rails-console 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +10 -0
- data/LICENSE +21 -0
- data/README.md +118 -0
- data/app/assets/rails_console/rails_console.css +230 -0
- data/app/assets/rails_console/rails_console.js +11 -0
- data/app/assets/rails_console/src/application.css +12 -0
- data/app/assets/rails_console/src/console.js +135 -0
- data/app/channels/rails_console/console_channel.rb +70 -0
- data/app/controllers/rails_console/consoles_controller.rb +19 -0
- data/app/models/rails_console/application_record.rb +7 -0
- data/app/models/rails_console/log_line.rb +13 -0
- data/app/models/rails_console/session.rb +21 -0
- data/app/views/layouts/rails_console/application.html.erb +16 -0
- data/app/views/rails_console/consoles/show.html.erb +1 -0
- data/bin/rails_console +8 -0
- data/config/routes.rb +5 -0
- data/lib/generators/rails_console/install_generator.rb +55 -0
- data/lib/generators/rails_console/templates/db/migrate/create_rails_console_log_lines.rb +14 -0
- data/lib/generators/rails_console/templates/db/migrate/create_rails_console_sessions.rb +16 -0
- data/lib/generators/rails_console/templates/rails_console.rb +14 -0
- data/lib/rails-console/broker.rb +336 -0
- data/lib/rails-console/config.rb +41 -0
- data/lib/rails-console/engine.rb +26 -0
- data/lib/rails-console/logging.rb +15 -0
- data/lib/rails-console/pty_session.rb +46 -0
- data/lib/rails-console/unsafe.rb +11 -0
- data/lib/rails-console/user.rb +13 -0
- data/lib/rails-console/version.rb +5 -0
- data/lib/rails-console.rb +14 -0
- metadata +129 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 2f2321f67a6a9c31742bf4402542b064b058b092c06b8faf1d780ddd13481f90
|
|
4
|
+
data.tar.gz: e1eeed831c25b3d78c442c1ba1f08bc79d1e4e3a6fbc91606c76f6bba28c0caa
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: e56e7f980a78c1b3fc40a352ff95dc012641e453b8de608d7f29aafc8d6e6848c90508844020620549edd79bb3dcd3df779f90f911475b925ea1f96e9e2c6a31
|
|
7
|
+
data.tar.gz: 5edec40ae0354c4ed4ec1d8fbfd7321bb126ed7b721aca3bd45ef6d76d46524f36857cb2fb9bae879113afc7038254883b57a7f61f9c243e4f4f2a8b6db3c9c4
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
## 0.1.0
|
|
4
|
+
|
|
5
|
+
- Browser console over ActionCable with xterm.js frontend bundle.
|
|
6
|
+
- Broker process (`bundle exec rails_console`) with PTY, sandbox-by-default, and `unsafe!` / `safe!` to toggle write mode.
|
|
7
|
+
- Audit models (`rails_console_sessions`, `rails_console_log_lines`); mode toggles are recorded as `transition` log lines.
|
|
8
|
+
- Install generator for migrations and `config/initializers/rails_console.rb`.
|
|
9
|
+
- `authorize` and `current_user` receive the resolved user (HTTP and WebSocket).
|
|
10
|
+
- Default `user_class` is `User`; default socket is `tmp/sockets/rails_console.sock`.
|
data/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
The MIT License (MIT)
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Washington Botelho
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
|
13
|
+
all copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
# Rails Console
|
|
2
|
+
|
|
3
|
+
[](https://github.com/wbotelhos/rails-console/actions/workflows/tests.yml)
|
|
4
|
+
[](https://github.com/wbotelhos/rails-console/actions/workflows/rubocop.yml)
|
|
5
|
+
[](https://badge.fury.io/rb/rails-console)
|
|
6
|
+
[](https://qlty.sh/gh/wbotelhos/projects/rails-console)
|
|
7
|
+
[](https://codecov.io/gh/wbotelhos/rails-console)
|
|
8
|
+
[](https://github.com/sponsors/wbotelhos)
|
|
9
|
+
|
|
10
|
+
A safe, browser-based Rails console you mount on your app.
|
|
11
|
+
|
|
12
|
+
## Installation
|
|
13
|
+
|
|
14
|
+
```ruby
|
|
15
|
+
gem 'rails-console'
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
```sh
|
|
19
|
+
bundle install
|
|
20
|
+
bin/rails generate rails_console:install
|
|
21
|
+
bin/rails db:migrate
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## Mounting
|
|
25
|
+
|
|
26
|
+
Mount the engine behind your own authentication **and** authorization:
|
|
27
|
+
|
|
28
|
+
```ruby
|
|
29
|
+
# config/routes.rb
|
|
30
|
+
authenticate :user, ->(user) { user.devops? } do
|
|
31
|
+
mount RailsConsole::Engine, at: :console
|
|
32
|
+
end
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
The route constraint protects the HTML page. The gem's `authorize` config (below) also protects the ActionCable channel — required because `/cable` is outside the mount.
|
|
36
|
+
|
|
37
|
+
## Configuration
|
|
38
|
+
|
|
39
|
+
Created by `bin/rails generate rails_console:install`. Example:
|
|
40
|
+
|
|
41
|
+
```ruby
|
|
42
|
+
# config/initializers/rails_console.rb
|
|
43
|
+
RailsConsole.configure do |config|
|
|
44
|
+
config.audit = true
|
|
45
|
+
|
|
46
|
+
config.authorize = ->(user) { user&.devops? }
|
|
47
|
+
|
|
48
|
+
config.command = 'bundle exec rails console'
|
|
49
|
+
|
|
50
|
+
config.current_user = ->(user) { { id: user&.id, label: user.try(:email) || 'unknown' } }
|
|
51
|
+
|
|
52
|
+
config.idle_timeout = 10.minutes
|
|
53
|
+
config.sandbox_command = 'bundle exec rails console --sandbox'
|
|
54
|
+
end
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
`authorize` and `current_user` receive the resolved user from HTTP (`request`) and WebSocket (`connection`) contexts.
|
|
58
|
+
|
|
59
|
+
| Option | Purpose |
|
|
60
|
+
| --- | --- |
|
|
61
|
+
| `audit` | Persist sessions and I/O log lines (default: `true`) |
|
|
62
|
+
| `authorize` | Proc `(user) -> bool` — may the user use the console (HTTP **and** WebSocket) |
|
|
63
|
+
| `command` | Command after `unsafe!` |
|
|
64
|
+
| `current_user` | Proc `(user) -> { id:, label: }` for audit records |
|
|
65
|
+
| `idle_timeout` | Kill idle PTY sessions after this duration |
|
|
66
|
+
| `sandbox_command` | Default command (safe-by-default sandbox) |
|
|
67
|
+
| `socket_path` | Unix socket between Puma workers and the broker (default: `tmp/sockets/rails_console.sock`) |
|
|
68
|
+
| `user_class` | ActiveRecord model class name for session `user` lookup (default: `User`) |
|
|
69
|
+
|
|
70
|
+
## Security layers
|
|
71
|
+
|
|
72
|
+
1. **Route constraint** — `authenticate` / custom constraint on the mount (HTTP only).
|
|
73
|
+
2. **Controller** — `authorize` runs again before rendering the page.
|
|
74
|
+
3. **Channel** — `authorize` on `subscribed` is the **only** protection for `/cable`; the mount does not cover WebSockets.
|
|
75
|
+
|
|
76
|
+
Additional safeguards:
|
|
77
|
+
|
|
78
|
+
- **Sandbox by default** — sessions start with `rails console --sandbox`.
|
|
79
|
+
- **`unsafe!` / `safe!`** — explicit toggle between write and sandbox mode; each swap starts a fresh PTY and is audited.
|
|
80
|
+
- **Broker isolation** — one PTY per container, shared via Unix socket across Puma workers.
|
|
81
|
+
- **Audit trail** — `RailsConsole::Session` and `RailsConsole::LogLine` when `audit` is enabled.
|
|
82
|
+
|
|
83
|
+
Do not rely on command filtering inside Ruby; use authorization + sandbox + auditing.
|
|
84
|
+
|
|
85
|
+
## Usage
|
|
86
|
+
|
|
87
|
+
Open `/console` (the path you mounted the engine at) to get a real `rails console` in the browser.
|
|
88
|
+
|
|
89
|
+
Sessions start in **safe mode** — changes are rolled back and never persisted:
|
|
90
|
+
|
|
91
|
+
```rb
|
|
92
|
+
User.last.destroy # runs, but nothing is saved
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
Type `unsafe!` to switch to **write mode**, where changes persist:
|
|
96
|
+
|
|
97
|
+
```rb
|
|
98
|
+
unsafe!
|
|
99
|
+
User.last.destroy # now really deletes the record
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
Type `safe!` to go back to sandbox mode. Each toggle starts a fresh session and is recorded in the audit trail.
|
|
103
|
+
|
|
104
|
+
## Broker process
|
|
105
|
+
|
|
106
|
+
The broker boots on demand when someone opens `/console`, or run it manually:
|
|
107
|
+
|
|
108
|
+
```sh
|
|
109
|
+
bundle exec rails_console
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
## Development (gem)
|
|
113
|
+
|
|
114
|
+
```sh
|
|
115
|
+
npm install
|
|
116
|
+
bundle exec rake assets:build # rebuild xterm bundle into app/assets/rails_console/
|
|
117
|
+
bundle exec rake spec
|
|
118
|
+
```
|
|
@@ -0,0 +1,230 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) 2014 The xterm.js authors. All rights reserved.
|
|
3
|
+
* Copyright (c) 2012-2013, Christopher Jeffrey (MIT License)
|
|
4
|
+
* https://github.com/chjj/term.js
|
|
5
|
+
* @license MIT
|
|
6
|
+
*
|
|
7
|
+
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
8
|
+
* of this software and associated documentation files (the "Software"), to deal
|
|
9
|
+
* in the Software without restriction, including without limitation the rights
|
|
10
|
+
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
11
|
+
* copies of the Software, and to permit persons to whom the Software is
|
|
12
|
+
* furnished to do so, subject to the following conditions:
|
|
13
|
+
*
|
|
14
|
+
* The above copyright notice and this permission notice shall be included in
|
|
15
|
+
* all copies or substantial portions of the Software.
|
|
16
|
+
*
|
|
17
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
18
|
+
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
19
|
+
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
20
|
+
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
21
|
+
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
22
|
+
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
23
|
+
* THE SOFTWARE.
|
|
24
|
+
*
|
|
25
|
+
* Originally forked from (with the author's permission):
|
|
26
|
+
* Fabrice Bellard's javascript vt100 for jslinux:
|
|
27
|
+
* http://bellard.org/jslinux/
|
|
28
|
+
* Copyright (c) 2011 Fabrice Bellard
|
|
29
|
+
* The original design remains. The terminal itself
|
|
30
|
+
* has been extended to include xterm CSI codes, among
|
|
31
|
+
* other features.
|
|
32
|
+
*/
|
|
33
|
+
|
|
34
|
+
/**
|
|
35
|
+
* Default styles for xterm.js
|
|
36
|
+
*/
|
|
37
|
+
|
|
38
|
+
.xterm {
|
|
39
|
+
cursor: text;
|
|
40
|
+
position: relative;
|
|
41
|
+
user-select: none;
|
|
42
|
+
-ms-user-select: none;
|
|
43
|
+
-webkit-user-select: none;
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
.xterm.focus,
|
|
47
|
+
.xterm:focus {
|
|
48
|
+
outline: none;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
.xterm .xterm-helpers {
|
|
52
|
+
position: absolute;
|
|
53
|
+
top: 0;
|
|
54
|
+
/**
|
|
55
|
+
* The z-index of the helpers must be higher than the canvases in order for
|
|
56
|
+
* IMEs to appear on top.
|
|
57
|
+
*/
|
|
58
|
+
z-index: 5;
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
.xterm .xterm-helper-textarea {
|
|
62
|
+
padding: 0;
|
|
63
|
+
border: 0;
|
|
64
|
+
margin: 0;
|
|
65
|
+
/* Move textarea out of the screen to the far left, so that the cursor is not visible */
|
|
66
|
+
position: absolute;
|
|
67
|
+
opacity: 0;
|
|
68
|
+
left: -9999em;
|
|
69
|
+
top: 0;
|
|
70
|
+
width: 0;
|
|
71
|
+
height: 0;
|
|
72
|
+
z-index: -5;
|
|
73
|
+
/** Prevent wrapping so the IME appears against the textarea at the correct position */
|
|
74
|
+
white-space: nowrap;
|
|
75
|
+
overflow: hidden;
|
|
76
|
+
resize: none;
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
.xterm .composition-view {
|
|
80
|
+
/* TODO: Composition position got messed up somewhere */
|
|
81
|
+
background: #000;
|
|
82
|
+
color: #FFF;
|
|
83
|
+
display: none;
|
|
84
|
+
position: absolute;
|
|
85
|
+
white-space: nowrap;
|
|
86
|
+
z-index: 1;
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
.xterm .composition-view.active {
|
|
90
|
+
display: block;
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
.xterm .xterm-viewport {
|
|
94
|
+
/* On OS X this is required in order for the scroll bar to appear fully opaque */
|
|
95
|
+
background-color: #000;
|
|
96
|
+
overflow-y: scroll;
|
|
97
|
+
cursor: default;
|
|
98
|
+
position: absolute;
|
|
99
|
+
right: 0;
|
|
100
|
+
left: 0;
|
|
101
|
+
top: 0;
|
|
102
|
+
bottom: 0;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
.xterm .xterm-screen {
|
|
106
|
+
position: relative;
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
.xterm .xterm-screen canvas {
|
|
110
|
+
position: absolute;
|
|
111
|
+
left: 0;
|
|
112
|
+
top: 0;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
.xterm .xterm-scroll-area {
|
|
116
|
+
visibility: hidden;
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
.xterm-char-measure-element {
|
|
120
|
+
display: inline-block;
|
|
121
|
+
visibility: hidden;
|
|
122
|
+
position: absolute;
|
|
123
|
+
top: 0;
|
|
124
|
+
left: -9999em;
|
|
125
|
+
line-height: normal;
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
.xterm.enable-mouse-events {
|
|
129
|
+
/* When mouse events are enabled (eg. tmux), revert to the standard pointer cursor */
|
|
130
|
+
cursor: default;
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
.xterm.xterm-cursor-pointer,
|
|
134
|
+
.xterm .xterm-cursor-pointer {
|
|
135
|
+
cursor: pointer;
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
.xterm.column-select.focus {
|
|
139
|
+
/* Column selection mode */
|
|
140
|
+
cursor: crosshair;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
.xterm .xterm-accessibility:not(.debug),
|
|
144
|
+
.xterm .xterm-message {
|
|
145
|
+
position: absolute;
|
|
146
|
+
left: 0;
|
|
147
|
+
top: 0;
|
|
148
|
+
bottom: 0;
|
|
149
|
+
right: 0;
|
|
150
|
+
z-index: 10;
|
|
151
|
+
color: transparent;
|
|
152
|
+
pointer-events: none;
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
.xterm .xterm-accessibility-tree:not(.debug) *::selection {
|
|
156
|
+
color: transparent;
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
.xterm .xterm-accessibility-tree {
|
|
160
|
+
user-select: text;
|
|
161
|
+
white-space: pre;
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
.xterm .live-region {
|
|
165
|
+
position: absolute;
|
|
166
|
+
left: -9999px;
|
|
167
|
+
width: 1px;
|
|
168
|
+
height: 1px;
|
|
169
|
+
overflow: hidden;
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
.xterm-dim {
|
|
173
|
+
/* Dim should not apply to background, so the opacity of the foreground color is applied
|
|
174
|
+
* explicitly in the generated class and reset to 1 here */
|
|
175
|
+
opacity: 1 !important;
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
.xterm-underline-1 { text-decoration: underline; }
|
|
179
|
+
.xterm-underline-2 { text-decoration: double underline; }
|
|
180
|
+
.xterm-underline-3 { text-decoration: wavy underline; }
|
|
181
|
+
.xterm-underline-4 { text-decoration: dotted underline; }
|
|
182
|
+
.xterm-underline-5 { text-decoration: dashed underline; }
|
|
183
|
+
|
|
184
|
+
.xterm-overline {
|
|
185
|
+
text-decoration: overline;
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
.xterm-overline.xterm-underline-1 { text-decoration: overline underline; }
|
|
189
|
+
.xterm-overline.xterm-underline-2 { text-decoration: overline double underline; }
|
|
190
|
+
.xterm-overline.xterm-underline-3 { text-decoration: overline wavy underline; }
|
|
191
|
+
.xterm-overline.xterm-underline-4 { text-decoration: overline dotted underline; }
|
|
192
|
+
.xterm-overline.xterm-underline-5 { text-decoration: overline dashed underline; }
|
|
193
|
+
|
|
194
|
+
.xterm-strikethrough {
|
|
195
|
+
text-decoration: line-through;
|
|
196
|
+
}
|
|
197
|
+
|
|
198
|
+
.xterm-screen .xterm-decoration-container .xterm-decoration {
|
|
199
|
+
z-index: 6;
|
|
200
|
+
position: absolute;
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer {
|
|
204
|
+
z-index: 7;
|
|
205
|
+
}
|
|
206
|
+
|
|
207
|
+
.xterm-decoration-overview-ruler {
|
|
208
|
+
z-index: 8;
|
|
209
|
+
position: absolute;
|
|
210
|
+
top: 0;
|
|
211
|
+
right: 0;
|
|
212
|
+
pointer-events: none;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
.xterm-decoration-top {
|
|
216
|
+
z-index: 2;
|
|
217
|
+
position: relative;
|
|
218
|
+
}
|
|
219
|
+
html,
|
|
220
|
+
body {
|
|
221
|
+
background: #000;
|
|
222
|
+
height: 100%;
|
|
223
|
+
margin: 0;
|
|
224
|
+
padding: 0;
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
#rails-console {
|
|
228
|
+
height: 100vh;
|
|
229
|
+
width: 100vw;
|
|
230
|
+
}
|