file.to_json };

      var password = (
        get_cookie(cookie) ||
        prompt('entre teh sekrit p@ssw0rd: ')
      );

      decrypted = decrypt(encrypted);

      set_cookie(cookie, password);

      document.write(decrypted);

  ____

  IO.binwrite("index.html", "<script>#{ script }</script>")

  # and then deploy 'index.html'

gem install middleman-gibberish

http://ahoward.github.io/middleman-gibberish/ (password=gibberish)

# activate the extenstion

  activate :gibberish do |gibberish|
  # set the default password

    gibberish.password = 'gibberish'

  # encrypt a page with the default password

    gibberish.encrypt 'foo.html'

  # encrypt a page with a different password

    gibberish.encrypt 'bar.html', 'p@55w0rd'

  # encrypt at set of pages with the default password

    gibberish.encrypt 'seKrit/**/**'

  # encrypt at set of pages with a different password

    gibberish.encrypt 'kayne/**/**', 'i can hold my liquor'
  end

• the DSL refers to files RELATIVE TO THE BUILD DIRECTORY, thus you may have to say

    gibberish.encrypt '/about-us/index.html'

vs.

    gibberish.encrypt '/about-us'

if you activated directory indexes.

• gibberish encrypts only in the build directory via an after_build callback. this means you won't see encrypted content in development mode running middleman server: you will only see encrypted content in the build directory after running middleman build

• if you change your config/password and rebuild it'll just work. even for people with previously set cookies.

• cookies expire in 1 day. in a future release this'll be configurable.

• the sytanx for what to encrypt is a file glob not regular expression. it is always interpreted relative to the build_dir of your app

middleman-gibberish relies on the gibberish gem, and that is handled the normal/rubygem way.

middleman-gibberish also relies on the following three javascript libs at runtime for it to function

• jquery.js
• jquery.cookie.js
• gibberish.js

all three are included in this repo. if your application has checked them into source/gibberish/javascripts then they will be used, otherwise the lib uses versions hosted on github's CDN here:

• http://ahoward.github.io/middleman-gibberish/assets/jquery.js
• http://ahoward.github.io/middleman-gibberish/assets/jquery.cookie.js
• http://ahoward.github.io/middleman-gibberish/assets/gibberish.js

if you decide to use local copies, make sure the names match exactly, that is to say, you must have jquery.js and not jquery-1.2.3.4.js in source/javascripts. if you aren't in the habbit of using symlinks it'd be a good time to figure that out.