Class: Bullet::Rack
Constant Summary
collapse
- NONCE_MATCHER =
/(script|style)-src .*'nonce-(?<nonce>[A-Za-z0-9+\/]+={0,2})'/
Instance Method Summary
collapse
Methods included from Dependency
#active_record40?, #active_record41?, #active_record42?, #active_record4?, #active_record50?, #active_record51?, #active_record52?, #active_record5?, #active_record60?, #active_record61?, #active_record6?, #active_record70?, #active_record71?, #active_record72?, #active_record7?, #active_record80?, #active_record8?, #active_record?, #active_record_version, #mongoid4x?, #mongoid5x?, #mongoid6x?, #mongoid7x?, #mongoid8x?, #mongoid9x?, #mongoid?, #mongoid_version
Constructor Details
#initialize(app) ⇒ Rack
Returns a new instance of Rack.
13
14
15
|
# File 'lib/bullet/rack.rb', line 13
def initialize(app)
@app = app
end
|
Instance Method Details
#append_to_html_body(response_body, content) ⇒ Object
62
63
64
65
66
67
68
69
70
71
|
# File 'lib/bullet/rack.rb', line 62
def append_to_html_body(response_body, content)
body = response_body.dup
content = content.html_safe if content.respond_to?(:html_safe)
if body.include?('</body>')
position = body.rindex('</body>')
body.insert(position, content)
else
body << content
end
end
|
#call(env) ⇒ Object
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# File 'lib/bullet/rack.rb', line 17
def call(env)
return @app.call(env) unless Bullet.enable?
Bullet.start_request
status, , response = @app.call(env)
response_body = nil
if Bullet.notification? || Bullet.always_append_html_body
request = ::Rack::Request.new(env)
if Bullet.inject_into_page? && !skip_html_injection?(request) && !file?() && !sse?() && !empty?(response) && status == 200
if html_request?(, response)
response_body = response_body(response)
with_security_policy_nonce() do |nonce|
response_body = append_to_html_body(response_body, (nonce)) if Bullet.
response_body = append_to_html_body(response_body, Bullet.gather_inline_notifications)
if Bullet. && !Bullet.
response_body = append_to_html_body(response_body, xhr_script(nonce))
end
end
['Content-Length'] = response_body.bytesize.to_s
elsif !Bullet.
(, 'X-bullet-footer-text', Bullet..uniq) if Bullet.
(, 'X-bullet-console-text', Bullet.text_notifications) if Bullet.console_enabled?
end
end
Bullet.perform_out_of_channel_notifications(env)
end
[status, , response_body ? [response_body] : response]
ensure
Bullet.end_request
end
|
#empty?(response) ⇒ Boolean
fix issue if response’s body is a Proc
53
54
55
56
57
58
59
60
|
# File 'lib/bullet/rack.rb', line 53
def empty?(response)
return true if !response.respond_to?(:body) && !response.respond_to?(:first)
body = response_body(response)
body.nil? || body.empty?
end
|
#file?(headers) ⇒ Boolean
117
118
119
|
# File 'lib/bullet/rack.rb', line 117
def file?()
['Content-Transfer-Encoding'] == 'binary' || ['Content-Disposition']
end
|
73
74
75
|
# File 'lib/bullet/rack.rb', line 73
def (nonce = nil)
%(<details id="bullet-footer" data-is-bullet-footer><summary>Bullet Warnings</summary><div>#{Bullet..uniq.join('<br>')}#{(nonce)}</div>#{(nonce)}</details>)
end
|
Make footer styles work with ContentSecurityPolicy style-src as self
78
79
80
81
82
83
84
85
86
87
88
89
|
# File 'lib/bullet/rack.rb', line 78
def (nonce = nil)
css = <<~CSS
details#bullet-footer {cursor: pointer; position: fixed; left: 0px; bottom: 0px; z-index: 9999; background: #fdf2f2; color: #9b1c1c; font-size: 12px; border-radius: 0px 8px 0px 0px; border: 1px solid #9b1c1c;}
details#bullet-footer summary {font-weight: 600; padding: 2px 8px;}
details#bullet-footer div {padding: 8px; border-top: 1px solid #9b1c1c;}
CSS
if nonce
%(<style type="text/css" nonce="#{nonce}">#{css}</style>)
else
%(<style type="text/css">#{css}</style>)
end
end
|
#html_request?(headers, response) ⇒ Boolean
125
126
127
|
# File 'lib/bullet/rack.rb', line 125
def html_request?(, response)
['Content-Type']&.include?('text/html')
end
|
#response_body(response) ⇒ Object
129
130
131
132
133
134
135
|
# File 'lib/bullet/rack.rb', line 129
def response_body(response)
if response.respond_to?(:body)
Array === response.body ? response.body.first : response.body
elsif response.respond_to?(:first)
response.first
end
end
|
91
92
93
94
95
96
97
|
# File 'lib/bullet/rack.rb', line 91
def (, , )
.pop while JSON.generate().length > 8 * 1024
[] = JSON.generate()
end
|
#simple_parse_query_string(query_string) ⇒ Object
Simple query string parser
108
109
110
111
112
113
114
115
|
# File 'lib/bullet/rack.rb', line 108
def simple_parse_query_string(query_string)
params = {}
query_string.split('&').each do |pair|
key, value = pair.split('=', 2).map { |s| CGI.unescape(s) }
params[key] = value if key && !key.empty?
end
params
end
|
#skip_html_injection?(request) ⇒ Boolean
99
100
101
102
103
104
105
|
# File 'lib/bullet/rack.rb', line 99
def skip_html_injection?(request)
query_string = request.env['QUERY_STRING']
return false if query_string.nil? || query_string.empty?
params = simple_parse_query_string(query_string)
params['skip_html_injection'] == 'true'
end
|
#sse?(headers) ⇒ Boolean
121
122
123
|
# File 'lib/bullet/rack.rb', line 121
def sse?()
['Content-Type'] == 'text/event-stream'
end
|