I’ll keep authentication simple.

I looked over the Rails 8 authentication generator to study some of the classes it creates (User, Sessions, Current) and concerns. I liked the authenticated? method so for now it’s the only one I’ll borrow.

Sessions in Sinatra

The Sinatra documentation has a good writeup on setting cookies via the session hash. In development, I assigned the output of ruby -e "require 'securerandom'; puts SecureRandom.hex(64)" to an environment variable called SESSION_SECRET to sign session data.

Next I updated app.rb.

#app.rb
enable :sessions

set :session_secret, ENV.fetch('SESSION_SECRET')

use Rack::Session::Cookie, secret: settings.session_secret

With sessions in place I created new routes for authentication and an ERB template. I borrowed that authenticated? helper method along with require_authentication and set up buttons for managing these posts behind a simple conditional statement.

Environment Variables

To set the environment variable in dokku, I ran:

$ dokku config:set commit-redux SESSION_SECRET=$(openssl rand -hex 64)

The line above set the variable and restarted my dokku container. To verify it had been set I ran $ dokku config commit-redux which listed all my environment variables.

I deployed those changes and now I’ve got very simple authentication 🌱