web_sandbox_console 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69751d9ed5eefe3885a9c45e9897858d69546627b6eb9898ab8b77fcea429027
-  data.tar.gz: 01a2f21f2aee4e4ec9cbdaadf79053b55b51abaeff142064c4e0865331f83d12
+  metadata.gz: 59bdbe60c0c4fa3569ef776901c06e5519cdd804fd905fe1c81e15cfd269157c
+  data.tar.gz: d71b8d16c04d900fb270f196d1e2bf89b71e77ca2620e48bfdc178158637e5a6
 SHA512:
-  metadata.gz: 5f9a54707f95d100575ec671f5c44c331761b98a6f89205cb7fedf0a7762be281d29051f34041f677fa3f4cb859090c9d341d6300f3a081d37d2ba05f4145aab
-  data.tar.gz: 49a29b84ba6790c2fa91fc6b6759d38b13647002f71247da0b72c5278e1356b925b6a79e824e1aba0094d92bda24e443aba5b8dc838057a131fb140e94c2deb9
+  metadata.gz: a8f4487e10e9796fbaefa3ee6d4f8b3112e493adf165d6cacaefa71a6975d436e849ce65ad97af3ba76ad5b3261787bcc15db205576a284120a0fae50f9ce74e
+  data.tar.gz: d5395e322921350c55bd3e936782cac340e6f772e075166c81860378c695e79a4711b91016d06590d58384dc812084feef4496a739f64c24acf560b017655343

data/README.md

@@ -50,11 +50,22 @@ WebSandboxConsole.setup do |config|
   # # 配置 黑名单 实例方法
   # config.instance_method_blacklist = {Kernel: %i(system exec `),File: %i(chmod chown)}
 
+  # 文件黑名单列表 （如果是目录 则目录下所有文件都不用）目录以 / 结尾
+  # 默认都是项目路径下的
+  # config.view_file_blacklist = %w(config/secrets.yml vendor/)
+
   # # 配置 日志路径 默认路径位于项目下
   # config.console_log_path = "log/web_sandbox_console.log"
 end
 ```
 
+## other
+查看目录或文件路径： `/web_sandbox_console/view_file`
+除了可以查询一些数据外，还可以查看项目路径下任何文件或目录，如果你输入的是一个目录，那么会查出此目录下的文件/目录；如果你输入的是文件，那么将查出文件的内容，默认查看文件的第一行 到 100行，当然你也可以指定你需要查找的行；
+
+如果一个文件特别大，超过10M,此时将查找文件的最后200行，指定行数将无效;当然也可在配置文件中，配置哪些文件不可查看，哪些目录不可以查看，如果指定的是目录，那么目录下的所有子文件或目录都无权查看.
+
+![Snip20200508_1.png](https://i.loli.net/2020/05/08/3N8Q7pnzroq9Byw.png)
 ## Contributing
 Contribution directions go here.
 

data/app/assets/stylesheets/web_sandbox_console/home.css

@@ -2,3 +2,22 @@
   Place all the styles related to the matching controller here.
   They will automatically be included in application.css.
 */
+
+
+.file_or_dir{
+  width: 500px;
+  height: 30px;
+}
+
+.h30{
+  height: 30px;
+}
+
+.view-file-button{
+  background: #272822;
+  height: 36px;
+  width: 132px;
+  font-size: 15px;
+  color: white;
+  cursor: pointer;
+}

data/app/controllers/web_sandbox_console/home_controller.rb

@@ -8,8 +8,17 @@ module WebSandboxConsole
     def index
     end
 
+    # 执行代码
     def eval_code
       @results = Sandbox.new(params[:code]).evalotor
     end
+
+    def view_file
+    end
+
+    # 查看文件
+    def do_view_file
+      @results = ViewFile.new(params).view
+    end
   end
 end

data/app/views/web_sandbox_console/home/do_view_file.js.erb

@@ -0,0 +1,5 @@
+$(".output-content").empty();
+$(".output-content").append('<p>============ 查找结果如下 ===============</p>');
+<% @results.each do |result| %>
+  $(".output-content").append('<pre><%= escape_javascript result %></pre>');
+<% end %>

data/app/views/web_sandbox_console/home/index.html.erb

@@ -1,4 +1,5 @@
 控制台 index
+<%= link_to '查看文件', web_sandbox_console.view_file_path %>
 
 <div class="console">
   <%= form_tag(web_sandbox_console.eval_code_path, remote: true, class: 'form')  do %>
@@ -6,7 +7,7 @@
     <input type="reset" value="重置" class='reset-button'>
     <%= submit_tag '提交', data: { disable_with: "已发送，处理中..." }, class: 'send-button' %>
   <% end %>
-
+  
 </div>
 
 <%= button_tag '清除输出', type: 'button', onclick: "$('.output-content').empty();", class: 'clear-button' %>

data/app/views/web_sandbox_console/home/view_file.html.erb

@@ -0,0 +1,25 @@
+# view_file
+<%= link_to '控制台', web_sandbox_console.root_path %>
+<div class="view_file">
+  <%= form_tag do_view_file_path, method: :post, remote: true do %>
+    <table>
+      <tr>
+        <td>文件/目录路径</td>
+        <td>
+          <%= text_field_tag :file_or_dir, nil, class: 'file_or_dir', placeholder: '请输入文件路径...'%>
+        </td>
+        <td>起始行数</td>
+        <td><%= text_field_tag :start_line_num, nil, class: 'h30', placeholder: '默认从第1行开始...' %></td>
+        <td>结束行数</td>
+        <td><%= text_field_tag :end_line_num, nil, class: 'h30', placeholder: '默认从第100行结束...' %></td>
+        <td><%= submit_tag '提交', data: { disable_with: "已发送，处理中..." }, class: 'view-file-button' %></td>
+    </table>
+  <% end %>
+</div>
+
+<div class="output-content">
+</div>
+
+<style type="text/css">
+  
+</style>

data/config/routes.rb

@@ -2,4 +2,6 @@ WebSandboxConsole::Engine.routes.draw do
   root "home#index"
 
   post :eval_code, to: "home#eval_code"
+  get :view_file, to: "home#view_file"
+  post :do_view_file, to: "home#do_view_file"
 end

data/lib/generators/web_sandbox_console/templates/web_sandbox_console.rb

@@ -16,6 +16,10 @@ WebSandboxConsole.setup do |config|
   # # 配置 黑名单 实例方法
   # config.instance_method_blacklist = {Kernel: %i(system exec `),File: %i(chmod chown)}
 
+  # 文件黑名单列表 （如果是目录 则目录下所有文件都不用）目录以 / 结尾
+  # 默认都是项目路径下的
+  # config.view_file_blacklist = %w(config/secrets.yml vendor/)
+
   # # 配置 日志路径 默认路径位于项目下
   # config.console_log_path = "log/web_sandbox_console.log"
 end

data/lib/web_sandbox_console.rb

@@ -1,8 +1,12 @@
+require 'fileutils'
 require "web_sandbox_console/engine"
+require "web_sandbox_console/sandbox_error"
 require "web_sandbox_console/configuration"
 require "web_sandbox_console/common.rb"
 require "web_sandbox_console/safe_ruby"
 require "web_sandbox_console/sandbox"
+require "web_sandbox_console/view_file_error"
+require "web_sandbox_console/view_file"
 
 
 module WebSandboxConsole

data/lib/web_sandbox_console/configuration.rb

@@ -9,6 +9,8 @@ module WebSandboxConsole
   mattr_accessor :class_method_blacklist
   # 实例方法 黑名单 hash
   mattr_accessor :instance_method_blacklist
+  # 文件列表 黑名单
+  mattr_accessor :view_file_blacklist
   # 日志路径
   mattr_accessor :console_log_path
   # 挂载 引擎路由位置
@@ -16,6 +18,7 @@ module WebSandboxConsole
 
   # 默认 引擎路由位置
   @@mount_engine_route_path = '/web_sandbox_console'
+
  
   # 内置 实例方法 黑名单
   INSTANT_METOD_BUILT_IN_BLACKLIST = {

data/lib/web_sandbox_console/safe_ruby.rb

@@ -52,13 +52,13 @@ module WebSandboxConsole
     # 将两个hash 内部数组也同时合并，并去重
     def merge_method_hash(hash1, hash2)
       # 格式统一
-      hash2.transform_keys!(&:to_sym).transform_values!{|val_arr| val_arr.map{|val| val.to_sym}}
+      hash2.transform_keys!(&:to_sym).transform_keys!(&:to_sym).transform_values!{|i| i.map(&:to_sym)}
       # 共有的key 
       common_keys = hash2.keys & hash1.keys
       # hash2 特有keys
       hash2_special_keys = hash2.keys - hash1.keys
       # 特有keys 直接合到 hash1
-      hash1.merge!(hash2.slice(hash2_special_keys))
+      hash1.merge!(hash2.slice(*hash2_special_keys))
       # 共用keys 数组去重
       common_keys.each do |key|
         hash1[key] = (hash1[key] | hash2[key]).uniq

data/lib/web_sandbox_console/sandbox.rb

@@ -1,16 +1,24 @@
 module WebSandboxConsole
   class Sandbox
-    attr_accessor :code
-    attr_accessor :uuid
+    attr_accessor :code           # 代码
+    attr_accessor :uuid           # 唯一标识
+    attr_accessor :exe_tmp_file   # 执行临时文件（由code 组成的运行代码）
 
     def initialize(code = nil)
-      @code   = escape_single_quote_mark(code)
-      @uuid   = SecureRandom.uuid
+      @code         = code
+      @uuid         = SecureRandom.uuid
+      @exe_tmp_file = "#{Rails.root}/tmp/sandbox/#{uuid}.rb"
     end
 
     def evalotor
-      `bundle exec rails runner '#{runner_code}'`
-      get_result
+      begin
+        check_syntax
+        write_exe_tmp_file
+        exec_rails_runner
+        get_result
+      rescue SandboxError => e
+        [e.message]
+      end
     end
 
     def runner_code
@@ -30,7 +38,54 @@ module WebSandboxConsole
         WebSandboxConsole.log_p(result, "#{self.uuid}")
       CODE
     end
+    
+    # 临时文件目录
+    def tmp_file_dir
+      File.dirname(self.exe_tmp_file)
+    end
+
+    # 添加临时文件目录
+    def add_tmp_file_dir
+      FileUtils.mkdir_p(tmp_file_dir)  unless File.directory?(tmp_file_dir)
+    end
+
+    # 临时文件 需要清理？
+    def tmp_file_need_clean?
+      Dir["#{tmp_file_dir}/*"].count > 6
+    end
+
+    # 自动删除临时文件
+    def auto_clean_tmp_file
+      FileUtils.rm_rf(Dir["#{tmp_file_dir}/*"]) if tmp_file_need_clean?
+    end
+
+    # 写入 执行临时文件
+    def write_exe_tmp_file
+      add_tmp_file_dir
+      auto_clean_tmp_file
+      File.open(self.exe_tmp_file, 'w'){|f| f << runner_code}
+    end
+
+    # 准备检查语法
+    def prepare_check_syntax
+      add_tmp_file_dir
+      File.open(self.exe_tmp_file, 'w'){|f| f << self.code}
+    end
+
+    # 检查 语法
+    def check_syntax
+      prepare_check_syntax
+      unless `ruby -c #{self.exe_tmp_file}`.include?('Syntax OK')
+        raise SandboxError, "存在语法错误"
+      end
+    end
+
+    # 运行rails runner
+    def exec_rails_runner
+      `bundle exec rails runner #{self.exe_tmp_file}`
+    end
 
+    # 获取 执行结果
     def get_result
       last_10_lines = `tail -n 10 #{WebSandboxConsole.log_path} | grep #{self.uuid}`
       
@@ -39,9 +94,5 @@ module WebSandboxConsole
       end.flatten
     end
 
-    # 转义单引号
-    def escape_single_quote_mark(code)
-      code.gsub(/'/,'"')
-    end
   end
 end

data/lib/web_sandbox_console/sandbox_error.rb

@@ -0,0 +1,4 @@
+module WebSandboxConsole
+  class SandboxError < StandardError
+  end
+end

data/lib/web_sandbox_console/version.rb

@@ -1,3 +1,3 @@
 module WebSandboxConsole
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/lib/web_sandbox_console/view_file.rb

@@ -0,0 +1,117 @@
+module WebSandboxConsole
+  class ViewFile
+    attr_accessor :file_or_dir     # 文件或目录
+    attr_accessor :start_line_num  # 起始行数
+    attr_accessor :end_line_num     # 结束行数
+
+    def initialize(opts = {})
+      @file_or_dir     = opts[:file_or_dir]
+      @start_line_num  = opts[:start_line_num].present? ? opts[:start_line_num].to_i : 1
+      @end_line_num    = opts[:end_line_num].present? ? opts[:end_line_num].to_i : 100
+    end
+
+    def view
+      begin
+        check_param
+        file_or_dir_exists
+        check_blacklist
+        view_file
+      rescue ViewFileError => e
+        [e.message]
+      end
+    end
+
+    # 检查参数
+    def check_param
+      raise ViewFileError, '文件或目录参数不能为空' if file_or_dir.blank?
+    end
+
+    # 转换成项目路径
+    def project_path(path)
+      "#{Rails.root}/#{path}"
+    end
+
+    # 绝对路径
+    def file_or_dir_path
+      "#{Rails.root}/#{file_or_dir}"
+    end
+
+    # 是否存在
+    def file_or_dir_exists
+      raise ViewFileError, '文件或目录不存在' unless File.exists?(file_or_dir_path)
+    end
+
+    # 是目录？
+    def is_directory?(path)
+      File.directory?(path)
+    end
+
+    # 目录下所有子文件 目录
+    def dir_all_sub_file_or_dir(current_dir)
+      Dir["#{current_dir}**/*"]
+    end
+
+    # 黑名单 包含自身 及其 子目录/文件
+    def blacklist_all_file_dir_arr
+      black_lists = WebSandboxConsole.view_file_blacklist
+      return [] if black_lists.blank?
+
+      result_arr = black_lists.inject([]) do |result_arr, black_item_path|
+        current_path = project_path(black_item_path)
+
+        if is_directory?(current_path)
+          result_arr.concat(dir_all_sub_file_or_dir(current_path))
+        else
+          result_arr
+        end
+      end
+      black_lists.map{|i| project_path(i)}.concat(result_arr)
+    end
+    
+    # 检查是否为黑名单 文件 / 目录
+    def check_blacklist
+      black_lists = blacklist_all_file_dir_arr
+      raise ViewFileError, '文件或目录无权限查看' if black_lists.include?(file_or_dir_path) || black_lists.include?(file_or_dir_path + '/')
+    end
+
+    # 目录下文件
+    def files_in_dir
+      Dir["#{file_or_dir_path}/*"].map do |path|
+        path += is_directory?(path) ? '(目录)' : '(文件）'
+        path[file_or_dir_path.length..-1]
+      end
+    end
+
+    # 是否为大文件
+    def is_big_file?
+      File.new(file_or_dir_path).size > 10.megabytes
+    end
+
+    # 查看文件/目录
+    def view_file
+      if is_directory?(file_or_dir_path)
+        files_in_dir
+      else
+        lines = is_big_file? ? tail_200_line : special_line_content
+        add_line_num(lines)
+      end
+    end
+
+    # 最后 200 行内容
+    def tail_200_line
+      (`tail -n 200 #{file_or_dir_path}`).split(/[\r,\r\n]/)
+    end
+
+    # 按指定行返回
+    def special_line_content
+      File.readlines(file_or_dir_path)[(start_line_num - 1)..(end_line_num - 1)]
+    end
+
+    # 添加行号
+    def add_line_num(lines)
+      start_num = is_big_file? ? 1 : start_line_num
+      lines.each_with_index.map{|line, index| "#{index + start_num}:  #{line}"}
+    end
+
+  end
+end

data/lib/web_sandbox_console/view_file_error.rb

@@ -0,0 +1,4 @@
+module WebSandboxConsole
+  class ViewFileError < StandardError
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: web_sandbox_console
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - dongmingyan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-24 00:00:00.000000000 Z
+date: 2020-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -62,8 +62,10 @@ files:
 - app/mailers/web_sandbox_console/application_mailer.rb
 - app/models/web_sandbox_console/application_record.rb
 - app/views/layouts/web_sandbox_console/application.html.erb
+- app/views/web_sandbox_console/home/do_view_file.js.erb
 - app/views/web_sandbox_console/home/eval_code.js.erb
 - app/views/web_sandbox_console/home/index.html.erb
+- app/views/web_sandbox_console/home/view_file.html.erb
 - config/routes.rb
 - lib/generators/web_sandbox_console/USAGE
 - lib/generators/web_sandbox_console/templates/web_sandbox_console.rb
@@ -75,7 +77,10 @@ files:
 - lib/web_sandbox_console/engine.rb
 - lib/web_sandbox_console/safe_ruby.rb
 - lib/web_sandbox_console/sandbox.rb
+- lib/web_sandbox_console/sandbox_error.rb
 - lib/web_sandbox_console/version.rb
+- lib/web_sandbox_console/view_file.rb
+- lib/web_sandbox_console/view_file_error.rb
 homepage: https://github.com/dongmy54/web_sandbox_console
 licenses:
 - MIT