basic auth and store gems

Dockerfile

@@ -26,8 +26,8 @@ COPY --from=daemonize /usr/sbin/daemonize /usr/sbin/daemonize
 COPY ./monit.conf /etc/monit.d/geminabox.conf
 COPY ./geminabox.sh /usr/local/bin/geminabox
 COPY --from=build /srv/http /srv/http
-RUN install -dm 2750 -o app -g www-data /srv/http/geminabox
+RUN install -dm 2750 -o app -g www-data /srv/gems
 RUN chmod 755 /usr/local/bin/geminabox
 
 EXPOSE 9292
-VOLUME /srv/http/geminabox
+VOLUME /srv/gems

config.ru

@@ -1,10 +1,16 @@
 require 'geminabox'
 require 'rack/session/redis'
+require 'securerandom'
 
 Geminabox.data = '/srv/http'
 Geminabox.rubygems_proxy = true
 Geminabox.allow_remote_failure = true
 
+use Rack::Auth::Basic, 'Gems' do |username, password|
+  username == ENV.fetch('HTTP_BASIC_USER', SecureRandom.hex) &&
+  password == ENV.fetch('HTTP_BASIC_PASSWORD', SecureRandom.hex)
+end
+
 use Rack::Session::Redis, redis_server: 'redis://redis:6379/2'
 use Rack::Protection
 

geminabox.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 
-dir=/srv/http/geminabox
+dir=/srv/gems
 pid=/tmp/geminabox.pid
 
 chown -R app:www-data /srv/http
@@ -9,7 +9,7 @@ cd ${dir}
 
 for link in Gemfile Gemfile.lock .bundle config.ru vendor; do
   test -e ${link} && continue
-  ln -s ../${link} .
+  ln -s /srv/http/${link} .
 done
 
 rm -f ${pid}