Lockup

The easiest way to lock a rails/rack application staging server from prying eyes and prying search engines.

Demo

Try to guess the codeword! (

?

icon will give you a hint!)

Go

or admit defeat, and visit this pre-baked URL
(or hover over the black box):

http://demo.lockup.interdiscipline.com?lockup_codeword= ring

or admit defeat (the codeword is: ring), and visit this pre-baked URL:

http://demo.lockup.interdiscipline.com?lockup_codeword=ring

Redirect Demo

You can send someone a link to anywhere on your locked site and it will be preserved once they unlock the site.

Go

http://demo.lockup.interdiscipline.com/some-cute-url?lockup_codeword= ring http://demo.lockup.interdiscipline.com/some-cute-url?lockup_codeword=ring

:(

Old busted

Fig. 1: Lame & Annoying

:)

New fancy

Fig. 2: Simple & Awesome

You think you’re clever, editing .htaccess files, or adding some middleware code to your application.rb file to protect your staging server, but you’re not. Everyone hates that little username/password sheet. You know the one (see Fig. 1 above). Your clients hate it, your coworkers hate, yes, even your mom hates it. It’s overkill, and it doesn’t work with password managers, and it only gets remembered for a session. The reason that client hasn’t emailed your back? Because they’re too embarrassed to ask for the login credentials for a fifth time.

gem 'lockup'

Add Lockup to your rails bundle. Choose a lockup codeword and add it to your application.yml file (if you’re using figaro) or to your application.rb file and you're set.

Now you have a simple, pretty, codeword-protected site that always redirects properly and is remembered on a particular browser until the codeword is changed. Oh, and for your less technically-inclined clients or team members, you can pass the codeword in the link you send them and they never even have to type it in.

Go ahead, try it. Jim from account services will love you. And so will your mom.

Details

Compatibility: Rails 3.x, 4.x, 5.x, 6.x

Quick Install

Add to your Gemﬁle:
gem 'lockup'

Define a codeword as:
ENV["LOCKUP_CODEWORD"] = 'secret' in your application.yml (if using figaro) or in application.rb.
Or, if you’re using Rails 4.1+, add the following to your secrets.yml file: lockup_codeword: 'secret'

Add the simple statement:
mount Lockup::Engine, at: '/lockup' to your config/routes.rb file. You’ll usually want it as your first route declaration.

Usage & Tips

Codewords are not case-sensitive, by design, to keep things simple.
Lockup will redirect back to wherever the site visitor was heading after they enter the codeword.
You can add ?lockup_codeword=secret to any url you send someone to let them bypass the login screen.
Lockup also makes a rudimentary attempt based on user agent to block major search engine bots/crawlers from following links with the lockup_codeword parameter.
Add an optional tip/hint, if you want, by defining: ENV["LOCKUP_HINT"] = 'Your hint here.'

Who?

Lockup is an Interdiscipline (Grant Blakeman) thing. Jake McHargue took the first pass at developing it into a proper engine/gem. It has been used it in production for years now on several different projects.

Links:
interdiscipline.com
@gblakeman
@jkmcrg