RockGatekeeper - prevent access to your site without password (eg for staging)

[bernhard]

RockGatekeeper

A lightweight ProcessWire module that provides simple password protection for your website using a configurable gatekeeper password.

Overview

RockGatekeeper adds a basic authentication layer to your ProcessWire site. When enabled, it blocks access to all pages for guest users unless they provide the correct password via URL parameter.

Features

• Minimal footprint: Only runs when gatekeeper is configured
• Session-based: Once authenticated, users stay logged in for the session
• IP tracking: Remembers the IP address of authenticated users
• Clean URLs: Automatically removes the password parameter from URLs after authentication
• CLI safe: Won't interfere with command-line operations

Installation

1. Copy the RockGatekeeper folder to your site/modules/ directory
2. Install the module in ProcessWire admin
3. Configure the gatekeeper password in your site config

Configuration

Add the gatekeeper password to your site configuration:

// In site/config.php
$config->gatekeeper = 'your-secret-password';

 

Usage

Basic Authentication

To access the protected site, users need to append the password as a URL parameter:

https://yoursite.com/?gatekeeper=your-secret-password

After successful authentication, users will be redirected to the same page without the password parameter, and they'll have access to the entire site for the duration of their session.

 

Download & Docs: baumrock.com/RockGatekeeper

[poljpocket]

Hi Bernhard, thanks for the great addition!

I have just one small remark:

You are making heavy use of the functions API in this module. None of our sites have that enabled since we don't need it. I think you shouldn't rely on that in a module. Especially since you can just easily replace all your wire() calls with $this.

[poljpocket]

And another remark:

Have you thought about potential issues with the allowIP function in combination with IPv4 NAT? I think this should at least be togglable because I might not want my whole office to get access to my staging site once I entered the password once. Also, I think your example usage of this isn't applicable: Since you are opening the link in your browser with the session, PW will pick that up and allow access anyway. Or am I missing something?

[bernhard]

Hy @poljpocket thx for your questions

51 minutes ago, poljpocket said:

You are making heavy use of the functions API in this module.

I'm not using the functions API myself either. I never use pages() in my module, for example, I'm always using wire()->pages->... which will work with $config->useFunctionsAPI = false;

55 minutes ago, poljpocket said:

Have you thought about potential issues with the allowIP function in combination with IPv4 NAT? I think this should at least be togglable because I might not want my whole office to get access to my staging site once I entered the password once. Also, I think your example usage of this isn't applicable: Since you are opening the link in your browser with the session, PW will pick that up and allow access anyway. Or am I missing something?

Sure. For me this is not an issue and I thought it would not be an issue for anybody else, because I didn't consider a staging site being visible to others on the same network being critical in any way. But you are right, it might not be the most secure approach, so I have added a config setting for this which is disabled by default. So the default will be to only allow access for the session and allow the IP only when the checkbox is checked.

I added this because when I tested my site on staging with my mobile phone and got a signup confirmation via mail and clicked the activation link my phone opened that link in some other browser and therefore I got "access denied". Sure it would be possible to copy the link and open it in the same browser that is already authenticated, but explain that to clients that you sent the staging link for testing... 😉 

[poljpocket]

Superb! Thanks

[brodiefarrelloates]

Every time I think of something I need in ProcessWire, @bernhardhas already made it. Superb work 🙂 

[Andi]

Great little module @bernhard. Simple and sweet!

Customizable die("message") would be about the only thing left to wish for here 😉

[bernhard]

Glad if it is helpful! I have just pushed an update to the dev branch 🙂 

[Andi]

Ok that might be the official record 🙂 Works a treat! Thanks and greetings from Bavaria!