helpers do def protected! return if authorized? headers['WWW-Authenticate'] = 'Basic realm="Restricted Area"' halt 401, "Not authorized\n" end def authorized? @auth ||= Rack::Auth::Basic::Request.new(request.env) return unless @auth.provided? && @auth.basic? authenticate?(@auth.credentials) end def authenticate?(credentials) username, password = credentials users.keys.include?(username) && users[username] == password end def users settings.users end end