A simple gem to more elegantly place a staging server or other in-progress rails application behind a basic codeword. It’s easy to implement, share with clients/collaborators, and more beautiful than the typical password-protection sheet.
“Can I come into your fort?”
“…what’s the codeword?”
(currently used in production with Rails 3.X, Rails 4.X, Rails 5.X, and Rails 6.X)
- Add this line to your application’s Gemfile:
gem 'lockup'
-
Define a codeword (see Usage below).
-
Mount the engine in your application’s routes file (usually first, for best results):
mount Lockup::Engine, at: '/lockup'
To set a codeword, define LOCKUP_CODEWORD in your environments/your_environment.rb file like so:
ENV['LOCKUP_CODEWORD'] = 'secret'
If you think you might need a hint:
ENV['LOCKUP_HINT'] = 'Something that you do not tell everyone.'
If you’re using Rails >= 4.1 or Rails >= 5.2, you can add your Lockup Codeword via Rails Secrets or Rails Credentials functionality in your secrets.yml
or credentials.yml.enc
file, respectively:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Alternately, Rails Credentials in >= 5.2 may be organized under the lockup
namespace:
lockup:
codeword: 'love'
hint: 'Pepé Le Pew'
If you’re using Figaro, set your Lockup codeword and hint (optional) in your application.yml file:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Codewords are not case-sensitive, by design. Keep it simple.
-
Follow the installation instructions above.
-
In your application_controller.rb file, add:
skip_before_action :check_for_lockup, raise: false
- In the controller(s) you would like to restrict:
before_action :check_for_lockup
http://somedomain.com/or_path/?lockup_codeword=love
The visitor is redirected and the cookie is set without them ever seeing the Lockup splash page.
(Lockup also makes a rudimentary attempt based on user agent to block major search engine bots/crawlers from following this link and indexing the site, just in case it ever gets out into the wild.)
The cookie set by Lockup defaults to 5 years. If you want to set a shorter amount of time, you can specify a number of weeks:
ENV['COOKIE_LIFETIME_IN_WEEKS'] = 4
cookie_lifetime_in_weeks: 4
If you would like to change the content or design of the lockup page, you can create the directories app/views/layouts/lockup
and app/views/lockup/lockup
and populate them with the default content from here, and then customize as desired.
Pull requests are quite welcome.