How to lock a site down with HTTP BasicAuth in prod

Just a simple question that I’m a bit confused about: What’s the best way to setup basic auth across an entire site?

In Rails I used to just add a filter in the ApplicationController that was only active in the staging/prod environments, but I’m a bit confused as to where the best place is in phoenix and how to do the environment checking. Thanks!

1 Like

You might want to add a custom plug like into your Endpoint module. It then would be similar to code reloading in phoenix which is only active in dev environment.

if Mix.env == :prod or Mix.env == :staging do
  plug BasicAuth, use_config: {:my_app, :my_key}