Closed copiousfreetime closed 12 years ago
Would love to see this added.
As a short term measure, you could restrict access by IP address inside your config.ru
There are a couple of ways to add authentication to stickler.
https://user:pass@stickler.example.com/
I don't know if the stickler specific commands will work with that yet, but I'll get some time this month to play around with it and see what it would take.
Last time I tried HTTP-AUTH it didn't work, I was unable to upload new gems. Downloading worked no problem though.
n.b. that was several months ago.
@lantins good to know, thanks.
:+1:
@copiousfreetime I can confirm that http auth (nginx in our case) blocks any sort of upload command.
It looks like the fix is that you have to specify the basic auth portion as a header. For example,
require 'base64'
login = Base64.urlsafe_encode64("user:qwerty123")
c = Excon.new('http://localhost/path')
puts c.request(:method => :get, :headers => {'Authorization' => "Basic #{login}"})
I've just committed c3580d4824afe31d8449cdbe5112a52fa050e71d and pushed version v2.2.0 to rubygems. Please update and let me know if it all works.
This just updates stickler to be able to use HTTP Basic Auth on the client side. Use --server http://user:password@host:port/
on the commandline or :server: http://user:password@host:port/
in your ~/.gem/stickler
file and it should work.
Please reopen this issue if there are any problems.
Make that version 2.2.2 that was released, I had a couple of release issues.
I'm still having an issue. My config.ru looks like:
require 'rubygems'
require 'stickler'
users = {'foo' => 'bar'}
use Rack::Auth::Basic, 'Stickler' do |username, password|
users.key?(username) && users[username] == password
end
stickler_dir = File.expand_path(File.join(File.dirname( __FILE__ ), "public"))
run Stickler::Server.new(stickler_dir).app
~/.gem/stickler looks like:
:server: http://foo:bar@gems.example.com
I ran:
∴ stickler mirror rails --gem-version 3.1.3
And get the following output:
Asking http://foo:bar@gems.example.com/ to mirror rails-3.1.3 from rubygems.org : ERROR ->
No error message is shown, and there doesn't seem to be anything useful in the thin logs.
Sounds good, I will do my best to duplicated it and see what happens.
I can duplicate your issue @anveo. I'm working on a fix.
All operations should have the ability to be authenticated against some system.