At the moment Spree uses a hardcoded /admin path for accessing the backend.
I really, really would like if this was configurable.
The solution could be pretty simple:
file: /lib/spree_backend.rb (spree/backend/lib/spree_backend.rb)
1 2 3 4 5 6 7 8 | module Spree::Backend mattr_accessor :route_admin_path @@route_admin_path = "/admin" def self .config yield self end end |
Next in spree /config/routes.rb (spree/backend/config/routes.rb)
1 2 3 4 5 6 7 8 | Spree::Core::Engine.add_routes do namespace :admin , path: Spree::Backend.route_admin_path do #.. everything remains the same, except this last line: get Spree::Backend.route_admin_path, to: 'admin/root#index' , as: :admin end end |
And ready, you can now configure your admin path, via an initializer of your application
1 2 3 | Spree::Backend.config do |config| config.route_admin_path = '/super-secret-name' end |
I know it's security by obscurity, but it makes building automated attacks much more difficult.
Which is very important if there are known security issues.
Warning: Plugins are not converted and use the default /admin path. But these plugins can be changed easily by adding the path: Spree::Backend.route_admin_path option!
Please tell my what do you think of this solution?!?