Permalink
Browse files

Protect the admin area with configurable basic HTTP auth.

  • Loading branch information...
1 parent 04e2112 commit 114a6421e99437e781e804da00b40499877a765e @markoa markoa committed Dec 13, 2010
Showing with 23 additions and 0 deletions.
  1. +1 −0 Gemfile
  2. +1 −0 Gemfile.lock
  3. +19 −0 coming_soon.rb
  4. +2 −0 config.yml.example
View
@@ -1,6 +1,7 @@
source 'http://rubygems.org'
gem 'sinatra'
+gem 'rack'
gem 'activerecord', '3.0.0'
gem 'fastercsv'
View
@@ -51,4 +51,5 @@ DEPENDENCIES
cucumber-sinatra
database_cleaner
fastercsv
+ rack
sinatra
View
@@ -58,11 +58,13 @@ class User < ActiveRecord::Base
end
get '/backstage' do
+ protected!
@user_count = User.count
erb :backstage
end
get '/backstage/csv' do
+ protected!
csv_content = FasterCSV.generate do |csv|
User.find_each do |user|
csv << [user.email]
@@ -95,5 +97,22 @@ def flash_message(message)
def pluralize(count, singular, plural = nil)
"#{count || 0} " + ((count == 1 || count =~ /^1(\.0+)?$/) ? singular : (plural || singular.pluralize))
end
+
+ def testing?
+ ENV['RACK_ENV'] == "test"
+ end
+
+ def protected!
+ unless authorized?
+ response['WWW-Authenticate'] = %(Basic realm="Authentication Required")
+ throw(:halt, [401, "Not authorized\n"])
+ end
+ end
+
+ def authorized?
+ return true if testing?
+ @auth ||= Rack::Auth::Basic::Request.new(request.env)
+ @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == [APP_CONFIG["admin_username"], APP_CONFIG["admin_password"]]
+ end
end
end
View
@@ -1 +1,3 @@
app_name: ComingSoon
+admin_username: admin
+admin_password: admin

0 comments on commit 114a642

Please sign in to comment.