Skip to content

How to: Add authentication

Phylor edited this page Mar 7, 2018 · 14 revisions

Each time you visit a dashboard, a method called protected! gets called. For all new Dashing projects, this method does nothing. You can override this behaviour in the config.ru file.

helpers do
  def protected!
  # Put any authentication code you want in here.
  # This method is run before accessing any resource.
  end
end

Authenticating via auth_token Querystring Param

Add the following to your config.ru file:

configure do
  set :auth_token, 'YOUR_AUTH_TOKEN'
  enable :sessions

  helpers do
    def protected!
      if session.include?('auth_token') && authenticated?(session['auth_token'])
        return
      end
      unless authenticated?(params['token'])
        response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
        throw(:halt, [401, "Not authorized\n"])
      end
      session['auth_token'] = params['token']
    end
  end
end

Authenticating with HTTP Basic Auth

Add the following to your config.ru file:

helpers do

  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Restricted Area")
      throw(:halt, [401, "Not authorized\n"])
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == ['admin', 'admin']
  end

end

Authenticating with basic IP Check

Add the following to your config.ru file

helpers do

    def protected!
      # Define whitelisted ips
      @ips = ['127.0.0.1', 'your-ips-here']

      # If request ip not included
      if not @ips.include? request.ip
        # Deny request
        throw(:halt, [401, "Not authorized\n"])
      end
    end

end

Authenticating with Google Apps

Make sure to add the following to your Gemfile.

gem 'omniauth-google-oauth2'

Follow the instructions to obtain a Google Client ID and Secret.

Here is a sample config.ru file that enables Google Apps auth.

require 'omniauth/google_oauth2'
require 'dashing'

configure do
  use Rack::Session::Cookie, secret: 'SOME_SECRET'

  # See http://www.sinatrarb.com/intro.html > Available Template Languages on
  # how to add additional template languages.
  set :template_languages, %i[html erb]

  helpers do
    def protected!
      redirect '/auth/g' unless session[:user_id]
    end
  end

  use OmniAuth::Builder do
    provider :google_oauth2, 'YOUR_GOOGLE_CLIENT_ID', 'YOUR_GOOGLE_SECRET', name: 'g', hd: 'YOURDOMAIN.com'
  end

  get '/auth/g/callback' do
    if auth = request.env['omniauth.auth']
      session[:user_id] = auth['info']['email']
      redirect '/'
    else
      redirect '/auth/failure'
    end
  end

  get '/auth/failure' do
    'Nope.'
  end
end

map Sinatra::Application.assets_prefix do
  run Sinatra::Application.sprockets
end

run Sinatra::Application

Authenticating with Github Organization

Make sure to add the following to your Gemfile.

gem 'omniauth-github'
gem 'octokit'

Here is a sample config.ru file that enables authentication against a github organization.

require 'omniauth/strategies/github'
require 'octokit'
require 'dashing'

configure do
  set :auth_token, 'YOUR_AUTH_TOKEN'

  helpers do
    def protected!
      redirect '/auth/github' unless session[:user_id]
    end
  end

  use Rack::Session::Cookie
  use OmniAuth::Builder do
    provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], scope: 'read:org'
  end

  get '/auth/github/callback' do
    organization_id = 318890

    auth = request.env['omniauth.auth']

    client = Octokit::Client.new access_token: auth['credentials']['token']
    user_orgs = client.organization_memberships

    if user_orgs.any? { |org| org.organization.id == organization_id }
      session[:user_id] = auth['info']['email']
      redirect '/'
    else
      redirect '/auth/failure'
    end
  end

  get '/auth/failure' do
    'Nope.'
  end

end

map Sinatra::Application.assets_prefix do
  run Sinatra::Application.sprockets
end

run Sinatra::Application
Clone this wiki locally