Class: Rack::Webconsole::Repl

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/webconsole/repl.rb

Overview

Repl is a Rack middleware acting as a Ruby evaluator application.

In a nutshell, it evaluates a string in a Sandbox instance stored in an evil global variable. Then, to keep the state, it inspects the local variables and stores them in an instance variable for further retrieval.

Constant Summary

@@request =
nil
@@token =
nil

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Repl

Honor the Rack contract by saving the passed Rack application in an ivar.

Parameters:

  • app (Rack::Application)

    the previous Rack application in the middleware chain.



49
50
51
# File 'lib/rack/webconsole/repl.rb', line 49

def initialize(app)
  @app = app
end

Class Method Details

.requestRack::Request

Returns the original request for inspection purposes.

Returns:

  • (Rack::Request)

    the original request



33
34
35
# File 'lib/rack/webconsole/repl.rb', line 33

def request
  @@request
end

.request=(request) ⇒ Object

Sets the original request for inspection purposes.

Parameters:

  • the (Rack::Request)

    original request



40
41
42
# File 'lib/rack/webconsole/repl.rb', line 40

def request=(request)
  @@request = request
end

.reset_tokenObject

Regenerates the token.



26
27
28
# File 'lib/rack/webconsole/repl.rb', line 26

def reset_token
  @@token = Digest::SHA1.hexdigest("#{rand(36**8)}#{Time.now}")[4..20]
end

.tokenString

Returns the autogenerated security token

Returns:

  • (String)

    the autogenerated token



21
22
23
# File 'lib/rack/webconsole/repl.rb', line 21

def token
  @@token
end

Instance Method Details

#call(env) ⇒ Array

Evaluates a string as Ruby code and returns the evaluated result as JSON.

It also stores the Sandbox state in a `$sandbox` global variable, with its local variables.

Parameters:

  • env (Hash)

    the Rack request environment.

Returns:

  • (Array)

    a Rack response with status code 200, HTTP headers and the evaluated Ruby result.



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/rack/webconsole/repl.rb', line 62

def call(env)
  status, headers, response = @app.call(env)

  req = Rack::Request.new(env)
  params = req.params

  return [status, headers, response] unless check_legitimate(req)

  $sandbox ||= Sandbox.new
  hash = Shell.eval_query params['query']
  response_body = MultiJson.encode(hash)
  headers = {}
  headers['Content-Type'] = 'application/json'
  headers['Content-Length'] = response_body.bytesize.to_s
  [200, headers, [response_body]]
end