feat: enhance auto source functionality with authentication and usage instructions

Author: gildesmarais

.gitignore

@@ -74,3 +74,4 @@ Thumbs.db
 
 # Ignore Astro cache
 /frontend/.astro/
+frontend/dist/

app.rb

@@ -195,15 +195,33 @@ def handle_health_check_auth(auth)
         credentials = Base64.decode64(auth[6..]).split(':')
         username, password = credentials
 
-        if username == ENV['HEALTH_CHECK_USERNAME'] &&
-           password == ENV['HEALTH_CHECK_PASSWORD']
+        if health_check_authenticated?(username, password)
           response['Content-Type'] = 'text/plain'
           HealthCheck.run
         else
           health_check_unauthorized
         end
       end
 
+      def health_check_authenticated?(username, password)
+        expected_username, expected_password = health_check_credentials
+        expected_username && expected_password &&
+          username == expected_username && password == expected_password
+      end
+
+      def health_check_credentials
+        username = ENV.fetch('HEALTH_CHECK_USERNAME', nil)
+        password = ENV.fetch('HEALTH_CHECK_PASSWORD', nil)
+
+        # In development, use default credentials if not set
+        if username.nil? && ENV.fetch('RACK_ENV', nil) == 'development'
+          username = 'admin'
+          password = 'password'
+        end
+
+        [username, password]
+      end
+
       def health_check_unauthorized
         response.status = 401
         response['WWW-Authenticate'] = 'Basic realm="Health Check"'

app/auto_source.rb

@@ -9,8 +9,8 @@ module AutoSource
 
       def enabled?
         # Enable by default in development, require explicit setting in production
-        rack_env = ENV['RACK_ENV']
-        auto_source_enabled = ENV['AUTO_SOURCE_ENABLED']
+        rack_env = ENV.fetch('RACK_ENV', nil)
+        auto_source_enabled = ENV.fetch('AUTO_SOURCE_ENABLED', nil)
 
         if rack_env == 'development'
           auto_source_enabled != 'false'
@@ -26,26 +26,35 @@ def authenticate(request)
         credentials = Base64.decode64(auth[6..]).split(':')
         username, password = credentials
 
-        # Use default credentials in development if not set
-        expected_username = ENV['AUTO_SOURCE_USERNAME'] || (ENV['RACK_ENV'] == 'development' ? 'admin' : nil)
-        expected_password = ENV['AUTO_SOURCE_PASSWORD'] || (ENV['RACK_ENV'] == 'development' ? 'password' : nil)
-
+        expected_username, expected_password = expected_credentials
         return false unless expected_username && expected_password
 
         username == expected_username && password == expected_password
       end
 
+      def expected_credentials
+        # Use default credentials in development if not set
+        username = ENV.fetch('AUTO_SOURCE_USERNAME', nil) ||
+                   (ENV.fetch('RACK_ENV', nil) == 'development' ? 'admin' : nil)
+        password = ENV.fetch('AUTO_SOURCE_PASSWORD', nil) ||
+                   (ENV.fetch('RACK_ENV', nil) == 'development' ? 'password' : nil)
+        [username, password]
+      end
+
       def allowed_origin?(request)
         origin = request.env['HTTP_HOST'] || request.env['HTTP_X_FORWARDED_HOST']
+        origins = allowed_origins
+        origins.empty? || origins.include?(origin)
+      end
 
-        # In development, allow localhost origins by default
-        if ENV['RACK_ENV'] == 'development'
-          allowed_origins = (ENV['AUTO_SOURCE_ALLOWED_ORIGINS'] || 'localhost:3000,localhost:3001,127.0.0.1:3000,127.0.0.1:3001').split(',').map(&:strip)
+      def allowed_origins
+        if ENV.fetch('RACK_ENV', nil) == 'development'
+          default_origins = 'localhost:3000,localhost:3001,127.0.0.1:3000,127.0.0.1:3001'
+          origins = ENV.fetch('AUTO_SOURCE_ALLOWED_ORIGINS', default_origins)
         else
-          allowed_origins = (ENV['AUTO_SOURCE_ALLOWED_ORIGINS'] || '').split(',').map(&:strip)
+          origins = ENV.fetch('AUTO_SOURCE_ALLOWED_ORIGINS', '')
         end
-
-        allowed_origins.empty? || allowed_origins.include?(origin)
+        origins.split(',').map(&:strip)
       end
 
       def allowed_url?(url)

frontend/astro.config.mjs

@@ -9,12 +9,12 @@ export default defineConfig({
   vite: {
     server: {
       proxy: {
-        '/auto_source': {
-          target: 'http://localhost:3000',
+        "/auto_source": {
+          target: "http://localhost:3000",
           changeOrigin: true,
         },
-        '/health_check.txt': {
-          target: 'http://localhost:3000',
+        "/health_check.txt": {
+          target: "http://localhost:3000",
           changeOrigin: true,
         },
       },

frontend/dist/auto-source/index.html

@@ -13,14 +13,20 @@ const MAX_WAIT_TIME = 30000 // 30 seconds
 let rubyServer = null
 let astroServer = null
 
-async function waitForServer(url, maxWait = MAX_WAIT_TIME) {
+async function waitForServer(url, maxWait = MAX_WAIT_TIME, auth = null) {
   const startTime = Date.now()
 
   while (Date.now() - startTime < maxWait) {
     try {
+      const headers = {}
+      if (auth) {
+        headers.Authorization = `Basic ${Buffer.from(auth).toString("base64")}`
+      }
+
       const response = await fetch(url, {
         method: "GET",
         signal: AbortSignal.timeout(1000),
+        headers,
       })
 
       if (response.ok) {
@@ -51,6 +57,8 @@ async function startRubyServer() {
         AUTO_SOURCE_PASSWORD: "changeme",
         AUTO_SOURCE_ALLOWED_ORIGINS: "localhost:3000",
         AUTO_SOURCE_ALLOWED_URLS: "https://github.com/*,https://example.com/*",
+        HEALTH_CHECK_USERNAME: "admin",
+        HEALTH_CHECK_PASSWORD: "password",
       },
     })
 
@@ -266,7 +274,11 @@ async function main() {
 
     // Wait for servers to be ready
     console.log("⏳ Waiting for servers to be ready...")
-    const rubyReady = await waitForServer(`http://localhost:${RUBY_SERVER_PORT}/health_check.txt`)
+    const rubyReady = await waitForServer(
+      `http://localhost:${RUBY_SERVER_PORT}/health_check.txt`,
+      MAX_WAIT_TIME,
+      "admin:password",
+    )
     const astroReady = await waitForServer(`http://localhost:${ASTRO_SERVER_PORT}/api/feeds.json`)
 
     if (!rubyReady && !astroReady) {

frontend/dist/gallery/index.html

@@ -5,15 +5,15 @@ import { describe, it, expect, beforeAll } from "vitest"
 describe("Auto Source API Integration Tests", () => {
   const RUBY_BACKEND_URL = "http://localhost:3000"
   const ASTRO_BACKEND_URL = "http://localhost:4321"
-  const auth = Buffer.from("admin:changeme").toString("base64")
+  const auth = Buffer.from("admin:password").toString("base64")
 
   let backendUrl
 
   beforeAll(async () => {
     // Set up test environment variables
     process.env.AUTO_SOURCE_ENABLED = "true"
     process.env.AUTO_SOURCE_USERNAME = "admin"
-    process.env.AUTO_SOURCE_PASSWORD = "changeme"
+    process.env.AUTO_SOURCE_PASSWORD = "password"
     process.env.AUTO_SOURCE_ALLOWED_ORIGINS = "localhost:3000,localhost:4321"
     process.env.AUTO_SOURCE_ALLOWED_URLS = "https://github.com/*,https://example.com/*"
 
@@ -22,6 +22,9 @@ describe("Auto Source API Integration Tests", () => {
       const rubyResponse = await fetch(`${RUBY_BACKEND_URL}/health_check.txt`, {
         method: "GET",
         signal: AbortSignal.timeout(1000),
+        headers: {
+          Authorization: `Basic ${Buffer.from("admin:password").toString("base64")}`,
+        },
       })
 
       if (rubyResponse.ok) {