Remove deprecated GAE auth and replace with Google IAP

.gcloudignore

@@ -0,0 +1,25 @@
+# This file specifies files that are *not* uploaded to Google Cloud Platform
+# using gcloud. It follows the same syntax as .gitignore, with the addition of
+# "#!include" directives (which insert the entries of the given .gitignore-style
+# file at that point).
+#
+# For more information, run:
+#   $ gcloud topic gcloudignore
+#
+.gcloudignore
+# If you would like to upload your .git directory, .gitignore file or files
+# from your .gitignore file, remove the corresponding line
+# below:
+.git
+.gitignore
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+# Test binary, build with `go test -c`
+*.test
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out

README.md

@@ -16,12 +16,14 @@ appropriately to the (relatively few) needed JSON API calls.
 The TiddlyWeb JSON API envisions a multiuser system in which different users have
 access to different sets of tiddlers. This Go server contains none of that:
 it assumes that all users have full access to everything, although it does record
-who created which tiddlers. The only access control is that the app.yaml here
-requires HTTPS and administrator login for all URLs, and as a “belt and suspenders” measure,
-the app itself also refuses to serve to non-admins, as checked by user.IsAdmin.
+who created which tiddlers.
 
-See the "Re Authentication" comment in tiddly.go for information about
-making the server publicly read-only (it's not quite perfect).
+Authentication is controlled by [Google IAP][iap] as a “belt and suspenders”
+measure. When deploying the application you will need to enable and [configure
+IAP][configure-iap] with the addresses you want to have access.
+
+[iap]: https://cloud.google.com/go/getting-started/authenticate-users-with-iap
+[configure-iap]: https://cloud.google.com/go/getting-started/authenticate-users-with-iap#enable-cloud-iap
 
 ## Data model
 
@@ -40,11 +42,18 @@ tiddler content on demand.
 
 Create an Google App Engine standard app and deploy with
 
-	appcfg.py -A your-app -V your-version update .
+	gcloud --project=your-app app deploy
 
 Then visit https://your-app.appspot.com/. As noted above, only admins
 will have access to the content.
 
+## Backup
+
+There is an optional service called [`gitbackup`][gitbackup] that can backup
+the TiddlyWiki datastore to git periodically.
+
+[gitbackup]: https://github.com/philips/tiddly/tree/master/gitbackup
+
 ## Plugins
 
 TiddlyWiki supports extension through plugins. 
@@ -97,4 +106,3 @@ The process for preparing a new index.html is:
 - Open the downloaded file in the web browser.
 - Repeat, adding any more plugins.
 - Copy the final download to index.html.
-

app.yaml

@@ -1,10 +1,7 @@
-application: tiddlywiki-gae
-version: 2016-12-22
-runtime: go
-api_version: go1
+# cannot update to go113 because of https://stackoverflow.com/questions/56249339/what-is-the-correct-context-for-appengine-taskqueue-in-go112-standard-runtime
+runtime: go111
 
 handlers:
 - url: /.*
-  login: admin
   secure: always
-  script: _go_app
+  script: auto

gitbackup/.gcloudignore

@@ -0,0 +1,25 @@
+# This file specifies files that are *not* uploaded to Google Cloud Platform
+# using gcloud. It follows the same syntax as .gitignore, with the addition of
+# "#!include" directives (which insert the entries of the given .gitignore-style
+# file at that point).
+#
+# For more information, run:
+#   $ gcloud topic gcloudignore
+#
+.gcloudignore
+# If you would like to upload your .git directory, .gitignore file or files
+# from your .gitignore file, remove the corresponding line
+# below:
+.git
+.gitignore
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+# Test binary, build with `go test -c`
+*.test
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out

gitbackup/.gitignore

@@ -0,0 +1 @@
+app.yaml

gitbackup/README.md

@@ -0,0 +1,34 @@
+## Tiddly Git Backup
+
+This is a simple Google App Engine app that will backup the Tiddly datastore to
+a git repo.
+
+The intention of this system is to have a safe automatic backup of your
+TiddlyWiki and also to enable automated generation of [static
+sites][static].
+
+[static]: https://tiddlywiki.com/static/Generating%2520Static%2520Sites%2520with%2520TiddlyWiki.html
+
+### Configuration
+
+Copy `app.yaml.example` to `app.yaml` and configure the environment variables.
+
+- `GITHTTP_USERNAME` usually your github username
+- `GITHTTP_PASSWORD` usually a github personal access token secret key with `repo` access
+- `GITHTTP_URL` usually a HTTPS URL to a github repo
+
+If you want to publish your Tiddlers via a static site host like GitHub or Netlify [fork from this repo](https://github.com/philips/tiddlypublish)
+
+### Deploy
+
+Deploy this service into the same Google Cloud project you deploy tiddly into.
+
+```
+gcloud --project YOUR_PROJECT app deploy
+```
+
+And deploy the cron job:
+
+```
+gcloud app deploy cron.yaml
+```

gitbackup/app.yaml.example

@@ -0,0 +1,13 @@
+# cannot update to go113 because of https://stackoverflow.com/questions/56249339/what-is-the-correct-context-for-appengine-taskqueue-in-go112-standard-runtime
+runtime: go111
+service: gitbackup
+
+handlers:
+- url: /.*
+  secure: always
+  script: auto
+
+env_variables:
+  GITHTTP_USERNAME: "example"
+  GITHTTP_PASSWORD: "example"
+  GITHTTP_URL: "https://example.com/test"

gitbackup/cron.yaml

@@ -0,0 +1,8 @@
+cron:
+- description: "backup to git"
+  url: /
+  target: gitbackup
+  schedule: every 10 mins
+  retry_parameters:
+    min_backoff_seconds: 2.5
+    max_doublings: 5