A simple gem to more elegantly place a staging server or other in-progress rails application behind a basic codeword. It’s easy to implement, share with clients/collaborators, and more beautiful than the typical password-protection sheet.
“Can I come into your fort?”
“…what’s the codeword?”
(currently used in production with Rails 3.X, Rails 4.X, Rails 5.X, and Rails 6.X)
gem 'lockup'
Define a codeword (see Usage below).
Mount the engine in your application’s routes file (usually first, for best results):
mount Lockup::Engine, at: '/lockup'
To set a codeword, define LOCKUP_CODEWORD in your environments/your_environment.rb file like so:
ENV['LOCKUP_CODEWORD'] = 'secret'
If you think you might need a hint:
ENV['LOCKUP_HINT'] = 'Something that you do not tell everyone.'
If you’re using Rails >= 4.1 or Rails >= 5.2, you can add your Lockup Codeword via Rails Secrets or Rails Credentials functionality in your secrets.yml or credentials.yml.enc file, respectively:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Alternately, Rails Credentials in >= 5.2 may be organized under the lockup namespace:
lockup:
codeword: 'love'
hint: 'Pepé Le Pew'
If you’re using Figaro, set your Lockup codeword and hint (optional) in your application.yml file:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Codewords are not case-sensitive, by design. Keep it simple.
Follow the installation instructions above.
In your application_controller.rb file, add:
skip_before_action :check_for_lockup, raise: false
before_action :check_for_lockup
http://somedomain.com/or_path/?lockup_codeword=love
The visitor is redirected and the cookie is set without them ever seeing the Lockup splash page.
(Lockup also makes a rudimentary attempt based on user agent to block major search engine bots/crawlers from following this link and indexing the site, just in case it ever gets out into the wild.)
The cookie set by Lockup defaults to 5 years. If you want to set a shorter amount of time, you can specify a number of weeks:
ENV['COOKIE_LIFETIME_IN_WEEKS'] = 4
cookie_lifetime_in_weeks: 4
If you would like to change the content or design of the lockup page, you can create the directories app/views/layouts/lockup and app/views/lockup/lockup and populate them with the default content from here, and then customize as desired.
Pull requests are quite welcome.
FAQs
Unknown package
We found that lockup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.