/usr/lib/ruby/vendor_ruby/web_console/request.rb is in ruby-web-console 2.2.1-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | module WebConsole
# Web Console tailored request object.
class Request < ActionDispatch::Request
# While most of the servers will return blank content type if none given,
# Puma will return text/plain.
cattr_accessor :acceptable_content_types
@@acceptable_content_types = [Mime::HTML, Mime::TEXT, Mime::URL_ENCODED_FORM]
# Configurable set of whitelisted networks.
cattr_accessor :whitelisted_ips
@@whitelisted_ips = Whitelist.new
# Define a vendor MIME type. We can call it using Mime::WEB_CONSOLE_V2 constant.
Mime::Type.register 'application/vnd.web-console.v2', :web_console_v2
# Returns whether a request came from a whitelisted IP.
#
# For a request to hit Web Console features, it needs to come from a white
# listed IP.
def from_whitelited_ip?
whitelisted_ips.include?(strict_remote_ip)
end
# Determines the remote IP using our much stricter whitelist.
def strict_remote_ip
GetSecureIp.new(env, whitelisted_ips).to_s
end
# Returns whether the request is from an acceptable content type.
#
# We can render a console for HTML and TEXT by default. If a client didn't
# specified any content type and the server returned it as blank, we'll
# render it as well.
def acceptable_content_type?
content_type.blank? || content_type.in?(acceptable_content_types)
end
# Returns whether the request is acceptable.
def acceptable?
xhr? && accepts.any? { |mime| Mime::WEB_CONSOLE_V2 == mime }
end
class GetSecureIp < ActionDispatch::RemoteIp::GetIp
def initialize(env, proxies)
@env = env
@check_ip = true
@proxies = proxies
end
def filter_proxies(ips)
ips.reject do |ip|
@proxies.include?(ip)
end
end
end
end
end
|