web-console 3.5.1 → 4.2.1

data/lib/web_console/view.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WebConsole
   class View < ActionView::Base
     # Execute a block only on error pages.
@@ -8,6 +10,11 @@ module WebConsole
       yield if Thread.current[:__web_console_exception].present?
     end
 
+    # Execute a block only on regular, non-error, pages.
+    def only_on_regular_page(*args)
+      yield if Thread.current[:__web_console_binding].present?
+    end
+
     # Render JavaScript inside a script tag and a closure.
     #
     # This one lets write JavaScript that will automatically get wrapped in a
@@ -15,7 +22,8 @@ module WebConsole
     # leaking globals, unless you explicitly want to.
     def render_javascript(template)
       assign(template: template)
-      render(template: template, layout: 'layouts/javascript')
+      assign(nonce: @env["action_dispatch.content_security_policy_nonce"])
+      render(template: template, layout: "layouts/javascript")
     end
 
     # Render inlined string to be used inside of JavaScript code.
@@ -23,7 +31,7 @@ module WebConsole
     # The inlined string is returned as an actual JavaScript string. You
     # don't need to wrap the result yourself.
     def render_inlined_string(template)
-      render(template: template, layout: 'layouts/inlined_string')
+      render(template: template, layout: "layouts/inlined_string")
     end
 
     # Custom ActionView::Base#render wrapper which silences all the log
@@ -31,7 +39,7 @@ module WebConsole
     #
     # Helps to keep the Rails logs clean during errors.
     def render(*)
-      if logger = WebConsole.logger and logger.respond_to?(:silence)
+      if (logger = WebConsole.logger) && logger.respond_to?(:silence)
         WebConsole.logger.silence { super }
       else
         super

data/lib/web_console/whiny_request.rb

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
+
 module WebConsole
   # Noisy wrapper around +Request+.
   #
-  # If any calls to +from_whitelisted_ip?+ and +acceptable_content_type?+
+  # If any calls to +permitted?+ and +acceptable_content_type?+
   # return false, an info log message will be displayed in users' logs.
   class WhinyRequest < SimpleDelegator
-    def from_whitelisted_ip?
-      whine_unless request.from_whitelisted_ip? do
+    def permitted?
+      whine_unless request.permitted? do
         "Cannot render console from #{request.strict_remote_ip}! " \
-          "Allowed networks: #{request.whitelisted_ips}"
+          "Allowed networks: #{request.permissions}"
       end
     end
 
@@ -21,7 +23,7 @@ module WebConsole
       end
 
       def logger
-        env['action_dispatch.logger'] || WebConsole.logger
+        env["action_dispatch.logger"] || WebConsole.logger
       end
 
       def request

data/lib/web_console.rb

@@ -1,5 +1,7 @@
-require 'active_support/dependencies/autoload'
-require 'active_support/logger'
+# frozen_string_literal: true
+
+require "active_support/dependencies/autoload"
+require "active_support/logger"
 
 module WebConsole
   extend ActiveSupport::Autoload
@@ -8,21 +10,28 @@ module WebConsole
   autoload :Evaluator
   autoload :ExceptionMapper
   autoload :Session
-  autoload :Response
+  autoload :Injector
+  autoload :Interceptor
   autoload :Request
   autoload :WhinyRequest
-  autoload :Whitelist
+  autoload :Permissions
   autoload :Template
   autoload :Middleware
   autoload :Context
+  autoload :SourceLocation
 
-  autoload_at 'web_console/errors' do
+  autoload_at "web_console/errors" do
     autoload :Error
     autoload :DoubleRenderError
   end
 
-  mattr_accessor :logger
-  @@logger = ActiveSupport::Logger.new($stderr)
+  def self.logger
+    (defined?(Rails.logger) && Rails.logger) || (@logger ||= ActiveSupport::Logger.new($stderr))
+  end
+
+  def self.deprecator
+    @deprecator ||= ActiveSupport::Deprecation.new("5.0", "WebConsole")
+  end
 end
 
-require 'web_console/railtie'
+require "web_console/railtie"

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: web-console
 version: !ruby/object:Gem::Version
-  version: 3.5.1
+  version: 4.2.1
 platform: ruby
 authors:
-- Charlie Somerville
+- Hailey Somerville
 - Genadi Samokovarov
 - Guillermo Iguaran
 - Ryan Dao
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-12 00:00:00.000000000 Z
+date: 2023-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -19,42 +19,42 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
   name: actionview
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
   name: bindex
   requirement: !ruby/object:Gem::Requirement
@@ -71,7 +71,7 @@ dependencies:
         version: 0.4.0
 description: 
 email:
-- charlie@charliesomerville.com
+- hailey@hailey.lol
 - gsamokovarov@gmail.com
 - guilleiguaran@gmail.com
 - daoduyducduong@gmail.com
@@ -90,12 +90,15 @@ files:
 - lib/web_console/evaluator.rb
 - lib/web_console/exception_mapper.rb
 - lib/web_console/extensions.rb
+- lib/web_console/injector.rb
+- lib/web_console/interceptor.rb
 - lib/web_console/locales/en.yml
 - lib/web_console/middleware.rb
+- lib/web_console/permissions.rb
 - lib/web_console/railtie.rb
 - lib/web_console/request.rb
-- lib/web_console/response.rb
 - lib/web_console/session.rb
+- lib/web_console/source_location.rb
 - lib/web_console/tasks/extensions.rake
 - lib/web_console/tasks/templates.rake
 - lib/web_console/template.rb
@@ -108,6 +111,7 @@ files:
 - lib/web_console/templates/layouts/inlined_string.erb
 - lib/web_console/templates/layouts/javascript.erb
 - lib/web_console/templates/main.js.erb
+- lib/web_console/templates/regular_page.js.erb
 - lib/web_console/templates/style.css.erb
 - lib/web_console/testing/erb_precompiler.rb
 - lib/web_console/testing/fake_middleware.rb
@@ -115,7 +119,6 @@ files:
 - lib/web_console/version.rb
 - lib/web_console/view.rb
 - lib/web_console/whiny_request.rb
-- lib/web_console/whitelist.rb
 homepage: https://github.com/rails/web-console
 licenses:
 - MIT
@@ -128,15 +131,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: A debugging tool for your Ruby on Rails applications.

data/lib/web_console/response.rb

@@ -1,23 +0,0 @@
-module WebConsole
-  # A response object that writes content before the closing </body> tag, if
-  # possible.
-  #
-  # The object quacks like Rack::Response.
-  class Response < Struct.new(:body, :status, :headers)
-    def write(content)
-      raw_body = Array(body).first.to_s
-
-      if position = raw_body.rindex('</body>')
-        raw_body.insert(position, content)
-      else
-        raw_body << content
-      end
-
-      self.body = raw_body
-    end
-
-    def finish
-      Rack::Response.new(body, status, headers).finish
-    end
-  end
-end

data/lib/web_console/whitelist.rb

@@ -1,44 +0,0 @@
-require 'ipaddr'
-
-module WebConsole
-  # Whitelist of allowed networks that can access Web Console.
-  #
-  # Networks are represented by standard IPAddr and can be either IPv4 or IPv6
-  # networks.
-  class Whitelist
-    # IPv4 and IPv6 localhost should be always whitelisted.
-    ALWAYS_WHITELISTED_NETWORKS = %w( 127.0.0.0/8 ::1 )
-
-    def initialize(networks = nil)
-      @networks = normalize_networks(networks).map(&method(:coerce_network_to_ipaddr)).uniq
-    end
-
-    def include?(network)
-      @networks.any? { |whitelist| whitelist.include?(network.to_s) }
-    rescue IPAddr::InvalidAddressError
-      false
-    end
-
-    def to_s
-      @networks.map(&method(:human_readable_ipaddr)).join(', ')
-    end
-
-    private
-
-      def normalize_networks(networks)
-        Array(networks).concat(ALWAYS_WHITELISTED_NETWORKS)
-      end
-
-      def coerce_network_to_ipaddr(network)
-        if network.is_a?(IPAddr)
-          network
-        else
-          IPAddr.new(network)
-        end
-      end
-
-      def human_readable_ipaddr(ipaddr)
-        ipaddr.to_range.to_s.split('..').uniq.join('/')
-      end
-  end
-end