-
Notifications
You must be signed in to change notification settings - Fork 315
Http Basic Auth
Carl Mercier edited this page Mar 8, 2018
·
9 revisions
People often ask about adding basic auth, so here's an example config.ru that has a single hardcoded password.
require "rubygems"
require "geminabox"
Geminabox.data = "/var/geminabox-data" # …or wherever
use Rack::Auth::Basic, "GemInAbox" do |username, password|
'your massively secure password' == password
end
run Geminabox::Server
If you only want to protect uploads and deletions you can use this solution.
require "rubygems"
require "geminabox"
Geminabox.data = "/var/geminabox-data" # ... or wherever
Geminabox::Server.helpers do
def protected!
unless authorized?
response['WWW-Authenticate'] = %(Basic realm="Geminabox")
halt 401, "No pushing or deleting without auth.\n"
end
end
def authorized?
@auth ||= Rack::Auth::Basic::Request.new(request.env)
@auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['username', 'password']
end
end
Geminabox::Server.before '/upload' do
protected!
end
Geminabox::Server.before do
protected! if request.delete?
end
Geminabox::Server.before '/api/v1/gems' do
unless env['HTTP_AUTHORIZATION'] == 'API_KEY'
halt 401, "Access Denied. Api_key invalid or missing.\n"
end
end
run Geminabox::Server
Using Basic Auth and role-based authorization, see: https://gist.github.com/cmer/48e8c108d7c45139e0d993b65eb6f0f0
Using rack-auth-ldap gem to provide ldap auth:
require "rubygems"
require "geminabox"
require 'rack/auth/ldap'
Geminabox.data = "/var/geminabox-data" # ... or wherever
class Geminabox::Auth < Rack::Auth::Ldap
def call(env)
request = Rack::Request.new(env)
if request.path == '/upload' or request.post?
super # perform auth
else
@app.call(env) # skip auth
end
end
end
use Geminabox::Auth
run Geminabox::Server