@mkitio/gatsby-theme-password-protect

A Gatsby theme for protecting apps and pages with password

Feel free to submit improvements, bug reports and PRs.

Any planned changes or improvements will be listed in the theme's ROADMAP.md.

Description

Blocks complete access to your site to visitors without a password. After setting this theme, all access to your site will be blocked unless a visitor enters the password you set.

High-level protection for all pages within your site
Browser-session-based password persistance via cookie
Configurable password
Support for custom password-prompt page through Shadowing
Support for robot-friendly URL-encoded password query parameter
Easy to use

Install

# with yarn (recommended)
yarn add @mkitio/gatsby-theme-password-protect

# with npm
npm install --save @mkitio/gatsby-theme-password-protect

Example usage

// gatsby-config.js
module.exports = {
  plugins: [
    {
      resolve: '@mkitio/gatsby-theme-password-protect',
      options: {
        password: 'sUp3rS3cR3t' // delete or `undefined` to disable password protection
      }
    }
  ]
};

Advanced Usage

Theme options

Key	Default value	Description
`password`	`undefined`	The secret phrase (string) required from users to sign in.
`pagePaths`	`undefined`	An array of the page `pathname`s you want to protect.
`partialMatching`	`undefined`	Should the algorithm check for pathnames starting with the values of `pagePaths`.

Custom password-prompt page

Path to be shadowed: @mkitio/gatsby-theme-password-protect/components/PasswordProtect.js.

Overwrite the existing password-prompt page by replacing this component with your own implementation. The component's defaut export must be a React component that will be rendered instead of your app.

It's the developer's responsibility to persist the new password candidate. The easiest way to do it is by calling the exported helper function from utils.js#setSessionPassword(passwordCandidate);. It will save a password in the browser's cookies and later on retrieve it for comparison.

Custom password-getter and -setter

Path to be shadowed: @mkitio/gatsby-theme-password-protect/utils/utils.js.

Overwrite the existing password-persistance utilities by replacing this component with your own implementation. The names of the exported functions should remain the same because these are being called from within other theme components.

Robot-friendly URL-encoded query parameter

The password-prompt page can be skipped if the password is provided through a URL-encoded query parameter.

The query parameter name is secret. An example of valid URL with encoded password might be http://localhost:8000/?secret=sUp3rS3cR3t.

Note that every URL will need this query parameter appended in order to pass the password challenge.

How it works

Password check

The theme overrides wrapRootElement() for both gatsby-browser.js and gatsby-ssr.js.

At the start of wrapRootElement() the theme tries to read the password from the URL param secret or from a cookie with name gatsby-theme-password-protect.

Get the password candidate from URL param secret or cookie
If necessary compare the password candidate with the password set in options
If the passwords match allow the user to view the app or page
Otherwise render the password prompt component

Partial matching

With partialMatching: true any page under /hello* will require password.

['/hello'] would match and protect:

/hello,
/hello-world
/hello/world,
/helloworld

// gatsby-config.js
...
  options: {
    partialMatching: true,
    pagePaths: ['/hello']
  }
...

MK-IT / gatsby-theme-password-protect

readme