Class: Rack::Webconsole::Repl

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/webconsole/repl.rb

Overview

Repl is a Rack middleware acting as a Ruby evaluator application.

In a nutshell, it evaluates a string in a Sandbox instance stored in an evil global variable. Then, to keep the state, it inspects the local variables and stores them in an instance variable for further retrieval.

Constant Summary collapse

@@request =
nil
@@token =
nil

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Repl

Honor the Rack contract by saving the passed Rack application in an ivar.


49
50
51
# File 'lib/rack/webconsole/repl.rb', line 49

def initialize(app)
  @app = app
end

Class Method Details

.requestRack::Request

Returns the original request for inspection purposes.


33
34
35
# File 'lib/rack/webconsole/repl.rb', line 33

def request
  @@request
end

.request=(request) ⇒ Object

Sets the original request for inspection purposes.


40
41
42
# File 'lib/rack/webconsole/repl.rb', line 40

def request=(request)
  @@request = request
end

.reset_tokenObject

Regenerates the token.


26
27
28
# File 'lib/rack/webconsole/repl.rb', line 26

def reset_token
  @@token = Digest::SHA1.hexdigest("#{rand(36**8)}#{Time.now}")[4..20]
end

.tokenString

Returns the autogenerated security token


21
22
23
# File 'lib/rack/webconsole/repl.rb', line 21

def token
  @@token
end

Instance Method Details

#call(env) ⇒ Array

Evaluates a string as Ruby code and returns the evaluated result as JSON.

It also stores the Sandbox state in a `$sandbox` global variable, with its local variables.


62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/rack/webconsole/repl.rb', line 62

def call(env)
  status, headers, response = @app.call(env)

  req = Rack::Request.new(env)
  params = req.params

  return [status, headers, response] unless check_legitimate(req)

  $sandbox ||= Sandbox.new
  hash = Shell.eval_query params['query']
  response_body = MultiJson.encode(hash)
  headers = {}
  headers['Content-Type'] = 'application/json'
  headers['Content-Length'] = response_body.bytesize.to_s
  [200, headers, [response_body]]
end