A simple gem to more elegantly place a staging server or other in-progress rails application behind a basic codeword. It’s easy to implement, share with clients/collaborators, and more beautiful than the typical password-protection sheet.
“Can I come into your fort?”
“…what’s the codeword?”
(currently used in production with Rails 3.X, Rails 4.X, Rails 5.X, and Rails 6.X)
gem 'lockup'
Define a codeword (see Usage below).
Mount the engine in your application’s routes file (usually first, for best results):
mount Lockup::Engine, at: '/lockup'
To set a codeword, define LOCKUP_CODEWORD in your environments/your_environment.rb file like so:
ENV['LOCKUP_CODEWORD'] = 'secret'
If you think you might need a hint:
ENV['LOCKUP_HINT'] = 'Something that you do not tell everyone.'
If you’re using Rails >= 4.1 or Rails >= 5.2, you can add your Lockup Codeword via Rails Secrets or Rails Credentials functionality in your secrets.yml or credentials.yml.enc file, respectively:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Alternately, Rails Credentials in >= 5.2 may be organized under the lockup namespace:
lockup:
codeword: 'love'
hint: 'Pepé Le Pew'
If you’re using Figaro, set your Lockup codeword and hint (optional) in your application.yml file:
lockup_codeword: 'love'
lockup_hint: 'Pepé Le Pew'
Codewords are not case-sensitive, by design. Keep it simple.
Follow the installation instructions above.
In your application_controller.rb file, add:
skip_before_action :check_for_lockup, raise: false
before_action :check_for_lockup
http://somedomain.com/or_path/?lockup_codeword=love
The visitor is redirected and the cookie is set without them ever seeing the Lockup splash page.
(Lockup also makes a rudimentary attempt based on user agent to block major search engine bots/crawlers from following this link and indexing the site, just in case it ever gets out into the wild.)
The cookie set by Lockup defaults to 5 years. If you want to set a shorter amount of time, you can specify a number of weeks:
ENV['COOKIE_LIFETIME_IN_WEEKS'] = 4
cookie_lifetime_in_weeks: 4
If you would like to change the content or design of the lockup page, you can create the directories app/views/layouts/lockup and app/views/lockup/lockup and populate them with the default content from here, and then customize as desired.
Pull requests are quite welcome.
FAQs
Unknown package
We found that lockup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.