Http Basic Auth

People often ask about adding basic auth, so here's an example config.ru that has a single hardcoded password.

require "rubygems"
require "geminabox"

Geminabox.data = "/var/geminabox-data" # …or wherever

use Rack::Auth::Basic, "GemInAbox" do |username, password|
  'your massively secure password' == password
end

run Geminabox::Server

If you only want to protect uploads and deletions you can use this solution.

require "rubygems"
require "geminabox"

Geminabox.data = "/var/geminabox-data" # ... or wherever

Geminabox::Server.helpers do
  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Geminabox")
      halt 401, "No pushing or deleting without auth.\n"
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['username', 'password']
  end
end

Geminabox::Server.before '/upload' do
  protected!
end

Geminabox::Server.before do
  protected! if request.delete?
end

Geminabox::Server.before '/api/v1/gems' do
  unless env['HTTP_AUTHORIZATION'] == 'API_KEY'
    halt 401, "Access Denied. Api_key invalid or missing.\n"
  end
end

run Geminabox::Server

Using Basic Auth and role-based authorization, see: https://gist.github.com/cmer/48e8c108d7c45139e0d993b65eb6f0f0

Using rack-auth-ldap gem to provide ldap auth:

require "rubygems"
require "geminabox"
require 'rack/auth/ldap'

Geminabox.data = "/var/geminabox-data" # ... or wherever

class Geminabox::Auth < Rack::Auth::Ldap
  def call(env)
    request = Rack::Request.new(env)
    if request.path == '/upload' or request.post?
      super           # perform auth
    else
      @app.call(env)  # skip auth
    end
  end
end

use Geminabox::Auth

run Geminabox::Server