DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/scripts/test_auth.sh

80 lines
2.7 KiB
Bash
Raw Normal View History

feat(auth): implement complete API-key authentication with modular architecture (#47) - Add comprehensive API-key authentication system with X-API-Key header validation - Implement permission-based access control (mail:send, * for admin) - Add rate-limiting system (60 req/hour per API key, 100 req/hour per IP) - Refactor monolithic 590-line main.lua into 6 modular components (<200 lines each) - Add IP-restriction support with CIDR notation (127.0.0.1, 10.0.0.0/8) - Implement Hugo integration with CORS support for localhost:1313 - Add production-ready configuration with environment variable support - Create comprehensive testing suite (auth, rate-limiting, stress tests) - Add production deployment checklist and cleanup scripts This refactoring transforms the API gateway from a single-file monolith into a biocodie-compliant modular architecture while adding enterprise-grade security features. Performance testing shows 79 RPS concurrent throughput with <100ms latency. Hugo contact form integration tested and working. System is now production-ready for deployment to walter/aitvaras. Resolves #47
2025-06-24 22:01:38 +02:00
#!/bin/bash
# furt-lua/scripts/test_auth.sh
# Test API-Key-Authentifizierung (ohne jq parse errors)
BASE_URL="http://127.0.0.1:8080"
HUGO_API_KEY="hugo-dev-key-change-in-production"
ADMIN_API_KEY="admin-dev-key-change-in-production"
INVALID_API_KEY="invalid-key-should-fail"
echo "🔐 Testing Furt API-Key Authentication"
echo "======================================"
# Helper function to make clean API calls
make_request() {
local method="$1"
local url="$2"
local headers="$3"
local data="$4"
echo "Request: $method $url"
if [ -n "$headers" ]; then
echo "Headers: $headers"
fi
local response=$(curl -s $method \
${headers:+-H "$headers"} \
${data:+-d "$data"} \
-H "Content-Type: application/json" \
"$url")
local status=$(curl -s -o /dev/null -w "%{http_code}" $method \
${headers:+-H "$headers"} \
${data:+-d "$data"} \
-H "Content-Type: application/json" \
"$url")
echo "Status: $status"
echo "Response: $response" | jq '.' 2>/dev/null || echo "$response"
echo ""
}
# Test 1: Health-Check (public, no auth needed)
echo "1⃣ Public Health Check (no auth required):"
make_request "-X GET" "$BASE_URL/health"
# Test 2: No API-Key -> 401
echo "2⃣ Mail without API-Key (should fail with 401):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "" '{"name":"Test","email":"test@example.com","message":"Test"}'
# Test 3: Invalid API-Key -> 401
echo "3⃣ Mail with invalid API-Key (should fail with 401):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "X-API-Key: $INVALID_API_KEY" '{"name":"Test","email":"test@example.com","message":"Test"}'
# Test 4: Valid API-Key -> 200 (or SMTP error)
echo "4⃣ Mail with valid Hugo API-Key (should work):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "X-API-Key: $HUGO_API_KEY" '{
"name": "Test User",
"email": "test@example.com",
"subject": "API Auth Test",
"message": "This is a test message via authenticated API"
}'
# Test 5: Auth Status Check
echo "5⃣ Auth Status Check with Hugo API-Key:"
make_request "-X GET" "$BASE_URL/v1/auth/status" "X-API-Key: $HUGO_API_KEY"
# Test 6: Auth Status with Admin API-Key
echo "6⃣ Auth Status Check with Admin API-Key:"
make_request "-X GET" "$BASE_URL/v1/auth/status" "X-API-Key: $ADMIN_API_KEY"
echo "✅ Auth Testing Complete!"
echo ""
echo "Expected Results:"
echo "- Test 1: ✅ 200 OK (health check)"
echo "- Test 2: ❌ 401 Unauthorized (Missing API-Key)"
echo "- Test 3: ❌ 401 Unauthorized (Invalid API-Key)"
echo "- Test 4: ✅ 200 OK (Valid API-Key) or 500 if SMTP not configured"
echo "- Test 5,6: ✅ 200 OK with auth details"
Reference in a new issue Copy permalink