From aaa857a6e77232addc6a817d59f21c00723ae8d6 Mon Sep 17 00:00:00 2001
From: Bilal <bilal@saburly.com>
Date: Thu, 21 May 2020 07:46:41 +0200
Subject: [PATCH 1/4] add basic auth for rails routes

---
 app/controllers/application_controller.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 905bc14..8805bb9 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,7 @@
 class ApplicationController < ActionController::API
   include Response
+
+  include ActionController::HttpAuthentication::Basic::ControllerMethods
+  http_basic_authenticate_with name: ENV['BASIC_AUTH_USERNAME'],
+                               password: ENV['BASIC_AUTH_PASSWORD']
 end

From 5dbd2ec95d1ef9cbbbbc7a1aba1afd3f38b46afd Mon Sep 17 00:00:00 2001
From: Bilal <bilal@saburly.com>
Date: Thu, 21 May 2020 18:14:15 +0200
Subject: [PATCH 2/4] serve frontend from rails through protected route

---
 Procfile                                  | 2 ++
 app/controllers/application_controller.rb | 5 +++++
 config/routes.rb                          | 7 ++++++-
 package.json                              | 9 +++++++++
 protected_public/.gitkeep                 | 0
 5 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 Procfile
 create mode 100644 protected_public/.gitkeep

diff --git a/Procfile b/Procfile
new file mode 100644
index 0000000..da4175f
--- /dev/null
+++ b/Procfile
@@ -0,0 +1,2 @@
+web: bundle exec rails s
+release: bundle exec rails db:migrate
\ No newline at end of file
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8805bb9..eb05cdd 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,12 @@
 class ApplicationController < ActionController::API
   include Response
+  include ActionView::Layouts
 
   include ActionController::HttpAuthentication::Basic::ControllerMethods
   http_basic_authenticate_with name: ENV['BASIC_AUTH_USERNAME'],
                                password: ENV['BASIC_AUTH_PASSWORD']
+
+  def frontend_index_html
+    render file: 'protected_public/index.html'
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 89da8c0..94edc0d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -6,7 +6,12 @@ Rails.application.routes.draw do
         get 'cash'
       end
     end
-
   end
+
+  root to: 'application#frontend_index_html'
+
+  get '*path', to: 'application#frontend_index_html', constraints: lambda { |request|
+    !request.xhr? && request.format.html?
+  }
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
 end
diff --git a/package.json b/package.json
index e49a089..b052abd 100644
--- a/package.json
+++ b/package.json
@@ -1,4 +1,13 @@
 {
+  "engines": {
+    "node": "10.15.3",
+    "yarn": "1.15.2"
+  },
+  "scripts": {
+    "build": "yarn --cwd client install && yarn --cwd client build",
+    "deploy": "cp -a client/build/. protected_public/",
+    "heroku-postbuild": "yarn build && yarn deploy"
+  },
   "dependencies": {
     "react-router-dom": "^5.0.1"
   }
diff --git a/protected_public/.gitkeep b/protected_public/.gitkeep
new file mode 100644
index 0000000..e69de29

From 47fc120cdcb1f2df86ba6585e824f58188afcddb Mon Sep 17 00:00:00 2001
From: Bilal <bilal@saburly.com>
Date: Thu, 21 May 2020 19:48:20 +0200
Subject: [PATCH 3/4] handle requests for frontend files through secured route

---
 app/controllers/application_controller.rb | 10 +---------
 app/controllers/concerns/basic_auth.rb    |  9 +++++++++
 app/controllers/static_controller.rb      | 17 +++++++++++++++++
 config/routes.rb                          |  8 ++------
 4 files changed, 29 insertions(+), 15 deletions(-)
 create mode 100644 app/controllers/concerns/basic_auth.rb
 create mode 100644 app/controllers/static_controller.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index eb05cdd..b757fd5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,12 +1,4 @@
 class ApplicationController < ActionController::API
   include Response
-  include ActionView::Layouts
-
-  include ActionController::HttpAuthentication::Basic::ControllerMethods
-  http_basic_authenticate_with name: ENV['BASIC_AUTH_USERNAME'],
-                               password: ENV['BASIC_AUTH_PASSWORD']
-
-  def frontend_index_html
-    render file: 'protected_public/index.html'
-  end
+  include BasicAuth
 end
diff --git a/app/controllers/concerns/basic_auth.rb b/app/controllers/concerns/basic_auth.rb
new file mode 100644
index 0000000..0c5f472
--- /dev/null
+++ b/app/controllers/concerns/basic_auth.rb
@@ -0,0 +1,9 @@
+module BasicAuth
+  extend ActiveSupport::Concern
+
+  included do
+    include ActionController::HttpAuthentication::Basic::ControllerMethods
+    http_basic_authenticate_with name: ENV['BASIC_AUTH_USERNAME'],
+                                 password: ENV['BASIC_AUTH_PASSWORD']
+  end
+end
\ No newline at end of file
diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
new file mode 100644
index 0000000..a71771e
--- /dev/null
+++ b/app/controllers/static_controller.rb
@@ -0,0 +1,17 @@
+class StaticController < ActionController::API
+  include ActionView::Layouts
+  include BasicAuth
+
+  def frontend_index_html
+    if params[:path].present?
+      send_file params[:path]
+    else
+      render file: 'protected_public/index.html'
+    end
+  end
+
+  def frontend_static
+    full_path = "protected_public/#{params[:path]}.#{params[:format]}"
+    send_file full_path
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 94edc0d..3ea271d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -8,10 +8,6 @@ Rails.application.routes.draw do
     end
   end
 
-  root to: 'application#frontend_index_html'
-
-  get '*path', to: 'application#frontend_index_html', constraints: lambda { |request|
-    !request.xhr? && request.format.html?
-  }
-  # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
+  get '*path', to: 'static#frontend_static'
+  root to: 'static#frontend_index_html'
 end

From e7bcd731f5cb436f29648d21de8f6c029008928d Mon Sep 17 00:00:00 2001
From: Bilal <bilal@saburly.com>
Date: Thu, 21 May 2020 19:54:46 +0200
Subject: [PATCH 4/4] use https when fetching fonts from googleapis

---
 client/public/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/public/index.html b/client/public/index.html
index b209ea0..908617c 100644
--- a/client/public/index.html
+++ b/client/public/index.html
@@ -20,7 +20,7 @@
       Learn how to configure a non-root public URL by running `npm run build`.
     -->
      <!-- Import Google Icon Font -->
-  <link href="http://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
+  <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
 
      <!-- Compiled and minified CSS -->
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css">