Skip to content

How To: Protect Resque Web with Devise

Jump to bottom Edit New page
Jason Bosco edited this page Jul 18, 2020 · 4 revisions

Resque is an excellent plugin for creating background jobs on multiple queues and processing them later.

resque/resque

It ships with an extremely simple to use Sinatra app for viewing and managing your worker queues. However, this Sinatra app (called resque-web) gets mounted unprotected by Devise initially.

#routes.rb
...
mount Resque::Server.new, :at => '/resque'
...

Luckily, there is a simple way to add Devise authentication to the resque-web front end app.

#routes.rb
...
  devise_for :admin_users, ActiveAdmin::Devise.config
  authenticate :admin_user do #replace admin_user(s) with whatever model your users are stored in.
    mount Resque::Server.new, :at => "/jobs"
  end
...

That's it! If an un-authenticated user attempts to visit /jobs they'll get redirected to your devise login page, after logging in devise will redirect them back to the /jobs URL. (Or whatever URL they were attempting to access, /jobs/schedule etc.)

If you'd like to do additional authorization checks (eg: if the logged in user is an admin), here's one way to achieve this:

#routes.rb
...

  admin_constraint = lambda do |request|
    current_user = request.env['warden'].user
    current_user.present? && current_user.respond_to?(:is_admin?) && current_user.is_admin?
  end

  constraints admin_constraint do
    mount Resque::Server.new, at: '/resque-web'
  end

...

Getting Started

MIT License. Copyright 2009-2020 Plataformatec. http://plataformatec.com.br

Add a custom sidebar

Clone this wiki locally