Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔒 Move the administration dashboard to a subdomain #56

Merged
merged 9 commits into from
Aug 12, 2017
Merged

🔒 Move the administration dashboard to a subdomain #56

merged 9 commits into from
Aug 12, 2017

Conversation

danirod
Copy link
Member

@danirod danirod commented Aug 10, 2017

This pull request is used to move the dashboard from its current route at www.makigas.es/dashboard into a subdomain located at admin.makigas.es. The domain should make use of HTTPS anyway.

The rationale for this change:

  • By making them separate subdomains, it is harder to steal the login cookie for admin.makigas.es at www.makigas.es.
  • By moving the admin panel to a new subdomain, I have a separate namespace for the admin panel, including allowing the application to have its own application manifest.

This change should not introduce regressions. After configuring the new subdomain and registering an HTTPS certificate, the following should be true:

  • It should be possible to manage information (through admin.makigas.es).
  • Private pages should not be exposed to unauthorized users.
  • Authorized users should not see any errors while managing the system.

danirod added 4 commits August 10, 2017 16:46
@danirod
Test for the dashboard front
6a25d3e
@danirod
Use authentication filter instead of route namespacing
e8e4b71 
This commit removes authenticate :user from routes.rb file, so it is not a namespace anymore. Instead, dashboard controllers use the authenticate filter to test for user authentication.
@danirod
Moves the dashboard into a subdomain
911c15e
@danirod
Show user email in dashboard header
3a5a835
@danirod danirod self-assigned this Aug 10, 2017
danirod added 5 commits August 11, 2017 23:44
@danirod
Merge branch 'master' into dashboard-subdomain
ced787c
@danirod
Replaces admin subdomain with dashboard
be2372e 
Same identifier as the dashboard namespace.

Plus, less obvious to people typing random addresses in their browser.
@danirod
Drop :dashboard namespace for route helpers
49489a9 
Apply this commit to remove the :dashboard namespace on routes made
using the route helper. This means that it is not required anymore to
link to a dashboard page using dashboard_video_path, it can be done
using video_path. It is not required to use [:dashboard, :videos],
:videos can just be used.

When linking to a public asset through the dashboard, remember to use
the subdomain key in the URL helper to make sure the link points to the
appropiate subdomain.
@danirod
Revert "Drop :dashboard namespace for route helpers"
cfd417c 
This reverts commit 49489a9.

There are conflicts because both dashboard and www have routes using the
same name pointing to different URL schemas: playlists_path cannot be at
the same time /playlists/ on dashboard and /series/ on www, and
playlist_video_path.

So I'll have to drop this for now :(
@danirod
Enables secure cookies on production servers
ae353d9
@danirod danirod merged commit 5557fff into master Aug 12, 2017
@danirod danirod deleted the dashboard-subdomain branch August 12, 2017 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@danirod danirod

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@danirod