Django library that allows to restrict access (user needs a key) to any django site in a plug-n-play fashion. You won't need to change any of your current url conf's, user management pr application code, this works completely on the middleware layer.
- Block your site from anyone who doesn't have correct access url.
- Once access url is used, current users session allows access access for 1 hour (configurable). Same acess url can be used 2 times (configurable). Access url looks like:
http://yourhost.com/unlock?key=12345123451234512345. - Admin url that allows you to create access url's just by opening an url. You define the admin password in settings.py. Admin url looks like:
http://yourhost.com/protect_admin?key=YOURSECRETPASS - This is not 100% security solution, but probably sufficient for showing your prototypes to friends or alpha testing your site.
- If you logout the session in your app, your session becomes invalid (you'll need to use accessurl again).
- Install with PIP: Install from this repository:
pip install -e git+git://github.com/JuhaS/django-restrictaccess.git#egg=djrestrictaccess - Add to installed apps: In settings.py add
djrestrictaccesstoINSTALLED_APPS(needed for the models) - Add middleware: In settings.py add
djrestrictaccess.restrictaccessmoddleware.RestrictAccessMiddlewareto end ofMIDDLEWARE_CLASSES. - Add admin password: In settings.py add variable
PROTECTED_ADMIN_KEYthat is 20 characters as your admin password. For examplePROTECTED_ADMIN_KEY = "99999999998888888888" - Syncdb: Run
python manage.py syncdb.
If you did the points above your site should be blocked from visitors who don't have the access url given by you.
Temporary uninstall: Remove the middleware from the MIDDLEWARE_CLASSES
- Go to
http://yourhost.com/protect_admin?admin_key=_YOUR_20_CHAR_KEY_where you replace YOUR_20_CHAR_KEY with the key you set in settings.py. Every time you open this url you get one new access url that can be used to access the site. - Access url looks like:
http://yoursite.com/unlock?key=99999999991111111111that gives anyone that uses it 60min access to site for 2 times.
Access to site blocked without right access url:
Access URL is generated by going to admin url:
Access is grated when url is used:
You can configure many error and status messages by assigning variables in settings.py (for example PROTECTED_SITE_NOT_PUBLIC_MSG = "Not allowed". Check protectmiddlewareapp/protectmiddleware.py to see all configurable variables.
Configurable variables default values (override them in settings.py):
PROTECTED_NEW_ACCESSKEY_VALID_TIMES=2PROTECTED_EXPIRY_HOURS=1
Configurable messages with default values (override them in settings.py):
PROTECTED_SITE_NOT_PUBLIC_MSG='Site is not public. You need special url to get access.'PROTECTED_ACCESS_GRANTED='You have access for {expiry_hours} hours on this session. You have {sessions_left} sessions left for your access url. Click <a href="/">HERE</a> to get to landing page.'PROTECTED_NEW_ACCESSKEY_CREATED='New Access Key created successfully. This url gives access {access_times} times for {access_hours} hours each. Give this url to anyone who you wish to give access to: <div id="createdUrl">{created_url}</div>'PROTECTED_ACCESS_GRANTED_ALREADY=You have already been granted access. Click <a href="/">HERE</a> to get to landing page.'PROTECTED_ACCESS_EXPIRED='Your access time ran out.'PROTECTED_NO_SESSION='Session not detected. Is the SessionMiddleware in the configuration.'PROTECTED_INCORRECT_KEY='Invalid key'PROTECTED_INCORRECT_ADMIN_KEY='Invalid admin key'