views:

95

answers:

3

I'm building an ror site and have been asked by to put a temporary access restriction on it. All that's needed is a general access restriction to be used by beta users. The site is deployed on an apache server (on a mac) using passenger. I'm wondering what solutions there are?

A: 

Here's is my first take on it, using the good old htaccess solution, which I found surprisingly little info about in regards to rails. Generate user/password file, for user 'beta':

mysite> htpasswd -c .htpasswd beta
mysite> chmod 755 .htpasswd

Create an access configuration file in the rails public dir 'public/.htaccess', containing:

AuthName "Enter password"
AuthType Basic
AuthUserFile /Users/myuser/projects/mysite/.htpasswd
require user beta

Change file rights:

mysite> chmod 755 public/.htaccess

Edit apache conf file (find out where it is with 'apachectl -V | grep SERVER_CONFIG_FILE'). In the section of the VirtualHost configuration, add the following to define what in the htaccess file is used:

AllowOverride All
par
A: 

Prefinery gives you an out of the box solution for this type of scenario http://www.prefinery.com/

ThinkBohemian
+2  A: 

I answered a similar question to this yesterday with a simple solution in Rails itself; I use this solution for protecting my development site from being spidered while testing. I've reposted it below for convenience.


Rails has a built-in helper for this, you could place this in your application controller:

protected
  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      username == "admin" && password == "test"
    end
  end

Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):

before_filter :authenticate

This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.

Edit Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:

/app/controllers/admin/admin_controller.rb

class Admin::AdminController < ApplicationController
  before_filter :authenticate
  protected
    def authenticate
      authenticate_or_request_with_http_basic do |username, password|
      username == "admin" && password == "test"
    end
  end
end

Then have all your controllers extend the admin controller, eg:

class Admin::ThingsController < Admin::AdminController

My routes are setup like so:

map.namespace :admin do |admin|
    admin.resources :things
end

Hope that helps.

Throlkim
Thanks, I figured there'd be something like this. I'll look into caching and give it a go ...
par
I've just flicked caching off for production while I'm building, but if you're doing a more serious beta test I could see that being more problematic. Good luck :D
Throlkim