django-moat is a mini-app adds an additional layer of authentication via HTTP Basic Auth. It's primary use case is to prevent access staging, development, or otherwise private sites on the public internet. It is equivalent to configuring Basic Auth on your webserver (Apache, nginx) but works in environments where that is not possible (heroku).
pip install django-moat
To install from source
pip install -e git+https://github.com/amrox/django-moat#egg=django-moat
moat.middleware.MoatMiddleware to your
MIDDLEWARE_CLASSES = ( # Existing middleware classes "moat.middleware.MoatMiddleware", )
moat has several configuration variable you may put in your
Enable or disable
moat. (True or False)
MOAT_ENABLED = True
Set Basic Auth Realm
HTTP_AUTH_REALM = 'App Staging'
A list of views to allow through
MOAT_ALWAYS_ALLOW_VIEWS = ['myapp.views.home']
A list of modules to allow through
MOAT_ALWAYS_ALLOW_MODULES = ['oauth_provider.views']
A list of regex of urls to allow through
MOAT_ALWAYS_ALLOW_URLS = ['^/$', '^/blog/.*$']
Let the admin site through
MOAT_ALLOW_ADMIN = True
Disable HTTPS. For testing purposes only. Don't ship with this on.
MOAT_DEBUG_DISABLE_HTTPS = True
Finally you may want to set the SESSION_EXPIRE_AT_BROWSER_CLOSE setting.
Your site now requires that your authenticate with a staff-level user before accessing any non-whitelisted view. It is recommended that your add a dedicate staff-level user in the django admin for moat authentication.
By default, the admin views will be blocked by
moat. You'll either need to
create a user with
django-admin.py, or set
Code borrowed from:
Thanks to Ryan Balfanz for suggesting the name