Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: master
Fetching contributors…

Cannot retrieve contributors at this time

254 lines (172 sloc) 4.285 kB

Rack::Auth Basic and Digest

You can easily protect your Sinatra application using HTTP Basic and Digest Authentication with the help of Rack middlewares.

Protect the whole application

These examples show how to protect the whole application (all routes).

HTTP Basic Authentication

For classic applications:

#main.rb

require 'sinatra'

use Rack::Auth::Basic, "Protected Area" do |username, password|
  username == 'foo' && password == 'bar'
end

get '/' do
  "secret"
end

get '/another' do
  "another secret"
end

For modular applications:

#main.rb

require 'sinatra/base'

class Protected < Sinatra::Base

  use Rack::Auth::Basic, "Protected Area" do |username, password|
    username == 'foo' && password == 'bar'
  end

  get '/' do
    "secret"
  end

end

Protected.run!

To try these examples just run ruby main.rb -p 4567 and visit http://localhost:4567

HTTP Digest Authentication

To use digest authentication with current versions of Rack a config.ru file is needed.

For classic applications:

#main.rb

require 'sinatra'

get '/' do
  "secret"
end
#config.ru

require File.expand_path '../main.rb', __FILE__

app = Rack::Auth::Digest::MD5.new(Sinatra::Application) do |username|
  {'foo' => 'bar'}[username]
end

app.realm = 'Protected Area'
app.opaque = 'secretkey'

run app

For modular applications:

#main.rb

require 'sinatra/base'

class Protected < Sinatra::Base

  get '/' do
    "secret"
  end

  def self.new(*)
    app = Rack::Auth::Digest::MD5.new(super) do |username|
      {'foo' => 'bar'}[username]
    end
    app.realm = 'Protected Area'
    app.opaque = 'secretkey'
    app
  end
end
#config.ru

require File.expand_path '../main.rb', __FILE__

run Protected

To try these examples just run rackup -p 4567 and visit http://localhost:4567

Protect specific routes

If you want to protect just specific routes things get a bit complicated. There are many ways to do it. The one I show here uses modular applications and a config.ru file.

HTTP Basic Authentication

First the main.rb

#main.rb

require 'sinatra/base'

class Protected < Sinatra::Base

  use Rack::Auth::Basic, "Protected Area" do |username, password|
    username == 'foo' && password == 'bar'
  end

  get '/' do
    "secret"
  end

  get '/another' do
    "another secret"
  end

end

class Public < Sinatra::Base

  get '/' do
    "public"
  end

end

And the config.ru

#config.ru

require File.expand_path '../main.rb', __FILE__

run Rack::URLMap.new({
  "/" => Public,
  "/protected" => Protected
})

To try these examples just run rackup -p 4567 and visit http://localhost:4567

The resulting routes are explained at the bottom of this page.

HTTP Digest Authentication

First the main.rb

#main.rb

require 'sinatra/base'

class Protected < Sinatra::Base

  get '/' do
    "secret"
  end

  get '/another' do
    "another secret"
  end

  def self.new(*)
    app = Rack::Auth::Digest::MD5.new(super) do |username|
      {'foo' => 'bar'}[username]
    end
    app.realm = 'Protected Area'
    app.opaque = 'secretkey'
    app
  end
end

class Public < Sinatra::Base

  get '/' do
    "public"
  end

end

And the config.ru

#config.ru

require File.expand_path '../main.rb', __FILE__

run Rack::URLMap.new({
  "/" => Public,
  "/protected" => Protected
})

To try these examples just run rackup -p 4567 and visit http://localhost:4567

The resulting routes

The routes display the following:

  • / displays "public"
  • /protected displays "secret"
  • /protected/another displays "another secret"

All the protected routes are mounted at /protected so if you add another route to the Protected class like for example get '/foo' do... it can be reached at /protected/foo. To change it just modify the call to Rack::URLMap.new... to your likings.

Jump to Line
Something went wrong with that request. Please try again.