Gollum protected by HTTP Basic

app.rb

require 'gollum/frontend/app'
require 'digest/sha1'

class App < Precious::App
  User = Struct.new(:name, :email, :password_hash)

  before { authenticate! }

  helpers do
    def authenticate!
      @_auth ||=  Rack::Auth::Basic::Request.new(request.env)
      if @_auth.provided?
      end
      if @_auth.provided? && @_auth.basic? && @_auth.credentials &&
        @user = detected_user(@_auth.credentials)
        return @user
      else
        response['WWW-Authenticate'] = %(Basic realm="Gollum Wiki")
        throw(:halt, [401, "Not authorized\n"])
      end
    end

    def users
      @_users ||= settings.authorized_users.map {|u| User.new(*u) }
    end

    def detected_user(credentials)
      users.detect do |u|
        [u.email, u.password_hash] ==
        [credentials[0], Digest::SHA1.hexdigest(credentials[1])]
      end
    end
  end

  def commit_message
    {
      :message => params[:message],
      :name => @user.name,
      :email => @user.email
    }
  end
end

config.ru

__DIR__ = File.expand_path(File.dirname(__FILE__))
$: << __DIR__
require 'app'
App.set(:gollum_path, __DIR__)
App.set(:authorized_users, YAML.load_file(File.expand_path('users.yml', __DIR__)))
run App

users.yml

---
- - User Name
  - [email protected]
  - `puts Digest::SHA1.hexdigest('password')`
- - Another User
  - [email protected]
  - `puts Digest::SHA1.hexdigest('p455w0rd')`

users.yml inline password encoding didn't work for me, not sure why. I replaced with actual SHA1 hash. Also, I think a require 'yaml' is missing in config.ru.

Thanks for sharing :)

Use ERB to preprocess your users.yml file.

In config.ru replace

App.set(:authorized_users, YAML.load_file(File.expand_path('users.yml', __DIR__)))

with

App.set(:authorized_users, YAML.load(ERB.new(File.read(File.expand_path('users.yml', __DIR__))).result))