I'm building an ror site and have been asked by to put a temporary access restriction on it. All that's needed is a general access restriction to be used by beta users. The site is deployed on an apache server (on a mac) using passenger. I'm wondering what solutions there are?
Here's is my first take on it, using the good old htaccess solution, which I found surprisingly little info about in regards to rails. Generate user/password file, for user 'beta':
mysite> htpasswd -c .htpasswd beta
mysite> chmod 755 .htpasswd
Create an access configuration file in the rails public dir 'public/.htaccess', containing:
AuthName "Enter password"
AuthType Basic
AuthUserFile /Users/myuser/projects/mysite/.htpasswd
require user beta
Change file rights:
mysite> chmod 755 public/.htaccess
Edit apache conf file (find out where it is with 'apachectl -V | grep SERVER_CONFIG_FILE'). In the section of the VirtualHost configuration, add the following to define what in the htaccess file is used:
AllowOverride All
Prefinery gives you an out of the box solution for this type of scenario http://www.prefinery.com/
I answered a similar question to this yesterday with a simple solution in Rails itself; I use this solution for protecting my development site from being spidered while testing. I've reposted it below for convenience.
Rails has a built-in helper for this, you could place this in your application controller:
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):
before_filter :authenticate
This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.
Edit Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:
/app/controllers/admin/admin_controller.rb
class Admin::AdminController < ApplicationController
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
end
Then have all your controllers extend the admin controller, eg:
class Admin::ThingsController < Admin::AdminController
My routes are setup like so:
map.namespace :admin do |admin|
admin.resources :things
end
Hope that helps.