Heroku powered private restricted beta

I'd like to run an app 开发者_JS百科in a restricted private beta on heroku.

We're changing the app regularly and haven't done a security audit.

To stop anyone exploiting stuff, we'd like to lock down the whole site, so you need a password to access anything.

Ideally similar to using .htaccess and .htpasswd files to lock an entire site on an Apache server.

Is there a simple one shot way to do this for a heroku hosted app?

Just use authenticate_or_request_with_http_basic in a before_filter in your ApplicationController.

See this Railscasts episode for instructions: http://railscasts.com/episodes/82-http-basic-authentication

.htaccess and .htpasswd basically tells Apache to authenticate the user using a Basic Auth system. You can do the same with a pure-Rack layer.

See http://rack.rubyforge.org/doc/Rack/Auth/Basic.html

Because you are using Heroku, I assume you are deploying a Rack-compatible application (either a Rack, Rails or Sinatra app).

on rack base like this :)

http://www.sinatrarb.com/faq.html#auth

  use Rack::Auth::Basic, "Restricted Area" do |username, password|
    [username, password] == ['admin', 'admin']
  end