2

I have built my first Django App! It is built to help my business track inventory. As such, I would not like it to be publicly available.

Maybe someday I will set up multiple user accounts, etc, but for now I really just need a basic password gate to get it up and running.

Does anyone have any middleware that works for this? All the solutions that I am finding are pretty old and they do not seem to work with the latest version of Django.

Adam Starrh
  • 6,428
  • 8
  • 50
  • 89

2 Answers2

1

If you just need a single username/password couple, handling it directly via HTTP authentication in your webserver configuration will be the easiest way to achieve this. The benefits of this approach are:

  1. You can set it up in 5 minutes: example with nginx, example with apache
  2. You don't have to write code you'll delete later
  3. It will protect all your website, including static files, third-party apps, admin, etc.
Agate
  • 3,152
  • 1
  • 19
  • 30
  • Hah, I was avoiding this as I noobed out and went with Elastic Beanstalk to avoid learning absolutely anything about configuring webservers :D You are certainly right that it is the best way, and I will have to figure it out if there isn't an easy solution in Django. – Adam Starrh Sep 20 '15 at 20:17
  • You can probably end up with a working and clean solution using a middleware. However, knowing a little of webserver configuration will prove to be useful if you want to deploy your project somewhere else. Even if you don't become a sysadmin, understanding how to install and basically configure a web server is a useful skill. Another option is to use django's built in auth system with a single username, and [decorate all your urls with the `login_required` decorator](http://stackoverflow.com/questions/2307926/is-it-possible-to-decorate-include-in-django-urls-with-login-required) – Agate Sep 20 '15 at 20:25
  • It is a useful skill indeed, and its definitely on my list. I spent a few days trying to figure it out, and got completely frustrated, so I think I will have to have someone show me someday. That decorate URL option looks easy though! For some reason I thought you could only decorate views. – Adam Starrh Sep 20 '15 at 20:29
  • For setting up django with a webserver, I recommand nginx with [the following tutorial](http://michal.karzynski.pl/blog/2013/06/09/django-nginx-gunicorn-virtualenv-supervisor/). Basically, you can decorate views and single URLs. Using the link I gave in my previous comment, it seems there are way to decorate included URLs, which makes the task easier. – Agate Sep 20 '15 at 20:31
  • Thanks! I will bookmark that tutorial in case I find some time to try again. No luck getting this namespace trick to work so far, but I hope I can figure it out, because i have a ton of URLs. – Adam Starrh Sep 20 '15 at 21:09
  • The commented solution doesn't seem to be working out the box. Probably because it is 5 years old, like everything else I am finding. – Adam Starrh Sep 20 '15 at 21:20
  • I'm sorry to hear that. Another option could be to create a class based view mixin in which you decrate the dispatch method with `@login_required`. Then you make all your views inherit from this `LoginRequiredMixin`. But it only works if you use Class-Based-Views. – Agate Sep 21 '15 at 08:59
  • I might do that. I have quite a few views which was why I was avoiding having to flag them each individually, then remove them later if I changed my mind. It seems like a pretty clean solution, though. – Adam Starrh Sep 21 '15 at 15:47
0

I found an answer that worked for me posted here:

@login_required for multiple views

Make sure the LOGIN_REQUIRED_URLS_EXCEPTIONS path is correctly set to your login page.

Community
  • 1
  • 1
Adam Starrh
  • 6,428
  • 8
  • 50
  • 89