From 4ad1faacc84e1946346d0132eda7cf2c1a536434 Mon Sep 17 00:00:00 2001
From: Claude Ayitey <claude@ayitey.me>
Date: Sat, 6 Jan 2024 15:01:22 +0000
Subject: [PATCH] Wrap engine mounting in authentication to prevent direct
 access.

---
 config/routes.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index 47e906bb..12d369ca 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,8 +1,9 @@
-require 'sidekiq/web'
 
 Rails.application.routes.draw do
-  mount GoodJob::Engine => "/good_job"
-  # end
+  # authenticate user before showing GoodJob dashboard
+  authenticate :user, ->(user) { user.admin? } do
+    mount GoodJob::Engine => "/good_job"
+  end
 
   # Routes for accounts
   resources :accounts do
@@ -50,7 +51,7 @@ Rails.application.routes.draw do
   get 'settings', to: 'pages#settings', as: 'settings'
   get 'upgrade', to: 'pages#upgrade', as: 'upgrade'
   get 'advisor', to: 'pages#advisor', as: 'advisor'
-  
+
   devise_for :users, controllers: { registrations: 'users/registrations' }
 
   # Routes for api