laantungir/ginxsom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e693fe3caaecc211e6b8e58bdf6e1f70d23c9a74
ginxsom/tests/cors_test.sh
Your Name 25a871bb31 Reupload
2025-10-09 10:40:46 -04:00

194 lines
6.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# CORS Test Suite for Ginxsom Blossom Server
# Tests all endpoints for both HTTP and HTTPS protocols
# Validates presence of required CORS headers per BUD-01 specification
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Test configuration
HTTP_BASE="http://localhost:9001"
HTTPS_BASE="https://localhost:9443"
SAMPLE_SHA256="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" # empty string hash
SAMPLE_PUBKEY="0000000000000000000000000000000000000000000000000000000000000001"
# Required CORS headers for BUD-01 compliance
REQUIRED_HEADERS=(
"Access-Control-Allow-Origin"
"Access-Control-Allow-Methods"
"Access-Control-Allow-Headers"
"Access-Control-Max-Age"
)
# Test counters
TOTAL_TESTS=0
PASSED_TESTS=0
FAILED_TESTS=0
echo -e "${BLUE}===========================================${NC}"
echo -e "${BLUE} GINXSOM CORS TEST SUITE (BUD-01) ${NC}"
echo -e "${BLUE}===========================================${NC}"
echo ""
# Function to check CORS headers
check_cors_headers() {
local endpoint="$1"
local method="$2"
local protocol="$3"
local extra_args="$4"
TOTAL_TESTS=$((TOTAL_TESTS + 1))
echo -e "${YELLOW}Testing:${NC} $method $endpoint ($protocol)"
# Make request and capture headers
if [ "$protocol" = "HTTPS" ]; then
headers=$(curl -k -s -I -X "$method" $extra_args "$endpoint" 2>/dev/null || echo "CURL_FAILED")
else
headers=$(curl -s -I -X "$method" $extra_args "$endpoint" 2>/dev/null || echo "CURL_FAILED")
fi
if [ "$headers" = "CURL_FAILED" ]; then
echo -e " ${RED}✗ FAIL:${NC} Could not connect to $endpoint"
FAILED_TESTS=$((FAILED_TESTS + 1))
return 1
fi
# Check HTTP response is valid
if ! echo "$headers" | grep -q "HTTP/"; then
echo -e " ${RED}✗ FAIL:${NC} Invalid HTTP response"
FAILED_TESTS=$((FAILED_TESTS + 1))
return 1
fi
local all_headers_present=true
local missing_headers=()
# Check each required header
for header in "${REQUIRED_HEADERS[@]}"; do
if ! echo "$headers" | grep -qi "^$header:"; then
all_headers_present=false
missing_headers+=("$header")
fi
done
if [ "$all_headers_present" = true ]; then
echo -e " ${GREEN}✓ PASS:${NC} All CORS headers present"
# Verify specific header values
local origin_header=$(echo "$headers" | grep -i "Access-Control-Allow-Origin:" | head -1 | sed 's/.*: *//')
if [[ "$origin_header" == *"*"* ]]; then
echo -e " ${GREEN}${NC} Access-Control-Allow-Origin: $origin_header"
else
echo -e " ${RED}${NC} Access-Control-Allow-Origin should be '*', got: $origin_header"
all_headers_present=false
fi
# Check for duplicate headers (common CORS issue)
local origin_count=$(echo "$headers" | grep -ci "Access-Control-Allow-Origin:" || echo "0")
if [ "$origin_count" -gt 1 ]; then
echo -e " ${RED}${NC} WARNING: Multiple Access-Control-Allow-Origin headers detected ($origin_count)"
all_headers_present=false
fi
PASSED_TESTS=$((PASSED_TESTS + 1))
else
echo -e " ${RED}✗ FAIL:${NC} Missing CORS headers: ${missing_headers[*]}"
FAILED_TESTS=$((FAILED_TESTS + 1))
fi
echo ""
return 0
}
# Test endpoints for both HTTP and HTTPS
test_endpoint() {
local path="$1"
local method="$2"
local extra_args="$3"
# Test HTTP
check_cors_headers "$HTTP_BASE$path" "$method" "HTTP" "$extra_args"
# Test HTTPS
check_cors_headers "$HTTPS_BASE$path" "$method" "HTTPS" "$extra_args"
}
echo -e "${BLUE}=== TESTING CORE BLOSSOM ENDPOINTS ===${NC}"
echo ""
# 1. OPTIONS preflight tests (most critical for CORS)
echo -e "${YELLOW}--- OPTIONS Preflight Requests ---${NC}"
test_endpoint "/" "OPTIONS"
test_endpoint "/upload" "OPTIONS"
test_endpoint "/auth" "OPTIONS"
test_endpoint "/health" "OPTIONS"
test_endpoint "/mirror" "OPTIONS"
test_endpoint "/report" "OPTIONS"
test_endpoint "/$SAMPLE_SHA256" "OPTIONS"
test_endpoint "/list/$SAMPLE_PUBKEY" "OPTIONS"
test_endpoint "/api/config" "OPTIONS"
# 2. GET requests
echo -e "${YELLOW}--- GET Requests ---${NC}"
test_endpoint "/" "GET"
test_endpoint "/health" "GET"
test_endpoint "/auth" "GET"
test_endpoint "/$SAMPLE_SHA256" "GET"
test_endpoint "/list/$SAMPLE_PUBKEY" "GET"
test_endpoint "/api/config" "GET"
# 3. HEAD requests
echo -e "${YELLOW}--- HEAD Requests ---${NC}"
test_endpoint "/" "HEAD"
test_endpoint "/health" "HEAD"
test_endpoint "/$SAMPLE_SHA256" "HEAD"
test_endpoint "/upload" "HEAD"
# 4. PUT requests (will likely fail with 400/401 but should still have CORS)
echo -e "${YELLOW}--- PUT Requests (CORS on Errors) ---${NC}"
test_endpoint "/upload" "PUT" "-H 'Content-Type: text/plain'"
test_endpoint "/mirror" "PUT" "-H 'Content-Type: application/json'"
test_endpoint "/report" "PUT" "-H 'Content-Type: application/json'"
test_endpoint "/api/config" "PUT" "-H 'Content-Type: application/json'"
# 5. DELETE requests
echo -e "${YELLOW}--- DELETE Requests ---${NC}"
test_endpoint "/$SAMPLE_SHA256" "DELETE"
# 6. Edge cases and variations
echo -e "${YELLOW}--- Edge Cases ---${NC}"
test_endpoint "/nonexistent" "GET"
test_endpoint "/$SAMPLE_SHA256.txt" "GET"
test_endpoint "/$SAMPLE_SHA256.jpg" "GET"
test_endpoint "/list/invalid_pubkey" "GET"
echo -e "${BLUE}===========================================${NC}"
echo -e "${BLUE} TEST RESULTS SUMMARY ${NC}"
echo -e "${BLUE}===========================================${NC}"
echo ""
echo -e "Total Tests: $TOTAL_TESTS"
echo -e "${GREEN}Passed: $PASSED_TESTS${NC}"
echo -e "${RED}Failed: $FAILED_TESTS${NC}"
echo ""
if [ $FAILED_TESTS -eq 0 ]; then
echo -e "${GREEN}🎉 ALL TESTS PASSED! 🎉${NC}"
echo -e "${GREEN}✅ CORS implementation is BUD-01 compliant${NC}"
echo -e "${GREEN}✅ All endpoints support cross-origin requests${NC}"
echo -e "${GREEN}✅ No duplicate header issues detected${NC}"
echo ""
exit 0
else
echo -e "${RED}❌ TESTS FAILED! ❌${NC}"
echo -e "${RED}⚠️ CORS implementation needs fixes${NC}"
echo ""
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink