refactor sidekiq and admin auth

Smullz622 · Smullz622 · commit c42d9bc13333 · 2026-02-10T11:49:35.000-05:00
diff --git a/config/initializers/rails_admin.rb b/config/initializers/rails_admin.rb
@@ -2,9 +2,7 @@
 
 RailsAdmin.config do |config|
   config.authenticate_with do
-    extend AdminAccessHelper
-
-    unless admin_user?
+    unless AdminUserChecker.admin_user?(request)
       render plain: 'Forbidden', status: :forbidden
     end
   end
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,22 +1,22 @@
 # frozen_string_literal: true
 
 require 'sidekiq/web'
-require 'sidekiq_web_constraint'
+require 'admin_user_checker'
 
 Rails.application.routes.draw do
   mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
   mount ActionCable.server => '/cable'
   mount Rswag::Api::Engine => '/api-docs'
   mount Rswag::Ui::Engine => '/api-docs'
-  mount Sidekiq::Web => '/sidekiq', :constraints => SidekiqWebConstraint.new
+  mount Sidekiq::Web => '/sidekiq', :constraints => ->(req) { AdminUserChecker.admin_user?(req) }
 
   get '/sidekiq', to: ->(_env) {
     [
       401,
       { 'Content-Type' => 'text/plain' },
       ['Unauthorized']
     ]
-  }, constraints: ->(req) { !SidekiqWebConstraint.new.matches?(req) }
+  }, constraints: ->(req) { !AdminUserChecker.admin_user?(req) }
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
 
   # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
diff --git a/config/warden.yml b/config/warden.yml
@@ -1,7 +1,7 @@
 default: &default
    remote_user_header: <%= ENV.fetch("REMOTE_USER_HEADER", "HTTP_X_AUTH_REQUEST_EMAIL") %>
+   authorized_users: <%= ENV.fetch("AUTHORIZED_USERS", "esd122@psu.edu,smm5878@psu.edu,ajk5603@psu.edu,jml8735@psu.edu,test1@psu.edu") %>
    admin_users: <%= ENV.fetch("ADMIN_USERS", "esd122@psu.edu,smm5878@psu.edu,ajk5603@psu.edu,jml8735@psu.edu,test1@psu.edu") %>
-   sidekiq_users: <%= ENV.fetch("SIDEKIQ_USERS", "esd122@psu.edu,smm5878@psu.edu,ajk5603@psu.edu,jml8735@psu.edu,test1@psu.edu") %>
 
 development:
    <<: *default
diff --git a/lib/admin_user_checker.rb b/lib/admin_user_checker.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-module AdminAccessHelper
-  def admin_user?
+class AdminUserChecker
+  def self.admin_user?(request)
     user = request.env[Rails.application.config_for(:warden)['remote_user_header']]
     admin_users = Rails.application.config_for(:warden)['admin_users'].split(',')
     admin_users.include?(user)
diff --git a/lib/sidekiq_web_constraint.rb b/lib/sidekiq_web_constraint.rb
