266 lines
8.4 KiB
Bash
Executable File
266 lines
8.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Working Authentication System Test Suite
|
|
# Tests the unified nostr_core_lib authentication system integrated into ginxsom
|
|
|
|
# Configuration
|
|
SERVER_URL="http://localhost:9001"
|
|
UPLOAD_ENDPOINT="${SERVER_URL}/upload"
|
|
LIST_ENDPOINT="${SERVER_URL}/list"
|
|
DELETE_ENDPOINT="${SERVER_URL}/delete"
|
|
DB_PATH="db/ginxsom.db"
|
|
TEST_DIR="tests/auth_test_tmp"
|
|
|
|
# Test keys for different scenarios
|
|
TEST_ADMIN_PRIVKEY="993bf9c54fc00bd32a5a1ce64b6d384a5fce109df1e9aee9be1052c1e5cd8120"
|
|
TEST_ADMIN_PUBKEY="2ef05348f28d24e0f0ed0751278442c27b62c823c37af8d8d89d8592c6ee84e7"
|
|
|
|
TEST_USER1_PRIVKEY="5c0c523f52a5b6fad39ed2403092df8cebc36318b39383bca6c00808626fab3a"
|
|
TEST_USER1_PUBKEY="79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"
|
|
|
|
TEST_USER2_PRIVKEY="182c3a5e3b7a1b7e4f5c6b7c8b4a5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"
|
|
TEST_USER2_PUBKEY="c95195e5e7de1ad8c4d3c0ac4e8b5c0c4e0c4d3c1e5c8d4c2e7e9f4a5b6c7d8e"
|
|
|
|
# Test counters
|
|
TESTS_PASSED=0
|
|
TESTS_FAILED=0
|
|
TESTS_TOTAL=0
|
|
|
|
echo "=== Ginxsom Authentication System Test Suite ==="
|
|
echo "Testing unified nostr_core_lib authentication integration"
|
|
echo "Timestamp: $(date -Iseconds)"
|
|
echo
|
|
|
|
# Helper functions
|
|
test_pass() {
|
|
local test_name="$1"
|
|
((TESTS_PASSED++))
|
|
((TESTS_TOTAL++))
|
|
echo "✓ $test_name"
|
|
}
|
|
|
|
test_fail() {
|
|
local test_name="$1"
|
|
local reason="$2"
|
|
((TESTS_FAILED++))
|
|
((TESTS_TOTAL++))
|
|
echo "✗ $test_name: $reason"
|
|
}
|
|
|
|
# Check prerequisites
|
|
echo "[INFO] Checking prerequisites..."
|
|
for cmd in nak curl jq sqlite3; do
|
|
if ! command -v $cmd &> /dev/null; then
|
|
echo "[ERROR] $cmd command not found"
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
# Check if server is running
|
|
if ! curl -s -f "${SERVER_URL}/" > /dev/null 2>&1; then
|
|
echo "[ERROR] Server not running at $SERVER_URL"
|
|
echo "[INFO] Start with: ./restart-all.sh"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if database exists
|
|
if [[ ! -f "$DB_PATH" ]]; then
|
|
echo "[ERROR] Database not found at $DB_PATH"
|
|
exit 1
|
|
fi
|
|
|
|
echo "[SUCCESS] All prerequisites met"
|
|
|
|
# Setup test environment
|
|
echo "[INFO] Setting up test environment..."
|
|
mkdir -p "$TEST_DIR"
|
|
|
|
# Enable authentication rules in database
|
|
sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
|
|
|
|
# Clear any existing test rules
|
|
sqlite3 "$DB_PATH" "DELETE FROM auth_rules WHERE description LIKE 'TEST_%' ESCAPE '\';" 2>/dev/null || true
|
|
sqlite3 "$DB_PATH" "DELETE FROM auth_cache;" 2>/dev/null || true
|
|
|
|
echo "[SUCCESS] Test environment ready"
|
|
|
|
# Generate test file
|
|
create_test_file() {
|
|
local filename="$1"
|
|
local size="${2:-1024}"
|
|
local filepath="$TEST_DIR/$filename"
|
|
|
|
if [[ $size -lt 100 ]]; then
|
|
echo "Small test file $(date)" > "$filepath"
|
|
else
|
|
echo "Test file: $filename" > "$filepath"
|
|
echo "Created: $(date -Iseconds)" >> "$filepath"
|
|
echo "Size target: $size bytes" >> "$filepath"
|
|
dd if=/dev/urandom bs=1 count=$((size - 200)) 2>/dev/null | base64 >> "$filepath"
|
|
fi
|
|
|
|
echo "$filepath"
|
|
}
|
|
|
|
# Generate nostr event for authentication
|
|
create_auth_event() {
|
|
local privkey="$1"
|
|
local operation="$2"
|
|
local hash="$3"
|
|
local expiration_offset="${4:-3600}" # 1 hour default
|
|
|
|
local expiration=$(date -d "+${expiration_offset} seconds" +%s)
|
|
|
|
local event_args=(-k 24242 -c "" --tag "t=$operation" --tag "expiration=$expiration" --sec "$privkey")
|
|
|
|
if [[ -n "$hash" ]]; then
|
|
event_args+=(--tag "x=$hash")
|
|
fi
|
|
|
|
nak event "${event_args[@]}"
|
|
}
|
|
|
|
# Test authenticated upload
|
|
test_authenticated_upload() {
|
|
local privkey="$1"
|
|
local operation="$2"
|
|
local file_path="$3"
|
|
local expected_status="$4"
|
|
local test_description="$5"
|
|
|
|
echo "[TEST] $test_description"
|
|
|
|
local file_hash=$(sha256sum "$file_path" | cut -d' ' -f1)
|
|
local event=$(create_auth_event "$privkey" "$operation" "$file_hash")
|
|
local auth_header="Nostr $(echo "$event" | base64 -w 0)"
|
|
|
|
local mime_type=$(file -b --mime-type "$file_path" 2>/dev/null || echo "application/octet-stream")
|
|
|
|
local response_file=$(mktemp)
|
|
local http_status=$(curl -s -w "%{http_code}" \
|
|
-H "Authorization: $auth_header" \
|
|
-H "Content-Type: $mime_type" \
|
|
--data-binary "@$file_path" \
|
|
-X PUT "$UPLOAD_ENDPOINT" \
|
|
-o "$response_file")
|
|
|
|
local response_body=$(cat "$response_file")
|
|
rm -f "$response_file"
|
|
|
|
if [[ "$http_status" == "$expected_status" ]]; then
|
|
test_pass "$test_description (HTTP $http_status)"
|
|
return 0
|
|
else
|
|
test_fail "$test_description" "Expected HTTP $expected_status, got $http_status. Response: $response_body"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Add auth rule to database
|
|
add_auth_rule() {
|
|
local rule_type="$1"
|
|
local target="$2"
|
|
local operation="${3:-*}"
|
|
local priority="${4:-100}"
|
|
local description="${5:-TEST_RULE}"
|
|
|
|
sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
|
|
VALUES ('$rule_type', '$target', '$operation', $priority, 1, '$description');"
|
|
}
|
|
|
|
# Clear test rules
|
|
clear_auth_rules() {
|
|
sqlite3 "$DB_PATH" "DELETE FROM auth_rules WHERE description LIKE 'TEST_%' ESCAPE '\';" 2>/dev/null || true
|
|
sqlite3 "$DB_PATH" "DELETE FROM auth_cache;" 2>/dev/null || true
|
|
}
|
|
|
|
echo
|
|
echo "=== Test 1: Basic Authentication (Disabled) ==="
|
|
|
|
# Disable auth rules temporarily
|
|
sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'false');"
|
|
|
|
test_file1=$(create_test_file "basic_test.txt" 500)
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file1" "200" "Upload without auth rules (disabled)"
|
|
|
|
# Re-enable auth rules for other tests
|
|
sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
|
|
|
|
echo
|
|
echo "=== Test 2: Pubkey Whitelist Rules ==="
|
|
|
|
clear_auth_rules
|
|
add_auth_rule "pubkey_whitelist" "$TEST_USER1_PUBKEY" "upload" 10 "TEST_WHITELIST_USER1"
|
|
|
|
test_file2=$(create_test_file "whitelist_test.txt" 500)
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file2" "200" "Whitelisted user upload"
|
|
test_authenticated_upload "$TEST_USER2_PRIVKEY" "upload" "$test_file2" "403" "Non-whitelisted user upload"
|
|
|
|
echo
|
|
echo "=== Test 3: Pubkey Blacklist Rules ==="
|
|
|
|
clear_auth_rules
|
|
add_auth_rule "pubkey_blacklist" "$TEST_USER2_PUBKEY" "upload" 5 "TEST_BLACKLIST_USER2"
|
|
|
|
test_file3=$(create_test_file "blacklist_test.txt" 500)
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file3" "200" "Non-blacklisted user upload"
|
|
test_authenticated_upload "$TEST_USER2_PRIVKEY" "upload" "$test_file3" "403" "Blacklisted user upload"
|
|
|
|
echo
|
|
echo "=== Test 4: Hash Blacklist Rules ==="
|
|
|
|
clear_auth_rules
|
|
test_file4=$(create_test_file "hash_blacklist_test.txt" 500)
|
|
file_hash4=$(sha256sum "$test_file4" | cut -d' ' -f1)
|
|
|
|
# Add hash to blacklist
|
|
add_auth_rule "hash_blacklist" "$file_hash4" "upload" 5 "TEST_HASH_BLACKLIST"
|
|
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file4" "403" "Blacklisted hash upload"
|
|
|
|
# Upload of different hash should succeed
|
|
test_file4b=$(create_test_file "hash_allowed_test.txt" 600)
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file4b" "200" "Non-blacklisted hash upload"
|
|
|
|
echo
|
|
echo "=== Test 5: Rule Priority Ordering ==="
|
|
|
|
clear_auth_rules
|
|
|
|
# Add conflicting rules with different priorities
|
|
add_auth_rule "pubkey_blacklist" "$TEST_USER1_PUBKEY" "upload" 5 "TEST_PRIORITY_BLACKLIST" # Higher priority (lower number)
|
|
add_auth_rule "pubkey_whitelist" "$TEST_USER1_PUBKEY" "upload" 10 "TEST_PRIORITY_WHITELIST" # Lower priority
|
|
|
|
test_file5=$(create_test_file "priority_test.txt" 500)
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file5" "403" "Priority test (blacklist > whitelist)"
|
|
|
|
# Reverse priorities
|
|
clear_auth_rules
|
|
add_auth_rule "pubkey_whitelist" "$TEST_USER1_PUBKEY" "upload" 5 "TEST_PRIORITY_WHITELIST_HIGH"
|
|
add_auth_rule "pubkey_blacklist" "$TEST_USER1_PUBKEY" "upload" 10 "TEST_PRIORITY_BLACKLIST_LOW"
|
|
|
|
test_authenticated_upload "$TEST_USER1_PRIVKEY" "upload" "$test_file5" "200" "Priority test (whitelist > blacklist)"
|
|
|
|
echo
|
|
echo "=== Cleanup ==="
|
|
|
|
# Remove temporary files
|
|
rm -rf "$TEST_DIR"
|
|
|
|
# Clean up test auth rules
|
|
clear_auth_rules
|
|
|
|
echo
|
|
echo "=== Test Results Summary ==="
|
|
echo "Tests Passed: $TESTS_PASSED"
|
|
echo "Tests Failed: $TESTS_FAILED"
|
|
echo "Total Tests: $TESTS_TOTAL"
|
|
echo
|
|
|
|
if [[ $TESTS_FAILED -eq 0 ]]; then
|
|
echo "[SUCCESS] All tests passed! ✓"
|
|
exit 0
|
|
else
|
|
echo "[ERROR] $TESTS_FAILED tests failed! ✗"
|
|
exit 1
|
|
fi |