feat install sveltiacms (#192)

* Create a custom Sveltia CMS OAuth 
* static: move showcase content to gitsubmodule
* showcase is deployed on every MR (feature env)

Author: Marc-AntoineA

.github/workflows/deploy-feature.yml

@@ -56,3 +56,12 @@ jobs:
           options: |
             -l feature -e branch=${{ env.BRANCH_NAME }}
           key: ${{ secrets.SSH_PRIVATE_KEY }}
+      - name: Deploy static
+        uses: dawidd6/action-ansible-playbook@v2
+        with:
+          playbook: showcase.yml
+          directory: deploy
+          vault_password: ${{secrets.ANSIBLE_VAULT_KEY}}
+          options: |
+            -l feature -e branch=${{ env.BRANCH_NAME }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "static/content"]
+	path = static/content
+	url = git@github.com:TelesCoop/iarbre-showcase-content.git
+        branch = main

back/decapcms_auth/README.md

@@ -0,0 +1,75 @@
+# Sveltia CMS / Decap CMS Github Oauth Django Application
+
+Add Github Authentication to DecapCMS through yor Django Application.
+
+## Getting Started
+
+### 1. Create and register your Github OAuth Application
+
+Please read [official doc](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app).
+
+Authorization callback URL should be :
+
+```
+https://<your application url>/callback
+```
+
+Copy-paste application id and client secret.
+
+### 2. Install Decap CMS in your Django Project
+
+#### `settings.py` :
+
+- Install application :
+
+```py
+INSTALLED_APPS = [
+    ...,
+    "decapcms_auth",
+]
+```
+
+- Set up required variables :
+
+```py
+
+DECAP_CMS_AUTH = {
+    "OAUTH_CLIENT_ID": "<public application client id>",
+    "OAUTH_CLIENT_SECRET": "<private application client secret>"
+    "SCOPE": "repo,user"
+}
+```
+
+⚠️ `OAUTH_CLIENT_SECRET` should not be publicly disclosed.
+
+- Define this environment variable:
+
+```py
+os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
+```
+
+#### `urls.py`
+
+Include the Decap CMS urls :
+
+```py
+
+from decapcms_auth import urls as decapcmsauth_urls
+...
+urlpatterns = [
+    ...
+    path("cms/", include(decapcmsauth_urls)),
+    ...
+]
+```
+
+### 3. In your Decap CMS config.yml
+
+```yml
+backend:
+  name: github
+  branch: main
+  repo: <your repo>
+  base_url: <base url of your application>
+  auth_endpoint: /cms/auth # /cms
+```

back/decapcms_auth/__init__.py

@@ -0,0 +1,7 @@
+from django.apps import AppConfig
+
+
+class DecapcmsAuthConfig(AppConfig):
+    default_auto_field = "django.db.models.BigAutoField"
+    name = "decapcms_auth"
+    verbose_name = "DecapCMS auth config"

back/decapcms_auth/apps.py

@@ -0,0 +1,22 @@
+<html>
+  <body>
+    <script>
+      (function () {
+        function recieveMessage(e) {
+          console.log("recieveMessage %o", e);
+          // send message to main window with da app
+          const provider = "github"
+          const state = "success"
+          window.opener.postMessage(
+            `authorization:${provider}:${state}:${JSON.stringify({{content | safe}})}`,
+            e.origin,
+          );
+        }
+        window.addEventListener("message", recieveMessage, false);
+        // Start handshare with parent
+        console.log("Sending message: %o", "github");
+        window.opener.postMessage("authorizing:github", "*");
+      })();
+    </script>
+  </body>
+</html>

back/decapcms_auth/migrations/__init__.py

@@ -0,0 +1,11 @@
+from django.urls import path
+from rest_framework import routers
+
+from .views import callback, auth
+
+router = routers.DefaultRouter()
+
+urlpatterns = [
+    path("auth/", auth),
+    path("callback/", callback),
+]

back/decapcms_auth/templates/decapcms_auth/callback.html

@@ -0,0 +1,34 @@
+from requests_oauthlib import OAuth2Session
+from django.conf import settings
+from django.shortcuts import redirect, render
+from django.http import HttpResponseBadRequest
+
+AUTHORIZATION_BASE_URL = "https://github.com/login/oauth/authorize"
+TOKEN_URL = "https://github.com/login/oauth/access_token"
+CLIENT_ID = settings.DECAP_CMS_AUTH["OAUTH_CLIENT_ID"]
+CLIENT_SECRET = settings.DECAP_CMS_AUTH["OAUTH_CLIENT_SECRET"]
+SCOPE = settings.DECAP_CMS_AUTH["SCOPE"]
+
+
+def auth(request):
+    """Redirect to Github auth"""
+    github = OAuth2Session(client_id=CLIENT_ID, scope=SCOPE)
+    authorization_url, _ = github.authorization_url(AUTHORIZATION_BASE_URL)
+    return redirect(authorization_url)
+
+
+def callback(request):
+    """Retrieve access token"""
+    state = request.GET.get("state", "")
+    try:
+        github = OAuth2Session(CLIENT_ID, state=state, scope=SCOPE)
+        token = github.fetch_token(
+            TOKEN_URL,
+            client_secret=CLIENT_SECRET,
+            authorization_response=request.get_full_path(),
+        )
+        content = {"token": token.get("access_token", ""), "provider": "github"}
+        return render(request, "decapcms_auth/callback.html", {"content": content})
+
+    except BaseException:
+        return HttpResponseBadRequest()

back/decapcms_auth/urls.py

@@ -16,6 +16,9 @@
 import getconf
 from django.http import Http404
 
+# Required for decap auth
+os.environ["OAUTHLIB_INSECURE_TRANSPORT"] = "1"
+
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 DATA_DIR = BASE_DIR / "file_data"
@@ -64,6 +67,7 @@
     "django_extensions",
     "telescoop_backup",
     "rest_framework",
+    "decapcms_auth",
 ]
 
 MIDDLEWARE = [
@@ -76,6 +80,10 @@
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 ]
 
+# Mandatory for Decap CMS Auth
+# https://docs.djangoproject.com/en/5.1/ref/middleware/#cross-origin-opener-policy
+SECURE_CROSS_ORIGIN_OPENER_POLICY = None
+
 if IS_LOCAL_DEV:
     CORS_ALLOW_ALL_ORIGINS = True
     CORS_ALLOW_METHODS = [
@@ -233,6 +241,13 @@
         "djangorestframework_camel_case.parser.CamelCaseJSONParser",
     ),
 }
+
+DECAP_CMS_AUTH = {
+    "OAUTH_CLIENT_ID": config.getstr("github_oauth.client_id"),
+    "OAUTH_CLIENT_SECRET": config.getstr("github_oauth.client_secret"),
+    "SCOPE": "repo,user",
+}
+
 # For macOS users, we need to set the GDAL_LIBRARY_PATH and GEOS_LIBRARY_PATH to the path of the libraries
 if sys.platform == "darwin":
     GDAL_LIBRARY_PATH = os.environ.get("GDAL_LIBRARY_PATH")