Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Selectively allow some urls through Rack::Auth::Basic

Tags:

ruby

rack

I've set up a blog that I'd like to be minimally secured (i.e., I just want to keep out random people I don't know, I'm not trying to implement NSA-like security measures). I'm using toto with Rack::Auth::Basic to "secure" the site. I'd like to let through index.xml so that blog readers will be able to read the feed without dealing with password (and yes, I know that this is a big hole in my "security").

How do I let through this one url with Rack::Auth::Basic?

This is how I added basic auth to my site:

use Rack::Auth::Basic, "blog" do |username, password|
  [username, password] == ['generic', 'stupidanddumbpassword']
end
like image 723
guidoism Avatar asked May 18 '11 18:05

guidoism


1 Answers

How about some good ol' fashioned inheritance? Rack::Auth::Basic is a simple rack app (source: https://github.com/rack/rack/blob/master/lib/rack/auth/basic.rb), so it's possible to override the #call method and skip authentication when the request path matches '/index.xml':

class BlogAuth < Rack::Auth::Basic

  def call(env)
    request = Rack::Request.new(env)
    case request.path
    when '/index.xml'
      @app.call(env)  # skip auth
    else
      super           # perform auth
    end
  end

end

use BlogAuth, "blog" do |username, password|
  [username, password] == ['generic', 'stupidanddumbpassword']
end

For more background on rack, check out: http://rack.rubyforge.org/doc/SPEC.html

I haven't tried @Iain's suggestion about Rack::URLMap, but it looks like it could also be a good option.

like image 132
rossta Avatar answered Oct 02 '22 12:10

rossta