Posted over 10 years ago. Visible to the public.

Resque: Clearance authentication for dashboard

Resque Archive comes with its own dashboard (Resque server) that you can mount inside your Rails 3 application with

Copy
#config/routes.rb: require 'resque/server' My::Application.routes.draw do # ... mount Resque::Server => '/resque' end

Unfortunately, since this bypasses the filters in your ApplicationController, everyone can access this dashboard now (unless you have some Rack-based authentication in place, like Devise Archive ).

If you're using clearance, you can easily roll your own simple Rack-based authentication.

Change your routes.rb to
My::Application.routes.draw do
# ...

Copy
mount AuthenticatingResqueServer => '/resque' end

Put a authenticating_resque_server.rb into config/initializers:

Copy
require 'resque/server' class AuthenticatingResqueServer < Resque::Server class ClearanceAuthentication def initialize(app) @app = app end def call(env) @request = ActionDispatch::Request.new(env) remember_token = @request.cookies["remember_token"] if skip_authentication? or (remember_token.present? and User.find_by_remember_token(remember_token)) @app.call(env) else [ 401, { 'Content-Type' => 'text/plain', 'Content-Length' => '0' }, [] ] end end private STATIC_ASSET_PATTERN = /\.(css|png|jpg|js)$/ def skip_authentication? @request.get? and @request.path_info =~ STATIC_ASSET_PATTERN end end use ClearanceAuthentication end

Rack rules!

Does your version of Ruby on Rails still receive security updates?
Rails LTS provides security patches for old versions of Ruby on Rails (3.2 and 2.3).

Owner of this card:

Avatar
Tobias Kraze
Last edit:
over 9 years ago
Keywords:
resqueserver, redis
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Tobias Kraze to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more