1

I want to configure middleware to exclude certain paths from basic auth. I am able to do this like the following:

config.middleware.insert_after(::Rack::Lock, "AuthenticateExcluding", realm: "Staging", exclude: ["/webhooks/stripe", "/api/v2/gadgets"]) do |u, p|

However, I would like to exclude a all routes that match a certain pattern such as /api/v2/gadgets/:gadget_id/specs (contrived example). Is this possible?

I found a similar question here, but it seems like they were trying to do something a little different, so perhaps the answer to this question will be different. Thanks for your help!

Community
  • 1
  • 1
Morgan Laco
  • 160
  • 2
  • 10

1 Answers1

1

Damien Matheiu's answer to the question you link will absolutely work for you. You'll just need to write an appropriate filter expression.

For the example above, that would be something like:

unless env['REQUEST_PATH'].match /^\/api\/v2\/gadgets\/(\d+)\/specs$/
  middleware = BasicAuth.new #... args ...
  env = middleware.call(env)
end

So you will call the BasicAuth middleware only when the path doesn't match any of your excluded paths.

Noah Gibbs
  • 765
  • 3
  • 10