Direct website contributors to prose, a less technical alternative to github pull request flow

[patcon]

This tool is created and maintained by Development Seed, the creators of MapBox.

Their is no backend, it just allows the users browser to edit pages via the GitHub API, and magic happens in the browser to let non-GitHub-savvy users suggest edits more easily

This feature request would likely involve:

• editing template to change link behind "suggest edit" button
• updating the "hack this site" content - Trial content for editting via Prose.io hackshackers-hugo-content#33

Details: https://github.com/prose/prose/wiki/Getting-Started

[joshkadis]

I will look into it but similar products haven't worked with our structure where the content files are in a separate repo.

[joshkadis]

@patcon It looks like they've opened up to non-Jekyll sites since the last time I looked. Cool! Would you mind making a trial PR? http://prose.io/#hackshackers/hackshackers-hugo-content

[joshkadis]

Once a user authorizes Prose, it doesn't let you customize which of all your repos it has access to, beyond general scopes like "all repos" vs "public repos only". So I'll need to create a GitHub account like hackshackers-editor that only has access to the one repo and authorize Prose through that.

• Create GH account just for Prose authorization

[patcon]

Sorry, I may be confusing things, but I don't believe that per-repo permissions of "github apps" (as opposed to "oauth apps", which prose is) really fit the model of prose -- it's not a hosted app. it has no backend, and isn't doing anything on behalf of the user. The user is actually doing everything from client side (and the oauth token is stored in their browser). Prose is actually just a static github pages app, aided by a tiny tiny gateway service that is stateless and simply facilitates the oauth dance for the browser.

Gateway source code with details: https://github.com/prose/gatekeeper

So there shouldn't be any need for a separate account, I believe...? You have me wondering now.... but I'm fairly certain of the above :) But maybe I'm confused about the threat model you're thinking through...!

[joshkadis]

Ah, you're right. Thanks for setting me straight.

I would love to figure out a way to do this. My concerns with Prose.io are that it sends your token insecurely and it allows you to edit any files in the site, not just Markdown. Maybe there's a way to lock that down by self-hosting?

[patcon]

Totally. Not sure if it provides any assurance, but I believe development seed used it on most of their projects (#todo fact-check that), which includes clients like: NASA, Washington Post, Worldbank, OpenStreetMap, and it was even used on some portions of the Healthcare.gov ecosystem.

So it seems it's been put through its paces by folks smarter than I :) </pass-the-buck>