Class: Rack::Webconsole::Repl

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/webconsole/repl.rb

Overview

Repl is a Rack middleware acting as a Ruby evaluator application.

In a nutshell, it evaluates a string in a Sandbox instance stored in an evil global variable. Then, to keep the state, it inspects the local variables and stores them in an instance variable for further retrieval.

Constant Summary collapse

@@request =
nil
@@token =
nil

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ Repl

Honor the Rack contract by saving the passed Rack application in an ivar.

Parameters:

  • app (Rack::Application)

    the previous Rack application in the middleware chain.



49
50
51
# File 'lib/rack/webconsole/repl.rb', line 49

def initialize(app)
  @app = app
end

Class Method Details

.requestRack::Request

Returns the original request for inspection purposes.

Returns:

  • (Rack::Request)

    the original request



33
34
35
# File 'lib/rack/webconsole/repl.rb', line 33

def request
  @@request
end

.request=(request) ⇒ Object

Sets the original request for inspection purposes.

Parameters:

  • the (Rack::Request)

    original request



40
41
42
# File 'lib/rack/webconsole/repl.rb', line 40

def request=(request)
  @@request = request
end

.reset_tokenObject

Regenerates the token.



26
27
28
# File 'lib/rack/webconsole/repl.rb', line 26

def reset_token
  @@token = Digest::SHA1.hexdigest("#{rand(36**8)}#{Time.now}")[4..20]
end

.tokenString

Returns the autogenerated security token

Returns:

  • (String)

    the autogenerated token



21
22
23
# File 'lib/rack/webconsole/repl.rb', line 21

def token
  @@token
end

Instance Method Details

#call(env) ⇒ Array

Evaluates a string as Ruby code and returns the evaluated result as JSON.

It also stores the Sandbox state in a ‘$sandbox` global variable, with its local variables.

Parameters:

  • env (Hash)

    the Rack request environment.

Returns:

  • (Array)

    a Rack response with status code 200, HTTP headers and the evaluated Ruby result.



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/rack/webconsole/repl.rb', line 62

def call(env)
  status, headers, response = @app.call(env)

  req = Rack::Request.new(env)
  params = req.params

  return [status, headers, response] unless check_legitimate(req)

  $sandbox ||= Sandbox.new
  hash = Shell.eval_query params['query']
  response_body = MultiJson.encode(hash)
  headers = {}
  headers['Content-Type'] = 'application/json'
  headers['Content-Length'] = response_body.bytesize.to_s
  [200, headers, [response_body]]
end