config.ru

require 'sidekiq'
require 'sidekiq/web'
require 'rack/ssl-enforcer'
require 'rack/session'

Sidekiq.configure_client do |config|
  config.redis = {
    url: ENV.fetch('REDIS_URL', 'redis://localhost:6379'),
    size: 1
  }
end

map '/' do
  if ENV['SIDEKIQ_USERNAME'] && ENV['SIDEKIQ_PASSWORD']
    use Rack::Auth::Basic, 'Protected Area' do |username, password|
      # Protect against timing attacks: (https://codahale.com/a-lesson-in-timing-attacks/)
      # - Use & (do not use &&) so that it doesn't short circuit.
      # - Use digests to stop length information leaking
      Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(username),
                                 ::Digest::SHA256.hexdigest(ENV['SIDEKIQ_USERNAME'])) &
        Rack::Utils.secure_compare(::Digest::SHA256.hexdigest(password),
                                   ::Digest::SHA256.hexdigest(ENV['SIDEKIQ_PASSWORD']))
    end
  end

  use Rack::SslEnforcer if ENV['RACK_ENV'] == 'production'

  use Rack::Session::Cookie, secret: File.read('.session.key'), same_site: true, max_age: 86_400

  run Sidekiq::Web
end