Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

webema/rack_password

BranchesTags
Open more actions menu
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
44 Commits
lib
lib
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Gemfile
Gemfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
circle.yml
circle.yml
 
 
rack_password.gemspec
rack_password.gemspec
 
 

Repository files navigation

RackPassword

Small rack middleware to block your site from unwanted vistors. A little bit more convenient than basic auth - browser will ask you once for the password and then set a cookie to remember you - unlike the http basic auth it wont prompt you all the time. If used as RoR middleware, it will show application name above the sign in form.

Installation

Add this line to your application's Gemfile:

gem 'rack_password'

Usage

Let's assume you want to password protect your staging environemnt. Add something like this to config/environments/staging.rb 

config.middleware.use RackPassword::Block, auth_codes: ['janusz']

From now on, your staging app should prompt for janusz password before you access it.

Options

You can also provide additional authentication rules in the options hash:

  • ip_whitelist specifies allowed visitors IP addresses
  • path_whitelist specifies allowed request path, it also works with regexp
  • custom_rule provides custom validator
config.middleware.use RackPassword::Block,
    auth_codes: ['janusz'],
    ip_whitelist: ['82.43.112.65', '65.33.23.120'],
    path_whitelist: /\A\/(users|invitations)/,
    custom_rule: proc { |request| request.env['HTTP_USER_AGENT'].include?('facebook') }

The access is granted if at least one authentication rule is fulfilled (that includes auth_codes rule).

You can also provide cookie_domain option to override cookie domain. This way you can have one cookie shared across all subdomains.

config.middleware.use RackPassword::Block, auth_codes: ['janusz'], cookie_domain: '.somedomain.com'

The above code will make the authorization cookie shared across all somedomain.com subdomains, e.g. a.somedomain.com and b.somedomain.com.

Common problems

  • If you use server ip address instead of domain name to visit your webpage using chrome, rack_password will not accept any password, including the correct one. As a workaround, please use wildcard DNS service, such as xip.io or set cookie_domain option to match server IP address.

Contributing

  1. Fork it ( https://github.com/netguru/rack_password/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

About

Small rack middleware to block your site from unwanted vistors.

netguru.co/opensource

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

 
 
 

Contributors

Languages

  • Ruby 75.6%
  • HTML 16.1%
  • CSS 8.3%
Morty Proxy This is a proxified and sanitized view of the page, visit original site.