I don't think you can do this with `Rack::Auth::Basic'. However, looking at the source, it seems that you can create your own simple authentication mechanism that takes an extra option.
It's the same as Rack::Auth::Basic
, except for the call
method. Create a file called authenticate_excluding.rb
in app/middleware
with the following:
class AuthenticateExcluding < ::Rack::Auth::Basic
def initialize(app, options={}, &authenticator)
@excluded_paths = options[:exclude]
super(app, options[:realm], &authenticator)
end
def call(env)
if @excluded_paths && @excluded_paths.include?(env['PATH_INFO'])
return @app.call(env)
end
super
end
end
You can now use it with:
config.middleware.insert_after(::Rack::Lock, "AuthenticateExcluding", excluding: ["/webhooks/service", "/other_hook"]) do |u, p|
[u, p] == [ENV["STAGING_USERNAME"], ENV["STAGING_PASSWORD"]]
end
That should work. If you also want to enable the realm (the previous "Staging" argument), you can also add realm: "Staging"
to the options hash.