web-console 3.5.1 → 4.2.1

data/lib/web_console/middleware.rb

@@ -1,14 +1,13 @@
-require 'active_support/core_ext/string/strip'
+# frozen_string_literal: true
+
+require "active_support/core_ext/string/strip"
 
 module WebConsole
   class Middleware
-    TEMPLATES_PATH = File.expand_path('../templates', __FILE__)
-
-    cattr_accessor :mount_point
-    @@mount_point = '/__web_console'
+    TEMPLATES_PATH = File.expand_path("../templates", __FILE__)
 
-    cattr_accessor :whiny_requests
-    @@whiny_requests = true
+    cattr_accessor :mount_point, default: "/__web_console"
+    cattr_accessor :whiny_requests, default: true
 
     def initialize(app)
       @app = app
@@ -17,7 +16,7 @@ module WebConsole
     def call(env)
       app_exception = catch :app_exception do
         request = create_regular_or_whiny_request(env)
-        return call_app(env) unless request.from_whitelisted_ip?
+        return call_app(env) unless request.permitted?
 
         if id = id_for_repl_session_update(request)
           return update_repl_session(id, request)
@@ -25,19 +24,18 @@ module WebConsole
           return change_stack_trace(id, request)
         end
 
+
         status, headers, body = call_app(env)
 
-        if session = Session.from(Thread.current) and acceptable_content_type?(headers)
-          response = Response.new(body, status, headers)
-          template = Template.new(env, session)
+        if (session = Session.from(Thread.current)) && acceptable_content_type?(headers)
+          headers["x-web-console-session-id"] = session.id
+          headers["x-web-console-mount-point"] = mount_point
 
-          response.headers["X-Web-Console-Session-Id"] = session.id
-          response.headers["X-Web-Console-Mount-Point"] = mount_point
-          response.write(template.render('index'))
-          response.finish
-        else
-          [ status, headers, body ]
+          template = Template.new(env, session)
+          body, headers = Injector.new(body, headers).inject(template.render("index"))
         end
+
+        [ status, headers, body ]
       end
     rescue => e
       WebConsole.logger.error("\n#{e.class}: #{e}\n\tfrom #{e.backtrace.join("\n\tfrom ")}")
@@ -54,19 +52,18 @@ module WebConsole
     private
 
       def acceptable_content_type?(headers)
-        Mime::Type.parse(headers['Content-Type'].to_s).first == Mime[:html]
+        headers[Rack::CONTENT_TYPE].to_s.include?("html")
       end
 
       def json_response(opts = {})
         status  = opts.fetch(:status, 200)
-        headers = { 'Content-Type' => 'application/json; charset = utf-8' }
+        headers = { Rack::CONTENT_TYPE => "application/json; charset = utf-8" }
         body    = yield.to_json
 
-        Rack::Response.new(body, status, headers).finish
+        [ status, headers, [ body ] ]
       end
 
       def json_response_with_session(id, request, opts = {})
-        return respond_with_unacceptable_request unless request.acceptable?
         return respond_with_unavailable_session(id) unless session = Session.find(id)
 
         json_response(opts) { yield session }
@@ -113,7 +110,7 @@ module WebConsole
 
       def change_stack_trace(id, request)
         json_response_with_session(id, request) do |session|
-          session.switch_binding_to(request.params[:frame_id])
+          session.switch_binding_to(request.params[:frame_id], request.params[:exception_object_id])
 
           { ok: true }
         end
@@ -121,13 +118,13 @@ module WebConsole
 
       def respond_with_unavailable_session(id)
         json_response(status: 404) do
-          { output: format(I18n.t('errors.unavailable_session'), id: id)}
+          { output: format(I18n.t("errors.unavailable_session"), id: id) }
         end
       end
 
       def respond_with_unacceptable_request
         json_response(status: 406) do
-          { output: I18n.t('errors.unacceptable_request') }
+          { output: I18n.t("errors.unacceptable_request") }
         end
       end
 

data/lib/web_console/permissions.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require "ipaddr"
+
+module WebConsole
+  class Permissions
+    # IPv4 and IPv6 localhost should be always allowed.
+    ALWAYS_PERMITTED_NETWORKS = %w( 127.0.0.0/8 ::1 )
+
+    def initialize(networks = nil)
+      @networks = normalize_networks(networks).map(&method(:coerce_network_to_ipaddr)).uniq
+    end
+
+    def include?(network)
+      @networks.any? { |permission| permission.include?(network.to_s) }
+    rescue IPAddr::InvalidAddressError
+      false
+    end
+
+    def to_s
+      @networks.map(&method(:human_readable_ipaddr)).join(", ")
+    end
+
+    private
+
+      def normalize_networks(networks)
+        Array(networks).concat(ALWAYS_PERMITTED_NETWORKS)
+      end
+
+      def coerce_network_to_ipaddr(network)
+        if network.is_a?(IPAddr)
+          network
+        else
+          IPAddr.new(network)
+        end
+      end
+
+      def human_readable_ipaddr(ipaddr)
+        ipaddr.to_range.to_s.split("..").uniq.join("/")
+      end
+  end
+end

data/lib/web_console/railtie.rb

@@ -1,20 +1,19 @@
-require 'rails/railtie'
+# frozen_string_literal: true
+
+require "rails/railtie"
 
 module WebConsole
   class Railtie < ::Rails::Railtie
     config.web_console = ActiveSupport::OrderedOptions.new
-    config.web_console.whitelisted_ips = %w( 127.0.0.1 ::1 )
 
-    initializer 'web_console.initialize' do
-      require 'bindex'
-      require 'web_console/extensions'
+    initializer "web_console.initialize" do
+      require "bindex"
+      require "web_console/extensions"
 
-      if logger = ::Rails.logger
-        WebConsole.logger = logger
-      end
+      ActionDispatch::DebugExceptions.register_interceptor(Interceptor)
     end
 
-    initializer 'web_console.development_only' do
+    initializer "web_console.development_only" do
       unless (config.web_console.development_only == false) || Rails.env.development?
         abort <<-END.strip_heredoc
           Web Console is activated in the #{Rails.env} environment. This is
@@ -32,13 +31,13 @@ module WebConsole
       end
     end
 
-    initializer 'web_console.insert_middleware' do |app|
+    initializer "web_console.insert_middleware" do |app|
       app.middleware.insert_before ActionDispatch::DebugExceptions, Middleware
     end
 
-    initializer 'web_console.mount_point' do
+    initializer "web_console.mount_point" do
       if mount_point = config.web_console.mount_point
-        Middleware.mount_point = mount_point.chomp('/')
+        Middleware.mount_point = mount_point.chomp("/")
       end
 
       if root = Rails.application.config.relative_url_root
@@ -46,26 +45,44 @@ module WebConsole
       end
     end
 
-    initializer 'web_console.template_paths' do
+    initializer "web_console.template_paths" do
       if template_paths = config.web_console.template_paths
         Template.template_paths.unshift(*Array(template_paths))
       end
     end
 
-    initializer 'web_console.whitelisted_ips' do
-      if whitelisted_ips = config.web_console.whitelisted_ips
-        Request.whitelisted_ips = Whitelist.new(whitelisted_ips)
+    initializer "web_console.deprecator" do |app|
+      app.deprecators[:web_console] = WebConsole.deprecator if app.respond_to?(:deprecators)
+    end
+
+    initializer "web_console.permissions" do
+      permissions = web_console_permissions
+      Request.permissions = Permissions.new(permissions)
+    end
+
+    def web_console_permissions
+      case
+      when config.web_console.permissions
+        config.web_console.permissions
+      when config.web_console.allowed_ips
+        config.web_console.allowed_ips
+      when config.web_console.whitelisted_ips
+        WebConsole.deprecator.warn(<<-MSG.squish)
+          The config.web_console.whitelisted_ips is deprecated and will be ignored in future release of web_console.
+          Please use config.web_console.allowed_ips instead.
+        MSG
+        config.web_console.whitelisted_ips
       end
     end
 
-    initializer 'web_console.whiny_requests' do
+    initializer "web_console.whiny_requests" do
       if config.web_console.key?(:whiny_requests)
         Middleware.whiny_requests = config.web_console.whiny_requests
       end
     end
 
-    initializer 'i18n.load_path' do
-      config.i18n.load_path.concat(Dir[File.expand_path('../locales/*.yml', __FILE__)])
+    initializer "i18n.load_path" do
+      config.i18n.load_path.concat(Dir[File.expand_path("../locales/*.yml", __FILE__)])
     end
   end
 end

data/lib/web_console/request.rb

@@ -1,29 +1,17 @@
+# frozen_string_literal: true
+
 module WebConsole
-  # Web Console tailored request object.
   class Request < ActionDispatch::Request
-    # Configurable set of whitelisted networks.
-    cattr_accessor :whitelisted_ips
-    @@whitelisted_ips = Whitelist.new
-
-    # Define a vendor MIME type. We can call it using Mime[:web_console_v2].
-    Mime::Type.register 'application/vnd.web-console.v2', :web_console_v2
+    cattr_accessor :permissions, default: Permissions.new
 
-    # Returns whether a request came from a whitelisted IP.
-    #
-    # For a request to hit Web Console features, it needs to come from a white
-    # listed IP.
-    def from_whitelisted_ip?
-      whitelisted_ips.include?(strict_remote_ip)
+    def permitted?
+      permissions.include?(strict_remote_ip)
     end
 
-    # Determines the remote IP using our much stricter whitelist.
     def strict_remote_ip
-      GetSecureIp.new(self, whitelisted_ips).to_s
-    end
-
-    # Returns whether the request is acceptable.
-    def acceptable?
-      xhr? && accepts.any? { |mime| Mime[:web_console_v2] == mime }
+      GetSecureIp.new(self, permissions).to_s
+    rescue ActionDispatch::RemoteIp::IpSpoofAttackError
+      "[Spoofed]"
     end
 
     private

data/lib/web_console/session.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WebConsole
   # A session lets you persist an +Evaluator+ instance in memory associated
   # with multiple bindings.
@@ -9,8 +11,7 @@ module WebConsole
   # error pages only, as currently, this is the only client that needs to do
   # that.
   class Session
-    cattr_reader :inmemory_storage
-    @@inmemory_storage = {}
+    cattr_reader :inmemory_storage, default: {}
 
     class << self
       # Finds a persisted session in memory by its id.
@@ -30,9 +31,9 @@ module WebConsole
       # storage.
       def from(storage)
         if exc = storage[:__web_console_exception]
-          new(ExceptionMapper.new(exc))
+          new(ExceptionMapper.follow(exc))
         elsif binding = storage[:__web_console_binding]
-          new([binding])
+          new([[binding]])
         end
       end
     end
@@ -40,10 +41,11 @@ module WebConsole
     # An unique identifier for every REPL.
     attr_reader :id
 
-    def initialize(bindings)
+    def initialize(exception_mappers)
       @id = SecureRandom.hex(16)
-      @bindings = bindings
-      @evaluator = Evaluator.new(@current_binding = bindings.first)
+
+      @exception_mappers = exception_mappers
+      @evaluator         = Evaluator.new(@current_binding = exception_mappers.first.first)
 
       store_into_memory
     end
@@ -58,8 +60,10 @@ module WebConsole
     # Switches the current binding to the one at specified +index+.
     #
     # Returns nothing.
-    def switch_binding_to(index)
-      @evaluator = Evaluator.new(@current_binding = @bindings[index.to_i])
+    def switch_binding_to(index, exception_object_id)
+      bindings = ExceptionMapper.find_binding(@exception_mappers, exception_object_id)
+
+      @evaluator = Evaluator.new(@current_binding = bindings[index.to_i])
     end
 
     # Returns context of the current binding

data/lib/web_console/source_location.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module WebConsole
+  class SourceLocation
+    def initialize(binding)
+      @binding = binding
+    end
+
+    if RUBY_VERSION >= "2.6"
+      def path() @binding.source_location.first end
+      def lineno() @binding.source_location.last end
+    else
+      def path() @binding.eval("__FILE__") end
+      def lineno() @binding.eval("__LINE__") end
+    end
+  end
+end

data/lib/web_console/tasks/extensions.rake

@@ -1,23 +1,25 @@
+# frozen_string_literal: true
+
 namespace :ext do
-  rootdir = Pathname('extensions')
+  rootdir = Pathname("extensions")
 
-  desc 'Build Chrome Extension'
-  task chrome: 'chrome:build'
+  desc "Build Chrome Extension"
+  task chrome: "chrome:build"
 
   namespace :chrome do
-    dist   = Pathname('dist/crx')
+    dist   = Pathname("dist/crx")
     extdir = rootdir.join(dist)
-    manifest_json = rootdir.join('chrome/manifest.json')
+    manifest_json = rootdir.join("chrome/manifest.json")
 
     directory extdir
 
-    task build: [ extdir, 'lib:templates' ] do
+    task build: [ extdir, "lib:templates" ] do
       cd rootdir do
-        cp_r [ 'img/', 'tmp/lib/' ], dist
+        cp_r [ "img/", "tmp/lib/" ], dist
         `cd chrome && git ls-files`.split("\n").each do |src|
           dest = dist.join(src)
           mkdir_p dest.dirname
-          cp Pathname('chrome').join(src), dest
+          cp Pathname("chrome").join(src), dest
         end
       end
     end
@@ -34,7 +36,7 @@ namespace :ext do
       cd(extdir) { sh "zip -r ../crx-web-console-#{version}.zip ./" }
     end
 
-    desc 'Launch a browser with the chrome extension.'
+    desc "Launch a browser with the chrome extension."
     task run: [ :build ] do
       cd(rootdir) { sh "sh ./script/run_chrome.sh --load-extension=#{dist}" }
     end
@@ -45,15 +47,15 @@ namespace :ext do
   end
 
   namespace :lib do
-    templates = Pathname('lib/web_console/templates')
-    tmplib    = rootdir.join('tmp/lib/')
-    js_erb    = FileList.new(templates.join('**/*.js.erb'))
+    templates = Pathname("lib/web_console/templates")
+    tmplib    = rootdir.join("tmp/lib/")
+    js_erb    = FileList.new(templates.join("**/*.js.erb"))
     dirs      = js_erb.pathmap("%{^#{templates},#{tmplib}}d")
 
     task templates: dirs + js_erb.pathmap("%{^#{templates},#{tmplib}}X")
 
     dirs.each { |d| directory d }
-    rule '.js' => [ "%{^#{tmplib},#{templates}}X.js.erb" ] do |t|
+    rule ".js" => [ "%{^#{tmplib},#{templates}}X.js.erb" ] do |t|
       File.write(t.name, WebConsole::Testing::ERBPrecompiler.new(t.source).build)
     end
   end

data/lib/web_console/tasks/templates.rake

@@ -1,14 +1,17 @@
+# frozen_string_literal: true
+
+require "net/http"
+
 namespace :templates do
-  desc 'Run tests for templates'
+  desc "Run tests for templates"
   task test: [ :daemonize, :npm, :rackup, :wait, :mocha, :kill, :exit ]
   task serve: [ :npm, :rackup ]
 
-  workdir = Pathname(EXPANDED_CWD).join('test/templates')
+  workdir = Pathname(EXPANDED_CWD).join("test/templates")
   pid     = Pathname(Dir.tmpdir).join("web_console_test.pid")
   runner  = URI.parse("http://#{ENV['IP'] || '127.0.0.1'}:#{ENV['PORT'] || 29292}/html/test_runner.html")
   rackup  = "rackup --host #{runner.host} --port #{runner.port}"
   result  = nil
-  browser = 'phantomjs'
 
   def need_to_wait?(uri)
     Net::HTTP.start(uri.host, uri.port) { |http| http.get(uri.path) }
@@ -20,15 +23,8 @@ namespace :templates do
     rackup += " -D --pid #{pid}"
   end
 
-  task :npm => [ :phantomjs ] do
-    Dir.chdir(workdir) { system 'npm install --silent' }
-  end
-
-  task :phantomjs do
-    unless system("which #{browser} >/dev/null")
-      browser = './node_modules/.bin/phantomjs'
-      Dir.chdir(workdir) { system("test -f #{browser} || npm install --silent phantomjs-prebuilt") }
-    end
+  task :npm do
+    Dir.chdir(workdir) { system "npm install --silent" }
   end
 
   task :rackup do
@@ -41,7 +37,7 @@ namespace :templates do
   end
 
   task :mocha do
-    Dir.chdir(workdir) { result = system("#{browser} ./node_modules/mocha-phantomjs-core/mocha-phantomjs-core.js #{runner} dot") }
+    Dir.chdir(workdir) { result = system("npx mocha-headless-chrome -f #{runner} -r dot") }
   end
 
   task :kill do

data/lib/web_console/template.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WebConsole
   # A facade that handles template rendering and composition.
   #
@@ -5,8 +7,7 @@ module WebConsole
   # Rails error pages.
   class Template
     # Lets you customize the default templates folder location.
-    cattr_accessor :template_paths
-    @@template_paths = [ File.expand_path('../templates', __FILE__) ]
+    cattr_accessor :template_paths, default: [ File.expand_path("../templates", __FILE__) ]
 
     def initialize(env, session)
       @env = env
@@ -16,7 +17,7 @@ module WebConsole
 
     # Render a template (inferred from +template_paths+) as a plain string.
     def render(template)
-      view = View.new(template_paths, instance_values)
+      view = View.with_empty_template_cache.with_view_paths(template_paths, instance_values)
       view.render(template: template, layout: false)
     end
   end