Read more

Resque: Clearance authentication for dashboard

Tobias Kraze
July 24, 2011Software engineer at makandra GmbH

Resque Show archive.org snapshot comes with its own dashboard (Resque server) that you can mount inside your Rails 3 application with

#config/routes.rb:

require 'resque/server'

My::Application.routes.draw do
  # ...

  mount Resque::Server => '/resque'
end
Illustration UI/UX Design

UI/UX Design by makandra brand

We make sure that your target audience has the best possible experience with your digital product. You get:

  • Design tailored to your audience
  • Proven processes customized to your needs
  • An expert team of experienced designers
Read more Show archive.org snapshot

Unfortunately, since this bypasses the filters in your ApplicationController, everyone can access this dashboard now (unless you have some Rack-based authentication in place, like Devise Show archive.org snapshot ).

If you're using clearance, you can easily roll your own simple Rack-based authentication.

Change your routes.rb to
My::Application.routes.draw do
# ...

  mount AuthenticatingResqueServer => '/resque'
end

Put a authenticating_resque_server.rb into config/initializers:

require 'resque/server'

class AuthenticatingResqueServer < Resque::Server

  class ClearanceAuthentication

    def initialize(app)
      @app = app
    end

    def call(env)
      @request = ActionDispatch::Request.new(env)
      remember_token = @request.cookies["remember_token"]
      if skip_authentication? or (remember_token.present? and User.find_by_remember_token(remember_token))
        @app.call(env)
      else
        [ 401, { 'Content-Type' => 'text/plain', 'Content-Length' => '0' }, [] ]
      end
    end

    private

    STATIC_ASSET_PATTERN = /\.(css|png|jpg|js)$/

    def skip_authentication?
      @request.get? and @request.path_info =~ STATIC_ASSET_PATTERN
    end
    
  end


  use ClearanceAuthentication

end

Rack rules!

Tobias Kraze
July 24, 2011Software engineer at makandra GmbH
Posted by Tobias Kraze to makandra dev (2011-07-24 21:23)