Project

workarea-basic_auth

0.0
No commit activity in last 3 years
No release in over 3 years
workarea-basic_authworkarea-commerce/workarea-basic-authHomepageDocumentationSource CodeBug TrackerWiki
HTTP basic authentication Rack middleware for the Workarea Commerce Platform
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
18,296
Stars
0
Forks
1
Watchers
3
 Releases
Current version
1.1.2
Total releases
2
First release
2019-08-21
Latest release
2019-09-17
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
Business Software License
Average date of last 50 commits
2019-10-02
Reverse Dependencies
0

 Dependencies

Runtime

rack
~> 2.0
workarea
~> 3.x, >= 3.0.4
 Project Readme

Workarea Basic Auth

A Workarea Commerce plugin that adds middleware to enable HTTP Basic Auth for the Workarea Commerce platform, preventing undesired traffic (like bots) on staging and QA environments.

Getting Started

Add the gem to your application's Gemfile:

# ...
gem 'workarea-basic_auth'
# ...

Update your application's bundle.

cd path/to/application
bundle

Configuration

By default, workarea-basic-auth is disabled. To require basic authentication for routes in your application, set the following properties in Workarea.config:

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.protect_routes.add('/products')
  config.basic_auth.protect_routes.add('/categories')
  config.basic_auth.protect_routes.add('/contact')
  config.basic_auth.exclude_routes.add('/api*')
  config.basic_auth.exclude_routes.add('/products/my-sweet-product')
end

The configuration above will require HTTP basic auth for all routes and HTTP methods other than those that start with /api or /products/my-sweet-product.

Excluding Assets

Need to exclude assets from http basic auth?

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.exclude_routes.add('/assets/*')
end

Excluding routes based off HTTP method

You can also specify protecting or excluding protection of routes for specific HTTP methods:

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.protect_routes.add('/login', :post, :option)
  config.basic_auth.protect_routes.add('/contact', :put)
end

The configuration above will require HTTP basic auth when sending a POST or OPTION request to /login or a PUT request to /contact.

Excluding routes based off a Proc

Sometimes you may run into a case where path/method just won't cut it. You can pass a protect or exclude route a proc that will be passed a Rack::Request object. Anytime the proc returns true, that path will match for either protection or exclusion.

For example, in order to allow the AWS ElasticLoadBalancer the ability to check an instances health, we exclude basic auth protection from any request where the User Agent contains 'ELB-HealthChecker':

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.exclude_routes.add('/*', ->(request) {
    request.env['HTTP_USER_AGENT'].include?('ELB-HealthChecker')
  })
end

Workarea Commerce Documentation

See https://developer.workarea.com for Workarea Commerce documentation.

License

Workarea Basic Auth is released under the Business Software License