How can I prevent unauthorized access to a static single-page ExtJS app in a Django powered website?
My approach was to look for ways to do it from the Django side but I failed to see a way to get Django to serve a static folder with a ExtJS single-page app built with Sencha Cmd (basically a index.html + all-classes.js + resources folder with assets) just for authenticated users.
It would be perfect if there were any configs in Apache/mod_wsgi that could somehow read the headers of a request and be able to decide if the user is authenticated or not. The code provided in the docs (the suggested authentication script for Django) apparently does the trick but in an inelegant manner, prompting for username and password. The user will be already authenticated against Django so it is nonsense to perform another authentication.
Any ideas on how to achieve this?
Note: I've seen other questions such as this one that addresses serving static files to authenticated users, but they seem impractical for my scenario: I would have to create a view to parse the supposedly "static" url and map every dir/file to their filesystem equivalent. I don't know, it didn't seem promising to me but of course I could be overlooking that solution.
