sidekiq_with_github.rb

require 'warden/github'

class SidekiqGithubChecker
  def self.registered(app)
    app.helpers do
      def warden; env['warden'] end
      def github_organization_authenticate!(name)
        unless warden.user.organization_member?(name)
          halt [401, {}, ["You don't have access to organization #{name}"]]
        end
      end
    end

    app.before do
      next if current_path == 'unauthenticated'
      warden.authenticate!
      github_organization_authenticate! ENV['GITHUB_ORG']
    end

    app.get('/unauthenticated') { [403, {}, [warden.message || ""]] }

    app.get '/auth/github/callback' do
      if params["error"]
        redirect "/unauthenticated"
      else
        warden.authenticate!

        redirect root_path
      end
    end
  end
end

Sidekiq::Web.register SidekiqGithubChecker

Sidekiq::Web.use Warden::Manager do |config|
  config.failure_app = Sidekiq::Web
  config.default_strategies :github
  config.scope_defaults :default, config: {
    client_id: ENV['GITHUB_CLIENT_ID'],
    client_secret: ENV['GITHUB_CLIENT_SECRET'],
    redirect_uri: '/auth/github/callback'
  }

  config.serialize_from_session { |key| Warden::GitHub::Verifier.load(key) }
  config.serialize_into_session { |user| Warden::GitHub::Verifier.dump(user) }
end