Workarea Basic Auth

A Workarea Commerce plugin that adds middleware to enable HTTP Basic Auth for the Workarea Commerce platform, preventing undesired traffic (like bots) on staging and QA environments.

Getting Started

Add the gem to your application's Gemfile:

# ...
gem 'workarea-basic_auth'
# ...

Update your application's bundle.

cd path/to/application
bundle

Configuration

By default, workarea-basic-auth is disabled. To require basic authentication for routes in your application, set the following properties in Workarea.config:

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.protect_routes.add('/products')
  config.basic_auth.protect_routes.add('/categories')
  config.basic_auth.protect_routes.add('/contact')
  config.basic_auth.exclude_routes.add('/api*')
  config.basic_auth.exclude_routes.add('/products/my-sweet-product')
end

The configuration above will require HTTP basic auth for all routes and HTTP methods other than those that start with /api or /products/my-sweet-product.

Excluding Assets

Need to exclude assets from http basic auth?

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.exclude_routes.add('/assets/*')
end

Excluding routes based off HTTP method

You can also specify protecting or excluding protection of routes for specific HTTP methods:

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.protect_routes.add('/login', :post, :option)
  config.basic_auth.protect_routes.add('/contact', :put)
end

The configuration above will require HTTP basic auth when sending a POST or OPTION request to /login or a PUT request to /contact.

Excluding routes based off a Proc

Sometimes you may run into a case where path/method just won't cut it. You can pass a protect or exclude route a proc that will be passed a Rack::Request object. Anytime the proc returns true, that path will match for either protection or exclusion.

For example, in order to allow the AWS ElasticLoadBalancer the ability to check an instances health, we exclude basic auth protection from any request where the User Agent contains 'ELB-HealthChecker':

Workarea.configure do |config|
  config.basic_auth.enabled = true
  config.basic_auth.user = 'my_username'
  config.basic_auth.pass = 'my_password'
  config.basic_auth.exclude_routes.add('/*', ->(request) {
    request.env['HTTP_USER_AGENT'].include?('ELB-HealthChecker')
  })
end

Workarea Commerce Documentation

See https://developer.workarea.com for Workarea Commerce documentation.

License

Workarea Basic Auth is released under the Business Software License