I want the /admin route on my rails app to be protected by using .htaccess password files - is this possible?
A:
ruby on rails per se don't offer such a thing, though a rack middleware might do as well. If you use apache and passenger: Yes you can use .htaccess.
Thomas R. Koll
2010-05-10 06:34:48
+4
A:
Rails has a built-in helper for this, you could place this in your application controller:
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
Then use a before_filter on any controllers you want to protect (or just stick it in the application controller to block the whole site):
before_filter :authenticate
This method works on Nginx as well as Apache, which is an added bonus. It doesn't, however, work if you have full page caching enabled - as the visitor never hits the Rails stack; it won't kick in.
Edit Just noticed that you specified the /admin route. All my admin controllers inherit from an AdminController. You could set yours up like so:
/app/controllers/admin/admin_controller.rb
class Admin::AdminController < ApplicationController
before_filter :authenticate
protected
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "admin" && password == "test"
end
end
end
Then have all your controllers extend the admin controller, eg:
class Admin::ThingsController < Admin::AdminController
My routes are setup like so:
map.namespace :admin do |admin|
admin.resources :things
end
Hope that helps.
Throlkim
2010-05-10 12:40:16