A simple gem to more elegantly place a staging server or other in-progress rails application behind a basic codeword. It’s easy to implement, share with clients/collaborators, and more beautiful than the typical password-protection sheet.
“Can I come into your fort?”
“…what’s the codeword?”
(currently used in production with Rails 3.X, Rails 4.X, and Rails 5.X)
-
Add this line to your application’s Gemfile:
gem 'lockup' -
Define a codeword (see Usage below).
-
Mount the engine in your application’s routes file (usually first, for best results):
mount Lockup::Engine, at: '/lockup'
To set a codeword, define LOCKUP_CODEWORD in your environments/your_environment.rb file like so:
ENV["LOCKUP_CODEWORD"] = 'secret'
You need to set the expiration time of your cookie in hours:
ENV["LOCKUP_VALID_HOURS"] = 12
If you think you might need a hint:
ENV["LOCKUP_HINT"] = 'Something that you do not tell everyone.'
If you’re using Rails 4.1 or greater, you can add your Lockup Codeword via Rails Secrets functionality in your secrets.yml file:
lockup_codeword: 'love'
lockup_valid_hours: 12
lockup_hint: 'Pepé Le Pew'
If you’re using Figaro, set your Lockup codeword and hint (optional) in your application.yml file:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Codewords are not case-sensitive, by design. Keep it simple.
-
Follow the installation instructions above.
-
In your application_controller.rb file, add:
skip_before_action :check_for_lockup -
In the controller(s) you would like to restrict:
before_action :check_for_lockup
http://somedomain.com/or_path/?lockup_codeword=love
The visitor is redirected and the cookie is set without them ever seeing the Lockup splash page.
(Lockup also makes a rudimentary attempt based on user agent to block major search engine bots/crawlers from following this link and indexing the site, just in case it ever gets out into the wild.)
If you would like to change the content or design of the lockup page, you can create the directories app/views/layouts/lockup and app/views/lockup/lockup and populate them with the default content from here, and then customize as desired.
Pull requests are quite welcome.