Class: Browsable::Middleware

Inherits:

Object

• Object
• Browsable::Middleware

Defined in:

lib/browsable/middleware.rb

Overview

The Rack middleware behind runtime-mode auditing.

Inserted by the RSpec / Minitest drivers (or manually in development), it observes each HTML response, identifies the controller#action that produced it, resolves the effective allow_browser policy for that endpoint, parses the response HTML for asset references, and records the whole tuple into the AuditLog. **No analysis happens here.**

The middleware refuses to initialize in ‘Rails.env.production?` — runtime auditing is strictly for development and test.

Constant Summary

SKIP_PREFIXES =

Paths under these prefixes are owned by Rails or Action Cable and never represent user-rendered HTML. Auditing them produces noise at best and false attributions at worst.

["/rails/", "/assets/", "/packs/", "/cable", "/__"].freeze

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app, audit_log: nil, asset_resolver: nil) ⇒ Middleware constructor

  A new instance of Middleware.

Constructor Details

#initialize(app, audit_log: nil, asset_resolver: nil) ⇒ Middleware

Returns a new instance of Middleware.

Raises:

• (Browsable::Error)

# File 'lib/browsable/middleware.rb', line 20

def initialize(app, audit_log: nil, asset_resolver: nil)
  raise Browsable::Error, "Browsable::Middleware refuses to run in production" if production?

  @app = app
  @audit_log = audit_log
  @asset_resolver = asset_resolver
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/browsable/middleware.rb', line 28

def call(env)
  status, headers, body = @app.call(env)
  return [status, headers, body] unless auditable?(env, status, headers)

  chunks = drain(body)
  record(env, status, headers, chunks)
  [status, headers, replay(chunks)]
end