Sinatra: How do I provide access to a login form while preventing access to the rest of my Sinatra a
Posted
by Brandon Toone
on Stack Overflow
See other posts from Stack Overflow
or by Brandon Toone
Published on 2010-04-22T15:08:20Z
Indexed on
2010/04/22
16:33 UTC
Read the original article
Hit count: 224
I recently created a Sinatra app with a login form (no basic auth). To prevent access to the app unless the user logged in I put a before block in place
before do
unless request.path_info == '/login'
authenticated?
end
end
I quickly realized that this prevented me from accessing resources in the public directory like my style sheet and logo unless authenticated first as well. To get around that I changed my filter to the following:
before do
unless request.path_info == '/login' || request.path_info == "/stylesheets/master.css" || request.path_info == "/images/logo.png"
authenticated?
end
end
If there were lots of resources I needed to provide exceptions to this way of making them would quickly become overwhelming. What is a better way to code this so I can make exceptions for the public directory or even its specific sub-directories and files like /stylesheets
, /images
, /images/bg.png
but not /secret
or /secret/eyes-only.pdf
?
Or ... Is there a completely different best-practice to handle this situation of locking down everything except the stuff related to logging in (handlers, views, resources)?
© Stack Overflow or respective owner