Add Rodauth integration, forcing users to authenticate before using Ginatra

jeremyevans · jeremyevans · commit 28108ebec96e · 2016-04-05T12:22:09.000-07:00
diff --git a/README.md b/README.md
@@ -1,3 +1,10 @@
+# Ginatra/Rodauth Integration
+
+This branch shows how to integrate Ginatra with the Rodauth authentication framework.
+Ginatra by default does not support authentication, which means it can only be used
+in trusted environments.  This allows you to use Ginatra in untrusted environments,
+by forcing users to login via Rodauth.
+
 # Ginatra
 
 [![Build Status](https://img.shields.io/travis/NARKOZ/ginatra/master.svg)](https://travis-ci.org/NARKOZ/ginatra)
diff --git a/lib/ginatra.rb b/lib/ginatra.rb
@@ -8,6 +8,9 @@
 require 'ginatra/repo'
 require 'ginatra/repo_list'
 require 'ginatra/repo_stats'
+require 'roda'
+require 'sequel/core'
+require 'bcrypt'
 
 module Ginatra
   # The main application class.
@@ -36,6 +39,50 @@ class App < Sinatra::Base
       Dir["#{settings.root}/ginatra/*.rb"].each { |file| also_reload file }
     end
 
+    # Add a cookie-based session handler, to store the login id of the user
+    use Rack::Session::Cookie, :secret=>File.file?('ginatra.secret') ? File.read('ginatra.secret') : (ENV['GINATRA_SECRET'] || SecureRandom.hex(20))
+
+    class RodauthApp < Roda
+      # Include these modules, as Ginatra's layout calls methods in them
+      include Ginatra::Helpers
+      include Sinatra::Partials
+
+      # Setup the database unless it already exists
+      db = Sequel.sqlite('users.sqlite3')
+      unless db.table_exists?(:accounts)
+        db.create_table(:accounts) do
+          primary_key :id
+          String :email, :unique=>true, :null=>false
+          String :password_hash, :null=>false
+        end
+
+        # Add a demo account for testing, since we aren't allowing users to create their own
+        # accounts.
+        db[:accounts].insert(:email=>'demo', :password_hash=>BCrypt::Password.create('demo'))
+      end
+
+      plugin :middleware
+      plugin :rodauth do
+        enable :login
+
+        # Since we are using SQLite as the database and not PostgreSQL, just store the
+        # password hash in a column in the main table
+        account_password_hash_column :password_hash
+      end
+
+      # Alias render to erb, since the layout calls the erb method to render
+      alias erb render
+
+      route do |r|
+        r.rodauth
+
+        # Force all users to login before accessing Ginatra
+        rodauth.require_authentication
+      end
+    end
+
+    use RodauthApp
+
     def cache(obj)
       etag obj if settings.production?
     end
