Resque: Clearance authentication for dashboard

Resque Show archive.org snapshot comes with its own dashboard (Resque server) that you can mount inside your Rails 3 application with

#config/routes.rb:

require 'resque/server'

My::Application.routes.draw do
  # ...

  mount Resque::Server => '/resque'
end

Unfortunately, since this bypasses the filters in your ApplicationController, everyone can access this dashboard now (unless you have some Rack-based authentication in place, like Devise Show archive.org snapshot ).

If you're using clearance, you can easily roll your own simple Rack-based authentication.

Change your routes.rb to
My::Application.routes.draw do
# ...

  mount AuthenticatingResqueServer => '/resque'
end

Put a authenticating_resque_server.rb into config/initializers:

require 'resque/server'

class AuthenticatingResqueServer < Resque::Server

  class ClearanceAuthentication

    def initialize(app)
      @app = app
    end

    def call(env)
      @request = ActionDispatch::Request.new(env)
      remember_token = @request.cookies["remember_token"]
      if skip_authentication? or (remember_token.present? and User.find_by_remember_token(remember_token))
        @app.call(env)
      else
        [ 401, { 'Content-Type' => 'text/plain', 'Content-Length' => '0' }, [] ]
      end
    end

    private

    STATIC_ASSET_PATTERN = /\.(css|png|jpg|js)$/

    def skip_authentication?
      @request.get? and @request.path_info =~ STATIC_ASSET_PATTERN
    end
    
  end


  use ClearanceAuthentication

end

Rack rules!

Tobias Kraze Over 12 years ago
This website uses short-lived cookies to improve usability.
or learn more