Django library that allows to restrict access (user needs a key) to any django site in a plug-n-play fashion. You won't need to change any of your current url conf's, user management pr application code, this works completely on the middleware layer.
- Block your site from anyone who doesn't have correct access url.
- Once access url is used, current users session allows access access for 1 hour (configurable). Same acess url can be used 2 times (configurable). Access url looks like:
http://yourhost.com/unlock?key=12345123451234512345
. - Admin url that allows you to create access url's just by opening an url. You define the admin password in settings.py. Admin url looks like:
http://yourhost.com/protect_admin?key=YOURSECRETPASS
- This is not 100% security solution, but probably sufficient for showing your prototypes to friends or alpha testing your site.
- If you logout the session in your app, your session becomes invalid (you'll need to use accessurl again).
- Install with PIP: Install from this repository:
pip install -e git+git://github.com/JuhaS/django-restrictaccess.git#egg=djrestrictaccess
- Add to installed apps: In settings.py add
djrestrictaccess
toINSTALLED_APPS
(needed for the models) - Add middleware: In settings.py add
djrestrictaccess.restrictaccessmoddleware.RestrictAccessMiddleware
to end ofMIDDLEWARE_CLASSES
. - Add admin password: In settings.py add variable
PROTECTED_ADMIN_KEY
that is 20 characters as your admin password. For examplePROTECTED_ADMIN_KEY = "99999999998888888888"
- Syncdb: Run
python manage.py syncdb
.
If you did the points above your site should be blocked from visitors who don't have the access url given by you.
Temporary uninstall: Remove the middleware from the MIDDLEWARE_CLASSES
- Go to
http://yourhost.com/protect_admin?admin_key=_YOUR_20_CHAR_KEY_
where you replace YOUR_20_CHAR_KEY with the key you set in settings.py. Every time you open this url you get one new access url that can be used to access the site. - Access url looks like:
http://yoursite.com/unlock?key=99999999991111111111
that gives anyone that uses it 60min access to site for 2 times.
Access to site blocked without right access url:
Access URL is generated by going to admin url:
Access is grated when url is used:
You can configure many error and status messages by assigning variables in settings.py (for example PROTECTED_SITE_NOT_PUBLIC_MSG = "Not allowed"
. Check protectmiddlewareapp/protectmiddleware.py to see all configurable variables.
Configurable variables default values (override them in settings.py):
PROTECTED_NEW_ACCESSKEY_VALID_TIMES=2
PROTECTED_EXPIRY_HOURS=1
Configurable messages with default values (override them in settings.py):
PROTECTED_SITE_NOT_PUBLIC_MSG='Site is not public. You need special url to get access.'
PROTECTED_ACCESS_GRANTED='You have access for {expiry_hours} hours on this session. You have {sessions_left} sessions left for your access url. Click <a href="/">HERE</a> to get to landing page.'
PROTECTED_NEW_ACCESSKEY_CREATED='New Access Key created successfully. This url gives access {access_times} times for {access_hours} hours each. Give this url to anyone who you wish to give access to: <div id="createdUrl">{created_url}</div>'
PROTECTED_ACCESS_GRANTED_ALREADY=You have already been granted access. Click <a href="/">HERE</a> to get to landing page.'
PROTECTED_ACCESS_EXPIRED='Your access time ran out.'
PROTECTED_NO_SESSION='Session not detected. Is the SessionMiddleware in the configuration.'
PROTECTED_INCORRECT_KEY='Invalid key'
PROTECTED_INCORRECT_ADMIN_KEY='Invalid admin key'