-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathconfig.ru
45 lines (37 loc) · 1.34 KB
/
config.ru
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Bundler.require
Dotenv.load '.env.development'
ROOT = Pathname.new('.').expand_path
Dir.glob(ROOT.join('lib', '**', '*.rb')) { |f| require f }
Dir.glob(ROOT.join('api', '**', '*.rb')) { |f| require f }
environment =
API::Env.new(
repository: API::SqlRepo.new(ENV['DATABASE_URL']),
rack_env: ENV['RACK_ENV'],
secret: ENV['SESSION_SECRET'],
favicon: Pathname.new('.').expand_path.join('public', 'favicon-production.ico')
)
Sidekiq::Web.set :session_secret, environment.secret
map '/summary' do
run API::Routes::Summary.new(API::Env::Wrapper.new(environment))
end
map '/users' do
run API::Routes::Users.new(API::Env::Wrapper.new(environment))
end
map '/entries' do
run API::Routes::Entries.new(API::Env::Wrapper.new(environment))
end
map '/admin' do
use Rack::Auth::Basic, "Protected Area" do |username, password|
# Protect against timing attacks: (https://codahale.com/a-lesson-in-timing-attacks/)
# - Use & (do not use &&) so that it doesn't short circuit.
# - Use digests to stop length information leaking
Rack::Utils.secure_compare(
::Digest::SHA256.hexdigest(username),
::Digest::SHA256.hexdigest(ENV['SIDEKIQ_USERNAME'])
) & Rack::Utils.secure_compare(
::Digest::SHA256.hexdigest(password),
::Digest::SHA256.hexdigest(ENV['SIDEKIQ_PASSWORD'])
)
end
run Sidekiq::Web
end