How can I password-protect my /sidekiq route (i.e. require authentication for the Sidekiq::Web tool)?

ruby ruby-on-rails-3 redis rescue sidekiq
sagar junnarkar picture sagar junnarkar · Sep 4, 2012 · Viewed 18.8k times · Source

I am using sidekiq in my rails application. By Default, Sidekiq can be accessed by anybody by appending "/sidekiq" after the url. I want to password protect / authenticate only the sidekiq part. How can i do that?

Answer

bravenewweb picture bravenewweb · Nov 16, 2012

Put the following into your sidekiq initializer

require 'sidekiq'
require 'sidekiq/web'

Sidekiq::Web.use(Rack::Auth::Basic) do |user, password|
  # Protect against timing attacks:
  # - See https://codahale.com/a-lesson-in-timing-attacks/
  # - See https://thisdata.com/blog/timing-attacks-against-string-comparison/
  # - Use & (do not use &&) so that it doesn't short circuit.
  # - Use digests to stop length information leaking
  Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(user), ::Digest::SHA256.hexdigest(ENV["SIDEKIQ_USER"])) &
  Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(password), ::Digest::SHA256.hexdigest(ENV["SIDEKIQ_PASSWORD"]))
end

And in the routes file:

authenticate :user do
  mount Sidekiq::Web => '/sidekiq'
end

Related questions

How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More
How to remove a key from Hash and get the remaining hash in Ruby/Rails?

To add a new pair to Hash I do: {:a => 1, :b => 2}.merge!({:c => 3}) #=> {:a => 1, :b => 2, :c => 3} Is there a similar way to delete a key from Hash ? This works: {:a => 1, :b => 2}.…

Read More
Replace words in a string - Ruby

I have a string in Ruby: sentence = "My name is Robert" How can I replace any one word in this sentence easily without using complex code or a loop?

Read More