#!/bin/bash # delete_test.sh - Test script for DELETE / endpoint # This script tests the blob deletion functionality BASE_URL="http://localhost:9001" NOSTR_PRIVKEY="0000000000000000000000000000000000000000000000000000000000000001" NOSTR_PUBKEY="79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798" # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color echo "=== Ginxsom Delete Blob Tests ===" echo # Function to generate a Nostr event for delete authorization generate_delete_auth() { local sha256="$1" local content="$2" local created_at=$(date +%s) local expiration=$((created_at + 3600)) # 1 hour from now # Note: This is a placeholder - in real implementation, you'd use nostr tools # to generate properly signed events. For now, we'll create the structure. cat << EOF { "id": "placeholder_id", "pubkey": "$NOSTR_PUBKEY", "kind": 24242, "content": "$content", "created_at": $created_at, "tags": [ ["t", "delete"], ["x", "$sha256"], ["expiration", "$expiration"] ], "sig": "placeholder_signature" } EOF } # Test 1: Delete without authorization (should fail) echo -e "${YELLOW}Test 1: DELETE without authorization${NC}" RESPONSE=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X DELETE "$BASE_URL/708d0e8226ec17b0585417c0ec9352ce5f52c3820c904b7066fe20b00f2d9cfe") HTTP_STATUS=$(echo "$RESPONSE" | grep "HTTP_STATUS" | cut -d: -f2) BODY=$(echo "$RESPONSE" | sed '/HTTP_STATUS/d') if [ "$HTTP_STATUS" = "401" ]; then echo -e "${GREEN}✓ Correctly rejected unauthorized delete (401)${NC}" else echo -e "${RED}✗ Expected 401, got $HTTP_STATUS${NC}" fi echo "Response: $BODY" echo # Test 2: Delete with invalid authorization echo -e "${YELLOW}Test 2: DELETE with invalid authorization${NC}" INVALID_AUTH=$(echo '{"invalid": "event"}' | base64 -w 0) RESPONSE=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X DELETE \ -H "Authorization: Nostr $INVALID_AUTH" \ "$BASE_URL/708d0e8226ec17b0585417c0ec9352ce5f52c3820c904b7066fe20b00f2d9cfe") HTTP_STATUS=$(echo "$RESPONSE" | grep "HTTP_STATUS" | cut -d: -f2) BODY=$(echo "$RESPONSE" | sed '/HTTP_STATUS/d') if [ "$HTTP_STATUS" = "401" ]; then echo -e "${GREEN}✓ Correctly rejected invalid authorization (401)${NC}" else echo -e "${RED}✗ Expected 401, got $HTTP_STATUS${NC}" fi echo "Response: $BODY" echo # Test 3: Delete non-existent blob echo -e "${YELLOW}Test 3: DELETE non-existent blob${NC}" NONEXISTENT_HASH="1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" DELETE_AUTH=$(generate_delete_auth "$NONEXISTENT_HASH" "Delete non-existent") AUTH_B64=$(echo "$DELETE_AUTH" | base64 -w 0) RESPONSE=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X DELETE \ -H "Authorization: Nostr $AUTH_B64" \ "$BASE_URL/$NONEXISTENT_HASH") HTTP_STATUS=$(echo "$RESPONSE" | grep "HTTP_STATUS" | cut -d: -f2) BODY=$(echo "$RESPONSE" | sed '/HTTP_STATUS/d') if [ "$HTTP_STATUS" = "404" ]; then echo -e "${GREEN}✓ Correctly returned 404 for non-existent blob${NC}" else echo -e "${RED}✗ Expected 404, got $HTTP_STATUS${NC}" fi echo "Response: $BODY" echo # Test 4: Delete with wrong pubkey (ownership check) echo -e "${YELLOW}Test 4: DELETE with wrong pubkey (ownership test)${NC}" TEST_HASH="708d0e8226ec17b0585417c0ec9352ce5f52c3820c904b7066fe20b00f2d9cfe" DELETE_AUTH=$(generate_delete_auth "$TEST_HASH" "Delete with wrong pubkey") AUTH_B64=$(echo "$DELETE_AUTH" | base64 -w 0) RESPONSE=$(curl -s -w "\nHTTP_STATUS:%{http_code}" -X DELETE \ -H "Authorization: Nostr $AUTH_B64" \ "$BASE_URL/$TEST_HASH") HTTP_STATUS=$(echo "$RESPONSE" | grep "HTTP_STATUS" | cut -d: -f2) BODY=$(echo "$RESPONSE" | sed '/HTTP_STATUS/d') echo "HTTP Status: $HTTP_STATUS" echo "Response: $BODY" echo # Test 5: Valid delete (if implemented and authorized) echo -e "${YELLOW}Test 5: Valid DELETE request${NC}" echo "Note: This test requires a blob uploaded by the test pubkey" echo "and proper Nostr event signing (not implemented in this test script)" echo echo "=== Delete Tests Complete ===" echo echo "Note: These tests use placeholder Nostr events." echo "For real testing, use proper Nostr signing tools to generate valid events."