Reupload

2025-10-09 10:40:46 -04:00
parent 22f6224008
commit 25a871bb31
12 changed files with 655 additions and 85 deletions
--- a/tests/auth_test_tmp/test_upload.txt
+++ b/tests/auth_test_tmp/test_upload.txt
@@ -0,0 +1 @@
+test data for upload
--- a/tests/cors_test.sh
+++ b/tests/cors_test.sh
@@ -0,0 +1,194 @@
+#!/bin/bash
+
+# CORS Test Suite for Ginxsom Blossom Server
+# Tests all endpoints for both HTTP and HTTPS protocols
+# Validates presence of required CORS headers per BUD-01 specification
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Test configuration
+HTTP_BASE="http://localhost:9001"
+HTTPS_BASE="https://localhost:9443"
+SAMPLE_SHA256="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"  # empty string hash
+SAMPLE_PUBKEY="0000000000000000000000000000000000000000000000000000000000000001"
+
+# Required CORS headers for BUD-01 compliance
+REQUIRED_HEADERS=(
+    "Access-Control-Allow-Origin"
+    "Access-Control-Allow-Methods" 
+    "Access-Control-Allow-Headers"
+    "Access-Control-Max-Age"
+)
+
+# Test counters
+TOTAL_TESTS=0
+PASSED_TESTS=0
+FAILED_TESTS=0
+
+echo -e "${BLUE}===========================================${NC}"
+echo -e "${BLUE}    GINXSOM CORS TEST SUITE (BUD-01)     ${NC}"
+echo -e "${BLUE}===========================================${NC}"
+echo ""
+
+# Function to check CORS headers
+check_cors_headers() {
+    local endpoint="$1"
+    local method="$2"
+    local protocol="$3"
+    local extra_args="$4"
+    
+    TOTAL_TESTS=$((TOTAL_TESTS + 1))
+    
+    echo -e "${YELLOW}Testing:${NC} $method $endpoint ($protocol)"
+    
+    # Make request and capture headers
+    if [ "$protocol" = "HTTPS" ]; then
+        headers=$(curl -k -s -I -X "$method" $extra_args "$endpoint" 2>/dev/null || echo "CURL_FAILED")
+    else
+        headers=$(curl -s -I -X "$method" $extra_args "$endpoint" 2>/dev/null || echo "CURL_FAILED")
+    fi
+    
+    if [ "$headers" = "CURL_FAILED" ]; then
+        echo -e "  ${RED}✗ FAIL:${NC} Could not connect to $endpoint"
+        FAILED_TESTS=$((FAILED_TESTS + 1))
+        return 1
+    fi
+    
+    # Check HTTP response is valid
+    if ! echo "$headers" | grep -q "HTTP/"; then
+        echo -e "  ${RED}✗ FAIL:${NC} Invalid HTTP response"
+        FAILED_TESTS=$((FAILED_TESTS + 1))
+        return 1
+    fi
+    
+    local all_headers_present=true
+    local missing_headers=()
+    
+    # Check each required header
+    for header in "${REQUIRED_HEADERS[@]}"; do
+        if ! echo "$headers" | grep -qi "^$header:"; then
+            all_headers_present=false
+            missing_headers+=("$header")
+        fi
+    done
+    
+    if [ "$all_headers_present" = true ]; then
+        echo -e "  ${GREEN}✓ PASS:${NC} All CORS headers present"
+        
+        # Verify specific header values
+        local origin_header=$(echo "$headers" | grep -i "Access-Control-Allow-Origin:" | head -1 | sed 's/.*: *//')
+        if [[ "$origin_header" == *"*"* ]]; then
+            echo -e "    ${GREEN}✓${NC} Access-Control-Allow-Origin: $origin_header"
+        else
+            echo -e "    ${RED}✗${NC} Access-Control-Allow-Origin should be '*', got: $origin_header"
+            all_headers_present=false
+        fi
+        
+        # Check for duplicate headers (common CORS issue)
+        local origin_count=$(echo "$headers" | grep -ci "Access-Control-Allow-Origin:" || echo "0")
+        if [ "$origin_count" -gt 1 ]; then
+            echo -e "    ${RED}✗${NC} WARNING: Multiple Access-Control-Allow-Origin headers detected ($origin_count)"
+            all_headers_present=false
+        fi
+        
+        PASSED_TESTS=$((PASSED_TESTS + 1))
+    else
+        echo -e "  ${RED}✗ FAIL:${NC} Missing CORS headers: ${missing_headers[*]}"
+        FAILED_TESTS=$((FAILED_TESTS + 1))
+    fi
+    
+    echo ""
+    return 0
+}
+
+# Test endpoints for both HTTP and HTTPS
+test_endpoint() {
+    local path="$1"
+    local method="$2"
+    local extra_args="$3"
+    
+    # Test HTTP
+    check_cors_headers "$HTTP_BASE$path" "$method" "HTTP" "$extra_args"
+    
+    # Test HTTPS  
+    check_cors_headers "$HTTPS_BASE$path" "$method" "HTTPS" "$extra_args"
+}
+
+echo -e "${BLUE}=== TESTING CORE BLOSSOM ENDPOINTS ===${NC}"
+echo ""
+
+# 1. OPTIONS preflight tests (most critical for CORS)
+echo -e "${YELLOW}--- OPTIONS Preflight Requests ---${NC}"
+test_endpoint "/" "OPTIONS"
+test_endpoint "/upload" "OPTIONS" 
+test_endpoint "/auth" "OPTIONS"
+test_endpoint "/health" "OPTIONS"
+test_endpoint "/mirror" "OPTIONS"
+test_endpoint "/report" "OPTIONS"
+test_endpoint "/$SAMPLE_SHA256" "OPTIONS"
+test_endpoint "/list/$SAMPLE_PUBKEY" "OPTIONS"
+test_endpoint "/api/config" "OPTIONS"
+
+# 2. GET requests
+echo -e "${YELLOW}--- GET Requests ---${NC}"
+test_endpoint "/" "GET"
+test_endpoint "/health" "GET" 
+test_endpoint "/auth" "GET"
+test_endpoint "/$SAMPLE_SHA256" "GET"
+test_endpoint "/list/$SAMPLE_PUBKEY" "GET"
+test_endpoint "/api/config" "GET"
+
+# 3. HEAD requests
+echo -e "${YELLOW}--- HEAD Requests ---${NC}"
+test_endpoint "/" "HEAD"
+test_endpoint "/health" "HEAD"
+test_endpoint "/$SAMPLE_SHA256" "HEAD"
+test_endpoint "/upload" "HEAD"
+
+# 4. PUT requests (will likely fail with 400/401 but should still have CORS)
+echo -e "${YELLOW}--- PUT Requests (CORS on Errors) ---${NC}"
+test_endpoint "/upload" "PUT" "-H 'Content-Type: text/plain'"
+test_endpoint "/mirror" "PUT" "-H 'Content-Type: application/json'"
+test_endpoint "/report" "PUT" "-H 'Content-Type: application/json'"
+test_endpoint "/api/config" "PUT" "-H 'Content-Type: application/json'"
+
+# 5. DELETE requests
+echo -e "${YELLOW}--- DELETE Requests ---${NC}" 
+test_endpoint "/$SAMPLE_SHA256" "DELETE"
+
+# 6. Edge cases and variations
+echo -e "${YELLOW}--- Edge Cases ---${NC}"
+test_endpoint "/nonexistent" "GET"
+test_endpoint "/$SAMPLE_SHA256.txt" "GET" 
+test_endpoint "/$SAMPLE_SHA256.jpg" "GET"
+test_endpoint "/list/invalid_pubkey" "GET"
+
+echo -e "${BLUE}===========================================${NC}"
+echo -e "${BLUE}           TEST RESULTS SUMMARY           ${NC}"
+echo -e "${BLUE}===========================================${NC}"
+echo ""
+echo -e "Total Tests: $TOTAL_TESTS"
+echo -e "${GREEN}Passed: $PASSED_TESTS${NC}"
+echo -e "${RED}Failed: $FAILED_TESTS${NC}"
+echo ""
+
+if [ $FAILED_TESTS -eq 0 ]; then
+    echo -e "${GREEN}🎉 ALL TESTS PASSED! 🎉${NC}"
+    echo -e "${GREEN}✅ CORS implementation is BUD-01 compliant${NC}"
+    echo -e "${GREEN}✅ All endpoints support cross-origin requests${NC}"
+    echo -e "${GREEN}✅ No duplicate header issues detected${NC}"
+    echo ""
+    exit 0
+else
+    echo -e "${RED}❌ TESTS FAILED! ❌${NC}"
+    echo -e "${RED}⚠️  CORS implementation needs fixes${NC}"
+    echo ""
+    exit 1
+fi