Extra layer of HTTP basic auth (for public staging/dev servers)
Project description
django-moat is a mini-app adds an additional layer of authentication via HTTP Basic Auth. It’s primary use case is to prevent access staging, development, or otherwise private sites on the public internet. It is equivalent to configuring Basic Auth on your webserver (Apache, nginx) but works in environments where that is not possible (heroku).
Installation
To install from source
pip install -e git+https://github.com/amrox/django-moat#egg=django-moat
PyPi package coming soon.
Configuration
Add moat.middleware.MoatMiddleware to your MIDDLEWARE_CLASSES:
MIDDLEWARE_CLASSES = ( # Existing middleware classes "moat.middleware.MoatMiddleware", )
moat has several configuration variable you may put in your settings.py
- MOAT_ENABLED
Enable or disable moat. (True or False)
MOAT_ENABLED = True
- HTTP_AUTH_REALM
Set Basic Auth Realm
HTTP_AUTH_REALM = ‘App Staging’
- MOAT_ALWAYS_ALLOW_VIEWS
A list of views to allow through moat
MOAT_ALWAYS_ALLOW_VIEWS = [‘myapp.views.home’]
- MOAT_ALWAYS_ALLOW_MODULES
A list of modules to allow through moat
MOAT_ALWAYS_ALLOW_MODULES = [‘oauth_provider.views’]
Usage
Your site now requires that your authenticate with a staff-level user before accessing any non-whitelisted view. It is recommended that your add a dedicate staff-level user in the django admin for moat authentication.
By default, the admin views will be blocked by moat. You’ll either need to create a user with django-admin.py, or add django.contrib.admin.sites to MOAT_ALWAYS_ALLOW_MODULES.
Acknowledgements
Code borrowed from:
Thanks to Ryan Balfanz for suggesting the name moat.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.