Sinatra: How do I provide access to a login form while preventing access to the rest of my Sinatra a

Posted by Brandon Toone on Stack Overflow See other posts from Stack Overflow or by Brandon Toone
Published on 2010-04-22T15:08:20Z Indexed on 2010/04/22 16:33 UTC
Read the original article Hit count: 224

Filed under:
|

I recently created a Sinatra app with a login form (no basic auth). To prevent access to the app unless the user logged in I put a before block in place

before do
  unless request.path_info == '/login'
    authenticated?
  end
end

I quickly realized that this prevented me from accessing resources in the public directory like my style sheet and logo unless authenticated first as well. To get around that I changed my filter to the following:

before do
  unless request.path_info == '/login' || request.path_info == "/stylesheets/master.css" || request.path_info == "/images/logo.png"
    authenticated?
  end
end

If there were lots of resources I needed to provide exceptions to this way of making them would quickly become overwhelming. What is a better way to code this so I can make exceptions for the public directory or even its specific sub-directories and files like /stylesheets, /images, /images/bg.png but not /secret or /secret/eyes-only.pdf?

Or ... Is there a completely different best-practice to handle this situation of locking down everything except the stuff related to logging in (handlers, views, resources)?

© Stack Overflow or respective owner

Related posts about sinatra

Related posts about ruby