web-console 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.markdown +6 -1
- data/lib/web_console/middleware.rb +43 -26
- data/lib/web_console/railtie.rb +4 -0
- data/lib/web_console/request.rb +8 -0
- data/lib/web_console/templates/console.js.erb +1 -0
- data/lib/web_console/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c224d95365158b5d6c2c74a723e0f980d6ec2cc1
|
4
|
+
data.tar.gz: 96c1809b1e11969901c710bd3d6f316bbc1221c5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 43fb7f5387311dde55c6464a64ff9f9498486b7afc35f7c0254c851ce77027d288b190cfdd73c56bfebf7987e87d3f33315f7c626fef97b4da044892dbf135c5
|
7
|
+
data.tar.gz: 51395dfa02548a44395e5bffa801d3c28a4e95b556fa1982ba7045d279871e1c98de4e0bf1fd1b6a5273348ac5ad3c405bde530ffa394d6becab9ea39cf24bc3
|
data/CHANGELOG.markdown
CHANGED
@@ -2,15 +2,20 @@
|
|
2
2
|
|
3
3
|
## master (unreleased)
|
4
4
|
|
5
|
+
## 2.2.1
|
6
|
+
|
7
|
+
* [#150](https://github.com/rails/web-console/pull/150) Change config.development_only default until 4.2.4 is released.
|
8
|
+
|
5
9
|
## 2.2.0
|
6
10
|
|
7
11
|
* [#140](https://github.com/rails/web-console/pull/140) Add the ability to close the console on each page ([@sh19910711])
|
8
12
|
* [#135](https://github.com/rails/web-console/pull/135) Run the console only in development mode and raise warning in tests ([@frenesim])
|
13
|
+
* [#134](https://github.com/rails/web-conscle/pull/134) Force development only web console by default ([@gsamokovarov])
|
14
|
+
* [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
|
9
15
|
|
10
16
|
## 2.1.3
|
11
17
|
|
12
18
|
* Fix remote code execution vulnerability in Web Console. CVE-2015-3224.
|
13
|
-
* [#123](https://github.com/rails/web-console/pull/123) Replace deprecated `alias_method_chain` with `alias_method` ([@jonatack])
|
14
19
|
|
15
20
|
## 2.1.2
|
16
21
|
|
@@ -16,6 +16,8 @@ module WebConsole
|
|
16
16
|
this request hit doesn't store %{id} in memory.
|
17
17
|
END
|
18
18
|
|
19
|
+
UNACCEPTABLE_REQUEST_MESSAGE = "A supported version is expected in the Accept header."
|
20
|
+
|
19
21
|
cattr_accessor :whiny_requests
|
20
22
|
@@whiny_requests = true
|
21
23
|
|
@@ -29,9 +31,9 @@ module WebConsole
|
|
29
31
|
return @app.call(env) unless request.from_whitelited_ip?
|
30
32
|
|
31
33
|
if id = id_for_repl_session_update(request)
|
32
|
-
return update_repl_session(id, request
|
34
|
+
return update_repl_session(id, request)
|
33
35
|
elsif id = id_for_repl_session_stack_frame_change(request)
|
34
|
-
return change_stack_trace(id, request
|
36
|
+
return change_stack_trace(id, request)
|
35
37
|
end
|
36
38
|
|
37
39
|
status, headers, body = @app.call(env)
|
@@ -43,6 +45,7 @@ module WebConsole
|
|
43
45
|
end
|
44
46
|
|
45
47
|
if session && request.acceptable_content_type?
|
48
|
+
headers["X-Web-Console-Session-Id"] = session.id
|
46
49
|
response = Rack::Response.new(body, status, headers)
|
47
50
|
template = Template.new(env, session)
|
48
51
|
|
@@ -55,6 +58,28 @@ module WebConsole
|
|
55
58
|
|
56
59
|
private
|
57
60
|
|
61
|
+
def json_response(opts = {})
|
62
|
+
status = opts.fetch(:status, 200)
|
63
|
+
headers = { 'Content-Type' => 'application/json; charset = utf-8' }
|
64
|
+
body = yield.to_json
|
65
|
+
|
66
|
+
Rack::Response.new(body, status, headers).finish
|
67
|
+
end
|
68
|
+
|
69
|
+
def json_response_with_session(id, request, opts = {})
|
70
|
+
json_response(opts) do
|
71
|
+
unless request.acceptable?
|
72
|
+
return respond_with_unacceptable_request
|
73
|
+
end
|
74
|
+
|
75
|
+
unless session = Session.find(id)
|
76
|
+
return respond_with_unavailable_session(id)
|
77
|
+
end
|
78
|
+
|
79
|
+
yield session
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
58
83
|
def create_regular_or_whiny_request(env)
|
59
84
|
request = Request.new(env)
|
60
85
|
whiny_requests ? WhinyRequest.new(request) : request
|
@@ -80,38 +105,30 @@ module WebConsole
|
|
80
105
|
end
|
81
106
|
end
|
82
107
|
|
83
|
-
def update_repl_session(id,
|
84
|
-
|
85
|
-
|
108
|
+
def update_repl_session(id, request)
|
109
|
+
json_response_with_session(id, request) do |session|
|
110
|
+
{ output: session.eval(request.params[:input]) }
|
86
111
|
end
|
87
|
-
|
88
|
-
status = 200
|
89
|
-
headers = { 'Content-Type' => 'application/json; charset = utf-8' }
|
90
|
-
body = { output: session.eval(params[:input]) }.to_json
|
91
|
-
|
92
|
-
Rack::Response.new(body, status, headers).finish
|
93
112
|
end
|
94
113
|
|
95
|
-
def change_stack_trace(id,
|
96
|
-
|
97
|
-
|
98
|
-
end
|
99
|
-
|
100
|
-
session.switch_binding_to(params[:frame_id])
|
114
|
+
def change_stack_trace(id, request)
|
115
|
+
json_response_with_session(id, request) do |session|
|
116
|
+
session.switch_binding_to(request.params[:frame_id])
|
101
117
|
|
102
|
-
|
103
|
-
|
104
|
-
body = { ok: true }.to_json
|
105
|
-
|
106
|
-
Rack::Response.new(body, status, headers).finish
|
118
|
+
{ ok: true }
|
119
|
+
end
|
107
120
|
end
|
108
121
|
|
109
122
|
def respond_with_unavailable_session(id)
|
110
|
-
status
|
111
|
-
|
112
|
-
|
123
|
+
json_response(status: 404) do
|
124
|
+
{ output: format(UNAVAILABLE_SESSION_MESSAGE, id: id)}
|
125
|
+
end
|
126
|
+
end
|
113
127
|
|
114
|
-
|
128
|
+
def respond_with_unacceptable_request
|
129
|
+
json_response(status: 406) do
|
130
|
+
{ error: UNACCEPTABLE_REQUEST_MESSAGE }
|
131
|
+
end
|
115
132
|
end
|
116
133
|
end
|
117
134
|
end
|
data/lib/web_console/railtie.rb
CHANGED
@@ -5,6 +5,10 @@ module WebConsole
|
|
5
5
|
config.web_console = ActiveSupport::OrderedOptions.new
|
6
6
|
config.web_console.whitelisted_ips = %w( 127.0.0.1 ::1 )
|
7
7
|
|
8
|
+
# See rails/web-console#150 and rails/rails#20319. Revert when Ruby on
|
9
|
+
# Rails 4.2.4 is released.
|
10
|
+
config.web_console.development_only = false
|
11
|
+
|
8
12
|
initializer 'web_console.initialize' do
|
9
13
|
require 'web_console/extensions'
|
10
14
|
|
data/lib/web_console/request.rb
CHANGED
@@ -10,6 +10,9 @@ module WebConsole
|
|
10
10
|
cattr_accessor :whitelisted_ips
|
11
11
|
@@whitelisted_ips = Whitelist.new
|
12
12
|
|
13
|
+
# Define a vendor MIME type. We can call it using Mime::WEB_CONSOLE_V2 constant.
|
14
|
+
Mime::Type.register 'application/vnd.web-console.v2', :web_console_v2
|
15
|
+
|
13
16
|
# Returns whether a request came from a whitelisted IP.
|
14
17
|
#
|
15
18
|
# For a request to hit Web Console features, it needs to come from a white
|
@@ -32,6 +35,11 @@ module WebConsole
|
|
32
35
|
content_type.blank? || content_type.in?(acceptable_content_types)
|
33
36
|
end
|
34
37
|
|
38
|
+
# Returns whether the request is acceptable.
|
39
|
+
def acceptable?
|
40
|
+
xhr? && accepts.any? { |mime| Mime::WEB_CONSOLE_V2 == mime }
|
41
|
+
end
|
42
|
+
|
35
43
|
class GetSecureIp < ActionDispatch::RemoteIp::GetIp
|
36
44
|
def initialize(env, proxies)
|
37
45
|
@env = env
|
@@ -476,6 +476,7 @@ function request(method, url, params, callback) {
|
|
476
476
|
xhr.open(method, url, true);
|
477
477
|
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
478
478
|
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
|
479
|
+
xhr.setRequestHeader("Accept", "<%= Mime::WEB_CONSOLE_V2 %>");
|
479
480
|
xhr.send(params);
|
480
481
|
|
481
482
|
xhr.onreadystatechange = function() {
|
data/lib/web_console/version.rb
CHANGED