How can I password-protect my /sidekiq route (i.e. require authentication for the Sidekiq::Web tool)?

前端未结

关注

 8  1257

太阳男子 2021-02-01 00:52

I am using sidekiq in my rails application. By Default, Sidekiq can be accessed by anybody by appending \"/sidekiq\" after the url. I want to password protect / authenticate onl

8条回答

抹茶落季 (楼主)

2021-02-01 01:16

Put the following into your sidekiq initializer

require 'sidekiq'
require 'sidekiq/web'

Sidekiq::Web.use(Rack::Auth::Basic) do |user, password|
  # Protect against timing attacks:
  # - See https://codahale.com/a-lesson-in-timing-attacks/
  # - See https://thisdata.com/blog/timing-attacks-against-string-comparison/
  # - Use & (do not use &&) so that it doesn't short circuit.
  # - Use digests to stop length information leaking
  Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(user), ::Digest::SHA256.hexdigest(ENV["SIDEKIQ_USER"])) &
  Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(password), ::Digest::SHA256.hexdigest(ENV["SIDEKIQ_PASSWORD"]))
end

And in the routes file:

authenticate :user do
  mount Sidekiq::Web => '/sidekiq'
end

0 讨论(0)

查看其它8个回答