rack-webconsole-pry 0.1.4

data/.gitignore

@@ -0,0 +1,9 @@
+*.gem
+.bundle
+pkg/*
+graph.png
+.yardoc/*
+doc/*
+coverage/*
+*.rbc
+tags

data/.travis.yml

@@ -0,0 +1,9 @@
+# https://github.com/travis-ci/travis-ci/wiki/.travis.yml-options
+rvm:
+  - 1.8.7 # (current default)
+  - 1.9.2
+  - 1.9.3
+  - ree
+  - ruby-head
+  - rbx-18mode
+  - rbx-19mode

data/Gemfile

@@ -0,0 +1,6 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in rack-webconsole.gemspec
+gemspec
+gem 'rake'
+gem 'mocha' #, :git => 'git://github.com/floehopper/mocha.git'

data/Gemfile.lock

@@ -0,0 +1,42 @@
+PATH
+  remote: .
+  specs:
+    rack-webconsole-pry (0.1.4)
+      multi_json (>= 1.0.3)
+      pry
+      rack
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    bluecloth (2.2.0)
+    coderay (1.0.6)
+    metaclass (0.0.1)
+    method_source (0.7.1)
+    minitest (2.11.4)
+    mocha (0.10.5)
+      metaclass (~> 0.0.1)
+    multi_json (1.3.6)
+    pry (0.9.9.6)
+      coderay (~> 1.0.5)
+      method_source (~> 0.7.1)
+      slop (>= 2.4.4, < 3)
+    purdytest (1.0.0)
+      minitest (~> 2.2)
+    rack (1.4.1)
+    rake (0.9.2.2)
+    slop (2.4.4)
+    yard (0.7.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bluecloth
+  minitest
+  mocha
+  pry
+  purdytest
+  rack-webconsole-pry!
+  rake
+  yard

data/History

@@ -0,0 +1,27 @@
+=== 0.1.3 / 2012-03-22
+
+  + Make keycode configurable (Roger Leite)
+  + Switch to multi_json (Josh Buddy)
+  ! Fix markup to make it work in more browsers
+
+=== 0.1.2 / 2011-08-01
+
+  + Change field name to avoid conflicts with other forms (Chris Apolzon)
+  + Prevent visual flash of unstyled content (Rob Cameron)
+  + Fix minor styling issues (Jeff Kreeftmeijer)
+  + Avoid conflicts with libraries other than JQuery (Jo Liss)
+
+=== 0.1.1 / 2011-07-27
+
+  ! Fix bug with Content-Length not being calculated appropriately. (Corin Langosch)
+  + Refactor JavaScript to avoid messing with prototypes (Corin Langosch)
+
+=== 0.1.0 / 2011-07-27
+
+  + The request object is now exposed in the console through #request method
+  + Various UI enhancements
+  ! Fix bug where Sandbox locals were much more than those defined by the user.
+
+=== 0.0.5 / 2011-07-26
+
+  ! Protection against CSRF attacks.

data/Rakefile

@@ -0,0 +1,23 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+desc "Run rack-webconsole specs"
+Rake::TestTask.new do |t|
+  t.libs << "spec"
+  t.test_files = FileList['spec/**/*_spec.rb']
+  t.verbose = true
+end
+
+require 'yard'
+YARD::Rake::YardocTask.new(:docs) do |t|
+  t.files   = ['lib/**/*.rb']
+  t.options = ['-m', 'markdown', '--no-private', '-r', 'Readme.md', '--title', 'rack-webconsole documentation']
+end
+task :doc => [:docs]
+
+desc "Generate and open class diagram (needs Graphviz installed)"
+task :graph do |t|
+ `bundle exec yard graph -d --full --no-private | dot -Tpng -o graph.png && open graph.png`
+end
+task :default => [:test]

data/Readme.md

@@ -0,0 +1,131 @@
+#rack-webconsole [![Build Status](http://travis-ci.org/mrbrdo/rack-webconsole.png)](http://travis-ci.org/mrbrdo/rack-webconsole.png)
+
+Rack-webconsole is a Rack-based interactive console (à la Rails console) in
+your web application's frontend. That means you can interact with your
+application's backend from within the browser itself!
+
+To get a clearer idea, you can check out this video showing a live example :)
+
+[![YouTube video](http://img.youtube.com/vi/yKK5J01Dqts/0.jpg)](http://youtu.be/yKK5J01Dqts?hd=1)
+
+Rack-webconsole is a Rack middleware designed to be unobtrusive. With Rails 3,
+for example, you only have to include the gem in your Gemfile and it already
+works. Without any configuration.
+
+Tested with MRI versions 1.8.7, 1.9.2, ruby-head, and JRuby 1.6.3.
+
+**SECURITY NOTE**: From version v0.0.5 rack-webconsole uses a token system to
+protect against cross-site request forgery.
+
+##Changes from original rack-webconsole
+
+* Uses pry instead of ripl
+* Supports colors
+
+
+##Resources
+
+* [Example video](http://youtu.be/yKK5J01Dqts?hd=1)
+* [Documentation](http://rubydoc.info/github/codegram/rack-webconsole)
+
+
+##Install
+
+In your Gemfile:
+
+```ruby
+gem 'rack-webconsole'
+```
+
+Rack-webconsole **needs JQuery**. If you are using Rails 3, JQuery is loaded by
+default. In case you don't want to use JQuery in your application,
+**rack-webconsole can inject it for you** only when it needs it. To do that you
+should put this line somewhere in your application (a Rails initializer, or
+some configuration file):
+
+```ruby
+Rack::Webconsole.inject_jquery = true
+```
+
+You can also change the javascript key_code used to start webconsole:
+
+```ruby
+ # ` = 96 (default), ^ = 94, ç = 231 ... etc.
+Rack::Webconsole.key_code = "231"
+```
+
+##Usage with Rails 3
+
+If you are using Rails 3, you have no further steps to do. It works! To give
+it a try, fire up the Rails server and go to any page, press the ` ` ` key and
+the console will show :)
+
+##Usage with Sinatra/Padrino
+
+With Sinatra and Padrino you have to tell your application to use the
+middleware:
+
+```ruby
+require 'sinatra'
+require 'rack/webconsole'
+
+class MySinatraApp < Sinatra::Application
+  use Rack::Webconsole
+  # . . .
+end
+
+class SamplePadrino < Padrino::Application
+  use Rack::Webconsole
+  # . . .
+end
+```
+
+NOTE: If you are using Bundler and initializing it from config.ru, you don't
+have to `require 'rack/webconsole'` manually, otherwise you have to.
+
+And it works! Fire up the server, go to any page and press the ` ` ` key.
+
+##Usage with Rails 2
+
+You need to add the following code to an intializer (i.e. config/initializers/webconsole.rb):
+
+```ruby
+require 'rack/webconsole'
+ActionController::Dispatcher.middleware.insert_after 1, Rack::Webconsole
+```
+
+##Commands
+
+In the console you can issue whatever Ruby commands you want, except multiline commands. Local variables are kept, so you can get a more IRB-esque feeling.
+
+* `reload!` resets all local variables
+* `request` returns the current page request object
+
+##Under the hood
+
+Run the test suite by typing:
+
+    rake
+
+You can also build the documentation with the following command:
+
+    rake docs
+
+## Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so we don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself we can ignore when we pull)
+* Send us a pull request. Bonus points for topic branches.
+
+## Released under the MIT License
+
+Copyright (c) 2011 Codegram.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/rack/webconsole/asset_helpers.rb

@@ -0,0 +1,73 @@
+# encoding: utf-8
+module Rack
+  class Webconsole
+    # Helper module to encapsulate the asset loading logic used by the {Assets}
+    # middleware.
+    #
+    # For now, the strategy is reading the files from disk. In the future, we
+    # should come up with a somewhat more sophisticated strategy, although
+    # {Webconsole} is used only in development environments, where performance
+    # isn't usually a concern.
+    #
+    module AssetHelpers
+      # Loads the HTML from a file in `/public`.
+      #
+      # It contains a form and the needed divs to render the console.
+      #
+      # @return [String] the injectable HTML.
+      def html_code
+        out = ""
+        out << asset('jquery.html') if Webconsole.inject_jquery
+        out << asset('webconsole.html')
+        out
+      end
+
+      # Loads the CSS from a file in `/public`.
+      #
+      # It contains the styles for the console.
+      #
+      # @return [String] the injectable CSS.
+      def css_code
+        '<style type="text/css">' <<
+          asset('webconsole.css') <<
+          '</style>'
+      end
+
+      # Loads the JavaScript from a file in `/public`.
+      #
+      # It contains the JavaScript logic of the webconsole.
+      #
+      # @return [String] the injectable JavaScript.
+      def js_code
+        '<script type="text/javascript">' <<
+          asset('webconsole.js') <<
+          '</script>'
+      end
+
+      # Inteprolates the given variables inside the javascrpt code
+      #
+      # @param [String] javascript The javascript code to insert the variables
+      # @param [Hash] variables A hash containing the variables names (as keys)
+      # and its values
+      #
+      # @return [String] the javascript code with the interpolated variables
+      def render(javascript, variables = {})
+        javascript_with_variables = javascript.dup
+        variables.each_pair do |variable, value|
+          javascript_with_variables.gsub!("$#{variable}", value)
+        end
+        javascript_with_variables
+      end
+
+      private
+
+      def asset(file)
+        @assets ||= {}
+        output = ::File.open(::File.join(::File.dirname(__FILE__), '..', '..', '..', 'public', file), 'r:UTF-8') do |f|
+          f.read
+        end
+        @assets[file] ||= output
+      end
+    end
+  end
+end

data/lib/rack/webconsole/assets.rb

@@ -0,0 +1,72 @@
+# encoding: utf-8
+module Rack
+  class Webconsole
+    # {Assets} is a Rack middleware responsible for injecting view code for the
+    # console to work properly.
+    #
+    # It intercepts HTTP requests, detects successful HTML responses and
+    # injects HTML, CSS and JavaScript code into those.
+    #
+    class Assets
+      include Webconsole::AssetHelpers
+
+      # Honor the Rack contract by saving the passed Rack application in an ivar.
+      #
+      # @param [Rack::Application] app the previous Rack application in the
+      #   middleware chain.
+      def initialize(app)
+        @app = app
+      end
+
+      # Checks for successful HTML responses and injects HTML, CSS and
+      # JavaScript code into them.
+      #
+      # @param [Hash] env a Rack request environment.
+      def call(env)
+        status, headers, response = @app.call(env)
+        return [status, headers, response] unless check_html?(headers, response) && status == 200
+
+        if response.respond_to?(:body)
+          response_body = response.body
+        else
+          response_body = response.first
+        end
+
+        # Regenerate the security token
+        Webconsole::Repl.reset_token
+
+        # Expose the request object to the Repl
+        Webconsole::Repl.request = Rack::Request.new(env)
+
+        # Inject the html, css and js code to the view
+        response_body.gsub!('</body>', "#{code}</body>")
+
+        headers['Content-Length'] = response_body.bytesize.to_s
+
+        [status, headers, [response_body]]
+      end
+
+      # Returns a string with all the HTML, CSS and JavaScript code needed for
+      # the view.
+      #
+      # It puts the security token inside the JavaScript to make AJAX calls
+      # secure.
+      #
+      # @return [String] the injectable code.
+      def code
+        html_code <<
+          css_code <<
+          render(js_code, :TOKEN => Webconsole::Repl.token, :KEY_CODE => Webconsole.key_code)
+      end
+
+      private
+
+      def check_html?(headers, response)
+        body = response.respond_to?(:body) ? response.body : response.first
+        headers['Content-Type'] and
+          headers['Content-Type'].include? 'text/html' and
+          body =~ %r{<html.*</html>}m
+      end
+    end
+  end
+end

data/lib/rack/webconsole/railtie.rb

@@ -0,0 +1,14 @@
+# encoding: utf-8
+module Rack
+  class Webconsole
+    # Railtie loaded in Rails applications. Its purpose is to automatically use
+    # the middleware in development environment, so that Rails users only have
+    # to require 'rack-webconsole' in their Gemfile and nothing more than that.
+    #
+    class Railtie < Rails::Railtie
+      initializer 'rack-webconsole.add_middleware' do |app|
+        app.middleware.use Rack::Webconsole if Rails.env.development?
+      end
+    end
+  end
+end

data/lib/rack/webconsole/repl.rb

@@ -0,0 +1,113 @@
+# encoding: utf-8
+require 'multi_json'
+require 'digest/sha1'
+require 'pry'
+
+module Rack
+  class Webconsole
+    # {Repl} is a Rack middleware acting as a Ruby evaluator application.
+    #
+    # In a nutshell, it evaluates a string in a {Sandbox} instance stored in an
+    # evil global variable. Then, to keep the state, it inspects the local
+    # variables and stores them in an instance variable for further retrieval.
+    #
+    class Repl
+      @@request = nil
+      @@token   = nil
+
+      class << self
+        # Returns the autogenerated security token
+        #
+        # @return [String] the autogenerated token
+        def token
+          @@token
+        end
+
+        # Regenerates the token.
+        def reset_token
+          @@token = Digest::SHA1.hexdigest("#{rand(36**8)}#{Time.now}")[4..20]
+        end
+
+        # Returns the original request for inspection purposes.
+        #
+        # @return [Rack::Request] the original request
+        def request
+          @@request
+        end
+
+        # Sets the original request for inspection purposes.
+        #
+        # @param [Rack::Request] the original request
+        def request=(request)
+          @@request = request
+        end
+      end
+
+      # Honor the Rack contract by saving the passed Rack application in an ivar.
+      #
+      # @param [Rack::Application] app the previous Rack application in the
+      #   middleware chain.
+      def initialize(app)
+        @app = app
+      end
+
+      # Evaluates a string as Ruby code and returns the evaluated result as
+      # JSON.
+      #
+      # It also stores the {Sandbox} state in a `$sandbox` global variable, with
+      # its local variables.
+      #
+      # @param [Hash] env the Rack request environment.
+      # @return [Array] a Rack response with status code 200, HTTP headers
+      #   and the evaluated Ruby result.
+      def call(env)
+        status, headers, response = @app.call(env)
+
+        req = Rack::Request.new(env)
+        params = req.params
+
+        return [status, headers, response] unless check_legitimate(req)
+
+        hash = {}
+        $pry_output ||= StringIO.new("")
+        $pry_output.string = ""
+        if $pry.nil?
+          Pry.pager = false
+          $pry = Pry.new(:output => $pry_output, :pager => false)
+        end
+        pry = $pry
+        
+        # repl loop
+        target = Pry.binding_for(pry.binding_stack.last || TOPLEVEL_BINDING)
+        pry.repl_prologue(target) unless pry.binding_stack.last == target
+        pry.inject_sticky_locals(target)
+        code = params['query']
+        hash[:prompt] = pry.select_prompt("", target) + Pry::Code.new(code).to_s
+        begin
+        if !pry.process_command(code, "", target)
+          result = target.eval(code, Pry.eval_path, Pry.current_line)
+          pry.set_last_result(result, target, code)
+          pry.show_result(result) if pry.should_print?
+        end
+        rescue StandardError => e
+          $pry_output.write("Error: " + e.message)
+        end
+        # cleanup (supposed to call when $pry is destroyed)
+        # pry.repl_epilogue(target)
+        
+        hash[:result] = $pry_output.string
+        response_body = MultiJson.encode(hash)
+        headers = {}
+        headers['Content-Type'] = 'application/json'
+        headers['Content-Length'] = response_body.bytesize.to_s
+        [200, headers, [response_body]]
+      end
+
+      private
+
+      def check_legitimate(req)
+        req.post? && !Repl.token.nil? && req.params['token'] == Repl.token
+      end
+    end
+  end
+end