Created
April 13, 2011 14:08
-
-
Save scottwater/917607 to your computer and use it in GitHub Desktop.
Quick samples on securing Resque::Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'resque/server' | |
class SecureResqueServer < Resque::Server | |
before do | |
redirect '/' unless some_condition_is_met! | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'resque/server' | |
class SecureResqueServer < Resque::Server | |
use Rack::Auth::Basic, "Restricted Area" do |username, password| | |
[username, password] == ['admin', 'admin'] | |
end | |
end |
I banged my head on this for a while before finding this helpful gist. In Rails 6 I did the following:
config/routes.rb
Rails.application.routes.draw do
# YOUR ROUTES HERE
mount Resque::Server.new, at: "/resque"
end
config/initializers/resque_auth.rb
require 'resque/server'
Resque::Server.use(Rack::Auth::Basic) do |user, password|
[user, password] == [ENV["RESQUE_HTTP_BASIC_AUTH_USER"], ENV["RESQUE_HTTP_BASIC_AUTH_PASSWORD"]]
end
I don't put the user and password directly in the code, I load those as environment variables from a file I do not check into version control for security.
config/env_config.yml
RESQUE_HTTP_BASIC_AUTH_USER: "YOUR_USER_NAME_HERE"
RESQUE_HTTP_BASIC_AUTH_PASSWORD: "YOUR_PASSWORD_HERE"
config/application.rb
# Add this in the config.before_configuration do block, this is not a complete application.rb
env_file = File.join(Rails.root, 'config', 'env_config.yml')
YAML.load(File.open(env_file)).each do |key, value|
ENV[key.to_s] = value
end if File.exists?(env_file)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Oddly enough, the railscast alternative did not do it for me. I had to use @scottwater's second solution .