rails-console 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 2f2321f67a6a9c31742bf4402542b064b058b092c06b8faf1d780ddd13481f90
4
+ data.tar.gz: e1eeed831c25b3d78c442c1ba1f08bc79d1e4e3a6fbc91606c76f6bba28c0caa
5
+ SHA512:
6
+ metadata.gz: e56e7f980a78c1b3fc40a352ff95dc012641e453b8de608d7f29aafc8d6e6848c90508844020620549edd79bb3dcd3df779f90f911475b925ea1f96e9e2c6a31
7
+ data.tar.gz: 5edec40ae0354c4ed4ec1d8fbfd7321bb126ed7b721aca3bd45ef6d76d46524f36857cb2fb9bae879113afc7038254883b57a7f61f9c243e4f4f2a8b6db3c9c4
data/CHANGELOG.md ADDED
@@ -0,0 +1,10 @@
1
+ # Changelog
2
+
3
+ ## 0.1.0
4
+
5
+ - Browser console over ActionCable with xterm.js frontend bundle.
6
+ - Broker process (`bundle exec rails_console`) with PTY, sandbox-by-default, and `unsafe!` / `safe!` to toggle write mode.
7
+ - Audit models (`rails_console_sessions`, `rails_console_log_lines`); mode toggles are recorded as `transition` log lines.
8
+ - Install generator for migrations and `config/initializers/rails_console.rb`.
9
+ - `authorize` and `current_user` receive the resolved user (HTTP and WebSocket).
10
+ - Default `user_class` is `User`; default socket is `tmp/sockets/rails_console.sock`.
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2026 Washington Botelho
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,118 @@
1
+ # Rails Console
2
+
3
+ [![Tests](https://github.com/wbotelhos/rails-console/workflows/Tests/badge.svg)](https://github.com/wbotelhos/rails-console/actions/workflows/tests.yml)
4
+ [![RuboCop](https://github.com/wbotelhos/rails-console/workflows/RuboCop/badge.svg)](https://github.com/wbotelhos/rails-console/actions/workflows/rubocop.yml)
5
+ [![Gem Version](https://badge.fury.io/rb/rails-console.svg)](https://badge.fury.io/rb/rails-console)
6
+ [![Maintainability](https://qlty.sh/gh/wbotelhos/projects/rails-console/maintainability.svg)](https://qlty.sh/gh/wbotelhos/projects/rails-console)
7
+ [![Coverage](https://codecov.io/gh/wbotelhos/rails-console/branch/main/graph/badge.svg)](https://codecov.io/gh/wbotelhos/rails-console)
8
+ [![Sponsor](https://img.shields.io/badge/sponsor-%3C3-green)](https://github.com/sponsors/wbotelhos)
9
+
10
+ A safe, browser-based Rails console you mount on your app.
11
+
12
+ ## Installation
13
+
14
+ ```ruby
15
+ gem 'rails-console'
16
+ ```
17
+
18
+ ```sh
19
+ bundle install
20
+ bin/rails generate rails_console:install
21
+ bin/rails db:migrate
22
+ ```
23
+
24
+ ## Mounting
25
+
26
+ Mount the engine behind your own authentication **and** authorization:
27
+
28
+ ```ruby
29
+ # config/routes.rb
30
+ authenticate :user, ->(user) { user.devops? } do
31
+ mount RailsConsole::Engine, at: :console
32
+ end
33
+ ```
34
+
35
+ The route constraint protects the HTML page. The gem's `authorize` config (below) also protects the ActionCable channel — required because `/cable` is outside the mount.
36
+
37
+ ## Configuration
38
+
39
+ Created by `bin/rails generate rails_console:install`. Example:
40
+
41
+ ```ruby
42
+ # config/initializers/rails_console.rb
43
+ RailsConsole.configure do |config|
44
+ config.audit = true
45
+
46
+ config.authorize = ->(user) { user&.devops? }
47
+
48
+ config.command = 'bundle exec rails console'
49
+
50
+ config.current_user = ->(user) { { id: user&.id, label: user.try(:email) || 'unknown' } }
51
+
52
+ config.idle_timeout = 10.minutes
53
+ config.sandbox_command = 'bundle exec rails console --sandbox'
54
+ end
55
+ ```
56
+
57
+ `authorize` and `current_user` receive the resolved user from HTTP (`request`) and WebSocket (`connection`) contexts.
58
+
59
+ | Option | Purpose |
60
+ | --- | --- |
61
+ | `audit` | Persist sessions and I/O log lines (default: `true`) |
62
+ | `authorize` | Proc `(user) -> bool` — may the user use the console (HTTP **and** WebSocket) |
63
+ | `command` | Command after `unsafe!` |
64
+ | `current_user` | Proc `(user) -> { id:, label: }` for audit records |
65
+ | `idle_timeout` | Kill idle PTY sessions after this duration |
66
+ | `sandbox_command` | Default command (safe-by-default sandbox) |
67
+ | `socket_path` | Unix socket between Puma workers and the broker (default: `tmp/sockets/rails_console.sock`) |
68
+ | `user_class` | ActiveRecord model class name for session `user` lookup (default: `User`) |
69
+
70
+ ## Security layers
71
+
72
+ 1. **Route constraint** — `authenticate` / custom constraint on the mount (HTTP only).
73
+ 2. **Controller** — `authorize` runs again before rendering the page.
74
+ 3. **Channel** — `authorize` on `subscribed` is the **only** protection for `/cable`; the mount does not cover WebSockets.
75
+
76
+ Additional safeguards:
77
+
78
+ - **Sandbox by default** — sessions start with `rails console --sandbox`.
79
+ - **`unsafe!` / `safe!`** — explicit toggle between write and sandbox mode; each swap starts a fresh PTY and is audited.
80
+ - **Broker isolation** — one PTY per container, shared via Unix socket across Puma workers.
81
+ - **Audit trail** — `RailsConsole::Session` and `RailsConsole::LogLine` when `audit` is enabled.
82
+
83
+ Do not rely on command filtering inside Ruby; use authorization + sandbox + auditing.
84
+
85
+ ## Usage
86
+
87
+ Open `/console` (the path you mounted the engine at) to get a real `rails console` in the browser.
88
+
89
+ Sessions start in **safe mode** — changes are rolled back and never persisted:
90
+
91
+ ```rb
92
+ User.last.destroy # runs, but nothing is saved
93
+ ```
94
+
95
+ Type `unsafe!` to switch to **write mode**, where changes persist:
96
+
97
+ ```rb
98
+ unsafe!
99
+ User.last.destroy # now really deletes the record
100
+ ```
101
+
102
+ Type `safe!` to go back to sandbox mode. Each toggle starts a fresh session and is recorded in the audit trail.
103
+
104
+ ## Broker process
105
+
106
+ The broker boots on demand when someone opens `/console`, or run it manually:
107
+
108
+ ```sh
109
+ bundle exec rails_console
110
+ ```
111
+
112
+ ## Development (gem)
113
+
114
+ ```sh
115
+ npm install
116
+ bundle exec rake assets:build # rebuild xterm bundle into app/assets/rails_console/
117
+ bundle exec rake spec
118
+ ```
@@ -0,0 +1,230 @@
1
+ /**
2
+ * Copyright (c) 2014 The xterm.js authors. All rights reserved.
3
+ * Copyright (c) 2012-2013, Christopher Jeffrey (MIT License)
4
+ * https://github.com/chjj/term.js
5
+ * @license MIT
6
+ *
7
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
8
+ * of this software and associated documentation files (the "Software"), to deal
9
+ * in the Software without restriction, including without limitation the rights
10
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11
+ * copies of the Software, and to permit persons to whom the Software is
12
+ * furnished to do so, subject to the following conditions:
13
+ *
14
+ * The above copyright notice and this permission notice shall be included in
15
+ * all copies or substantial portions of the Software.
16
+ *
17
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23
+ * THE SOFTWARE.
24
+ *
25
+ * Originally forked from (with the author's permission):
26
+ * Fabrice Bellard's javascript vt100 for jslinux:
27
+ * http://bellard.org/jslinux/
28
+ * Copyright (c) 2011 Fabrice Bellard
29
+ * The original design remains. The terminal itself
30
+ * has been extended to include xterm CSI codes, among
31
+ * other features.
32
+ */
33
+
34
+ /**
35
+ * Default styles for xterm.js
36
+ */
37
+
38
+ .xterm {
39
+ cursor: text;
40
+ position: relative;
41
+ user-select: none;
42
+ -ms-user-select: none;
43
+ -webkit-user-select: none;
44
+ }
45
+
46
+ .xterm.focus,
47
+ .xterm:focus {
48
+ outline: none;
49
+ }
50
+
51
+ .xterm .xterm-helpers {
52
+ position: absolute;
53
+ top: 0;
54
+ /**
55
+ * The z-index of the helpers must be higher than the canvases in order for
56
+ * IMEs to appear on top.
57
+ */
58
+ z-index: 5;
59
+ }
60
+
61
+ .xterm .xterm-helper-textarea {
62
+ padding: 0;
63
+ border: 0;
64
+ margin: 0;
65
+ /* Move textarea out of the screen to the far left, so that the cursor is not visible */
66
+ position: absolute;
67
+ opacity: 0;
68
+ left: -9999em;
69
+ top: 0;
70
+ width: 0;
71
+ height: 0;
72
+ z-index: -5;
73
+ /** Prevent wrapping so the IME appears against the textarea at the correct position */
74
+ white-space: nowrap;
75
+ overflow: hidden;
76
+ resize: none;
77
+ }
78
+
79
+ .xterm .composition-view {
80
+ /* TODO: Composition position got messed up somewhere */
81
+ background: #000;
82
+ color: #FFF;
83
+ display: none;
84
+ position: absolute;
85
+ white-space: nowrap;
86
+ z-index: 1;
87
+ }
88
+
89
+ .xterm .composition-view.active {
90
+ display: block;
91
+ }
92
+
93
+ .xterm .xterm-viewport {
94
+ /* On OS X this is required in order for the scroll bar to appear fully opaque */
95
+ background-color: #000;
96
+ overflow-y: scroll;
97
+ cursor: default;
98
+ position: absolute;
99
+ right: 0;
100
+ left: 0;
101
+ top: 0;
102
+ bottom: 0;
103
+ }
104
+
105
+ .xterm .xterm-screen {
106
+ position: relative;
107
+ }
108
+
109
+ .xterm .xterm-screen canvas {
110
+ position: absolute;
111
+ left: 0;
112
+ top: 0;
113
+ }
114
+
115
+ .xterm .xterm-scroll-area {
116
+ visibility: hidden;
117
+ }
118
+
119
+ .xterm-char-measure-element {
120
+ display: inline-block;
121
+ visibility: hidden;
122
+ position: absolute;
123
+ top: 0;
124
+ left: -9999em;
125
+ line-height: normal;
126
+ }
127
+
128
+ .xterm.enable-mouse-events {
129
+ /* When mouse events are enabled (eg. tmux), revert to the standard pointer cursor */
130
+ cursor: default;
131
+ }
132
+
133
+ .xterm.xterm-cursor-pointer,
134
+ .xterm .xterm-cursor-pointer {
135
+ cursor: pointer;
136
+ }
137
+
138
+ .xterm.column-select.focus {
139
+ /* Column selection mode */
140
+ cursor: crosshair;
141
+ }
142
+
143
+ .xterm .xterm-accessibility:not(.debug),
144
+ .xterm .xterm-message {
145
+ position: absolute;
146
+ left: 0;
147
+ top: 0;
148
+ bottom: 0;
149
+ right: 0;
150
+ z-index: 10;
151
+ color: transparent;
152
+ pointer-events: none;
153
+ }
154
+
155
+ .xterm .xterm-accessibility-tree:not(.debug) *::selection {
156
+ color: transparent;
157
+ }
158
+
159
+ .xterm .xterm-accessibility-tree {
160
+ user-select: text;
161
+ white-space: pre;
162
+ }
163
+
164
+ .xterm .live-region {
165
+ position: absolute;
166
+ left: -9999px;
167
+ width: 1px;
168
+ height: 1px;
169
+ overflow: hidden;
170
+ }
171
+
172
+ .xterm-dim {
173
+ /* Dim should not apply to background, so the opacity of the foreground color is applied
174
+ * explicitly in the generated class and reset to 1 here */
175
+ opacity: 1 !important;
176
+ }
177
+
178
+ .xterm-underline-1 { text-decoration: underline; }
179
+ .xterm-underline-2 { text-decoration: double underline; }
180
+ .xterm-underline-3 { text-decoration: wavy underline; }
181
+ .xterm-underline-4 { text-decoration: dotted underline; }
182
+ .xterm-underline-5 { text-decoration: dashed underline; }
183
+
184
+ .xterm-overline {
185
+ text-decoration: overline;
186
+ }
187
+
188
+ .xterm-overline.xterm-underline-1 { text-decoration: overline underline; }
189
+ .xterm-overline.xterm-underline-2 { text-decoration: overline double underline; }
190
+ .xterm-overline.xterm-underline-3 { text-decoration: overline wavy underline; }
191
+ .xterm-overline.xterm-underline-4 { text-decoration: overline dotted underline; }
192
+ .xterm-overline.xterm-underline-5 { text-decoration: overline dashed underline; }
193
+
194
+ .xterm-strikethrough {
195
+ text-decoration: line-through;
196
+ }
197
+
198
+ .xterm-screen .xterm-decoration-container .xterm-decoration {
199
+ z-index: 6;
200
+ position: absolute;
201
+ }
202
+
203
+ .xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer {
204
+ z-index: 7;
205
+ }
206
+
207
+ .xterm-decoration-overview-ruler {
208
+ z-index: 8;
209
+ position: absolute;
210
+ top: 0;
211
+ right: 0;
212
+ pointer-events: none;
213
+ }
214
+
215
+ .xterm-decoration-top {
216
+ z-index: 2;
217
+ position: relative;
218
+ }
219
+ html,
220
+ body {
221
+ background: #000;
222
+ height: 100%;
223
+ margin: 0;
224
+ padding: 0;
225
+ }
226
+
227
+ #rails-console {
228
+ height: 100vh;
229
+ width: 100vw;
230
+ }