DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/furt-lua/scripts/test_modular.sh

62 lines
1.9 KiB
Bash
Raw Normal View History

feat(auth): implement complete API-key authentication with modular architecture (#47) - Add comprehensive API-key authentication system with X-API-Key header validation - Implement permission-based access control (mail:send, * for admin) - Add rate-limiting system (60 req/hour per API key, 100 req/hour per IP) - Refactor monolithic 590-line main.lua into 6 modular components (<200 lines each) - Add IP-restriction support with CIDR notation (127.0.0.1, 10.0.0.0/8) - Implement Hugo integration with CORS support for localhost:1313 - Add production-ready configuration with environment variable support - Create comprehensive testing suite (auth, rate-limiting, stress tests) - Add production deployment checklist and cleanup scripts This refactoring transforms the API gateway from a single-file monolith into a biocodie-compliant modular architecture while adding enterprise-grade security features. Performance testing shows 79 RPS concurrent throughput with <100ms latency. Hugo contact form integration tested and working. System is now production-ready for deployment to walter/aitvaras. Resolves #47
2025-06-24 22:01:38 +02:00
#!/bin/bash
# furt-lua/scripts/test_modular.sh
# Test der modularen Furt-Architektur
BASE_URL="http://127.0.0.1:8080"
HUGO_API_KEY="hugo-dev-key-change-in-production"
echo "🧩 Testing Modular Furt Architecture"
echo "===================================="
# Test 1: Module dependencies check
echo -e "\n1⃣ Testing module imports (should not error on startup):"
echo "Starting server in background..."
cd "$(dirname "$0")/.."
lua src/main.lua &
SERVER_PID=$!
sleep 2
if kill -0 $SERVER_PID 2>/dev/null; then
echo "✅ Server started successfully - all modules loaded"
else
echo "❌ Server failed to start - module import error"
exit 1
fi
# Test 2: Public endpoints (no auth)
echo -e "\n2⃣ Testing public endpoints:"
curl -s -w "Status: %{http_code}\n" "$BASE_URL/health" | jq '.features'
# Test 3: Protected endpoints without auth (should fail)
echo -e "\n3⃣ Testing auth protection:"
curl -s -w "Status: %{http_code}\n" \
-X POST \
-H "Content-Type: application/json" \
-d '{"name":"Test","email":"test@example.com","message":"Test"}' \
"$BASE_URL/v1/mail/send" | jq '.error'
# Test 4: Protected endpoints with auth (should work)
echo -e "\n4⃣ Testing authenticated request:"
curl -s -w "Status: %{http_code}\n" \
-H "X-API-Key: $HUGO_API_KEY" \
"$BASE_URL/v1/auth/status" | jq '.'
# Test 5: Rate limiting headers
echo -e "\n5⃣ Testing rate limit headers:"
curl -s -i -H "X-API-Key: $HUGO_API_KEY" "$BASE_URL/v1/auth/status" | grep -E "X-RateLimit|HTTP"
# Cleanup
echo -e "\n🧹 Cleanup:"
kill $SERVER_PID 2>/dev/null
wait $SERVER_PID 2>/dev/null
echo "Server stopped"
echo -e "\n✅ Modular Architecture Test Complete!"
echo "Expected behavior:"
echo "- Test 1: ✅ Server starts without module errors"
echo "- Test 2: ✅ Health endpoint works, shows features"
echo "- Test 3: ❌ 401 Unauthorized (missing API key)"
echo "- Test 4: ✅ 200 OK with auth details"
echo "- Test 5: ✅ Rate limit headers present"
Reference in a new issue Copy permalink