I’ve finally gotten off my ass, and setup http://sinatra-book.gittr.com. I’ve setup a cron job to build the book, and it should have a current version always there. Check it out, and as always, we love contributions, so hit up github.com/cschneid/sinatra-book to help out.
Most web applications have some sort of admin area where users shouldn’t be. Passwording it is the obvious solution, but it isn’t obvious how to implement passwords in Sinatra. I stole this code from Ryan Tomayko’s Wink blog, and extracted it into a more generic module for reuse. Two parts are involved, the module, which I put into a separate file, and include. And then the code itself to pull it into the helpers and use it in the event handlers.
The module:
module Sinatra module Authorization def auth @auth ||= Rack::Auth::Basic::Request.new(request.env) end def unauthorized!(realm="myApp.com") header 'WWW-Authenticate' => %(Basic realm="#{realm}") throw :halt, [ 401, 'Authorization Required' ] end def bad_request! throw :halt, [ 400, 'Bad Request' ] end def authorized? request.env['REMOTE_USER'] end def authorize(username, password) # Insert your logic here to determine if username/password is good false end def require_administrative_privileges return if authorized? unauthorized! unless auth.provided? bad_request! unless auth.basic? unauthorized! unless authorize(*auth.credentials) request.env['REMOTE_USER'] = auth.username end def admin? authorized? end end end
To use the module:
require 'authorization' helpers do include Sinatra::Authorization end get '/admin' do require_administrative_privileges # Do private stuff end
EDIT: Thanks to foca on #sinatra for the nicer setup of authorize
License: Because this was extracted out of Wink, follow the Wink license (found here).
Once of the common things needed in webapps is to escape html.
Most frameworks acknowledge that need, and include helpers to do it for you. Sinatra isn’t that kind of framework. If you want it, it’s easy to wire in, but you need to ask.
Luckily, Sinatra is easily convinced, and will point you to it’s close friend, Rack.
helpers do include Rack::Utils alias_method :h, :escape_html end
These few lines will include all of Rack::Utils (a few methods), and then rename one of them to match what Rails and Merb (and others) provide.
Now in your views, you can easily call escape html like:
<%= h myUnsafeContent %>
Over the course of about 4 hours I setup a website to do logging of #sinatra, and put it on my brand new url http://www.irclogger.com. Go check it out for back history of the #sinatra room. Hopefully it’s all google searchable too.
Future features include, but are not limited to:
Many thanks to sr and foca for pushing me to get features done. Nothing like peer pressure to make code fly out.
After some talk in the #sinatra IRC channel, I decided to start a proper book project to collect and collate all of the brain dumping I’ve been doing here.
Check out the git repository at http://github.com/cschneid/sinatra-book
So far the project has been progressing fairly slowly, but there is already some great content in there. I will continue to convert blog posts into chapters, and look forward to any other contributions from others.
I will be setting up a nightly build of the book, pointing at the currently unsetup sinatra-book.gittr.com.
To build it yourself in the mean time, you will need a copy of “thor”, a reasonably cool rake/sake replacement. You’ll also need maruku, the markdown library we are using to write everything.