Vegar
Vegar

Reputation: 12898

Password protect part of an DocPad site

I guess this may be a 'lost case', but is it possible to password protect one or more pages generated by DocPad?

Is it possible to make a plugin or something that let you say protected = true in the metadata section of a page?

Or do I have to use .htaccess or similar to protect my pages?

Upvotes: 3

Views: 1280

Answers (3)

1000i100
1000i100

Reputation: 409

an other way (but it's just a concept right now) could be : when you tag a document with a protection (protected:password or need-access-right:account-list) the document is crypted and then published as static content by docpad.

client-side, if you access to a protected page, the crypted content is loaded and a script ask for a password (or for your account info) and then, try to decrypt the content with it.

So you can have protected content on a static server without apache specific .htaccess and it performance issues.

Upvotes: 0

balupton
balupton

Reputation: 48650

If you're planning to host on a node.js hosting provider, then you can use the following gist: https://gist.github.com/4557006

The idea is that we use the serverExtend event to add a new express.js middleware. Middlewares added via the serverExtend event are added before docpad's middlewares are added, so this is the ideal place for this authetnication layer as well as most other use cases for custom routes/middlewares etc. Our custom middleware will then check to see if the document that is being requested is a protected document or not, if it isn't it continues down the middleware chain (probably hitting the docpad middlewares and rendering normally) or if it is a protected document then we'll forward it onto the express basicAuth middleware.

Upvotes: 5

Dharma
Dharma

Reputation: 118

I guess you could indeed declare protected = true in the page metadata and have a collection named protectedPages in docpad.coffee :

collections:
  protectedPages: (database) ->
    database.findAllLive({protected: true})

And then create a file .htaccess.eco that looks something like that :

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "Protected area"

<% for document in @getCollection('protectedPages').toJSON(): %>
  <Files "<%= document.url %>">
    Require valid-user
  </Files>

<% end %>

and it should be easy to turn this into a plugin that generates the .htaccess file. You could use the sitemap plugin as an example.

Upvotes: 2

Related Questions