How to: Add authentication

Henrik Hussfelt edited this page Jan 25, 2016 · 10 revisions

Each time you visit a dashboard, a method called protected! gets called. For all new Dashing projects, this method does nothing. You can override this behaviour in the config.ru file.

helpers do
  def protected!
  # Put any authentication code you want in here.
  # This method is run before accessing any resource.
  end
end

Authenticating with HTTP Basic Auth

Add the following to your config.ru file

helpers do

  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
      throw(:halt, [401, "Not authorized\n"])
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['admin', 'admin']
  end

end

Authenticating with basic IP Check

Add the following to your config.ru file

helpers do

    def protected!
      # Define blocked ips
      @ips = ['127.0.0.1', 'your-ips-here']

      # If request ip not included
      if not @ips.include? request.ip
        # Deny request
        throw(:halt, [401, "Not authorized\n"])
      end
    end

end

Authenticating with Google Apps

Make sure to add the following to your Gemfile.

gem 'omniauth-google-apps'

Here is a sample config.ru file that enables Google Apps auth.

require 'openid/store/filesystem'
require 'omniauth/strategies/google_apps'
require 'dashing'

configure do
  set :auth_token, 'YOUR_AUTH_TOKEN'

  helpers do

    def protected!
      redirect '/auth/g' unless session[:user_id]
    end

  end

  use Rack::Session::Cookie
  use OmniAuth::Builder do
    provider :google_apps, :store => OpenID::Store::Filesystem.new('./tmp'), :name => 'g', :domain => 'YOURDOMAIN.com'
  end

  post '/auth/g/callback' do
    if auth = request.env['omniauth.auth'] 
      session[:user_id] = auth['info']['email']
      redirect '/'
    else
      redirect '/auth/failure'
    end
  end

  get '/auth/failure' do
    'Nope.'
  end
end

map Sinatra::Application.assets_prefix do
  run Sinatra::Application.sprockets
end

run Sinatra::Application

Authenticating with Github Organization

Make sure to add the following to your Gemfile.

gem 'omniauth-github'
gem 'octokit'

Here is a sample config.ru file that enables authentication against a github organization.

require 'omniauth/strategies/github'
require 'octokit'
require 'dashing'

configure do
  set :auth_token, 'YOUR_AUTH_TOKEN'

  helpers do
    def protected!
      redirect '/auth/github' unless session[:user_id]
    end
  end

  use Rack::Session::Cookie
  use OmniAuth::Builder do
    provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], scope: 'read:org'
  end

  get '/auth/github/callback' do
    organization_id = 318890

    auth = request.env['omniauth.auth']

    client = Octokit::Client.new access_token: auth['credentials']['token']
    user_orgs = client.user.rels[:organizations].get.data

    if user_orgs.any? { |org| org.id == organization_id }
      session[:user_id] = auth['info']['email']
      redirect '/'
    else
      redirect '/auth/failure'
    end
  end

  get '/auth/failure' do
    'Nope.'
  end

end

map Sinatra::Application.assets_prefix do
  run Sinatra::Application.sprockets
end

run Sinatra::Application