.gitignore

@@ -68,4 +68,3 @@ config.production.lua
 
 config/furt.conf
 
-scripts/production_test_sequence.sh

.version_history

@@ -24,4 +24,3 @@ a670de0f,25a709e,feature/pid-file-service-management,2025-09-05T20:30:13Z,michae
 a670de0f,59f372f,feature/pid-file-service-management,2025-09-07T14:58:01Z,michael,git,lua-api
 a670de0f,683d6e5,fix/validate-config-posix-regex,2025-09-07T16:00:48Z,michael,git,lua-api
 a670de0f,24bd94d,feature/systemd-hardening,2025-09-07T16:40:47Z,michael,git,lua-api
-4ee95dbc,08b49d3,security/sanitize-test-scripts,2025-09-07T19:25:38Z,michael,git,lua-api

scripts/manual_mail_test.sh

@@ -4,11 +4,11 @@
 echo "Testing SMTP with corrected JSON..."
 
 # Simple test without timestamp embedding
-curl -X POST http://127.0.0.1:7811/v1/mail/send \
+curl -X POST http://127.0.0.1:8080/v1/mail/send \
      -H "Content-Type: application/json" \
      -d '{
        "name": "Furt Test User",
-       "email": "admin@example.com",
+       "email": "michael@dragons-at-work.de",
        "subject": "Furt SMTP Test Success!",
        "message": "This is a test email from Furt Lua HTTP-Server. SMTP Integration working!"
      }'

scripts/production_test_sequence.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+# Production Test für api.dragons-at-work.de
+
+echo "Testing Production API via Apache Proxy"
+echo "======================================="
+
+# Test 1: HTTPS Health Check
+echo ""
+echo "[1] Testing HTTPS Health Check..."
+https_health=$(curl -s https://api.dragons-at-work.de/health)
+echo "HTTPS Response: $https_health"
+
+if echo "$https_health" | grep -q "healthy"; then
+    echo "[OK] HTTPS Proxy working"
+else
+    echo "[ERROR] HTTPS Proxy failed"
+    exit 1
+fi
+
+# Test 2: SMTP Status via HTTPS
+echo ""
+echo "[2] Testing SMTP Configuration via HTTPS..."
+if echo "$https_health" | grep -q '"smtp_configured":true'; then
+    echo "[OK] SMTP configured and accessible via HTTPS"
+else
+    echo "[ERROR] SMTP not configured or not accessible"
+fi
+
+# Test 3: CORS Headers
+echo ""
+echo "[3] Testing CORS Headers..."
+cors_test=$(curl -s -I https://api.dragons-at-work.de/health | grep -i "access-control")
+if [ -n "$cors_test" ]; then
+    echo "[OK] CORS headers present: $cors_test"
+else
+    echo "[WARN] CORS headers missing - add to Apache config"
+fi
+
+# Test 4: Production Mail Test  
+echo ""
+echo "[4] Testing Production Mail via HTTPS..."
+echo "WARNING: This sends real email via production API"
+read -p "Continue with production mail test? (y/N): " -n 1 -r
+echo
+
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+    echo "Sending production test email..."
+    
+    prod_mail_response=$(curl -s -X POST https://api.dragons-at-work.de/v1/mail/send \
+        -H "Content-Type: application/json" \
+        -d '{
+            "name": "Production Test",
+            "email": "test@dragons-at-work.de",
+            "subject": "Production API Test - Apache Proxy Success!",
+            "message": "This email was sent via the production API at api.dragons-at-work.de through Apache proxy to Furt-Lua backend. HTTPS integration working!"
+        }')
+    
+    echo "Production Response: $prod_mail_response"
+    
+    if echo "$prod_mail_response" | grep -q '"success":true'; then
+        echo "[OK] PRODUCTION MAIL SENT VIA HTTPS!"
+        echo "Check admin@dragons-at-work.de for delivery confirmation"
+    else
+        echo "[ERROR] Production mail failed"
+    fi
+else
+    echo "Skipping production mail test"
+fi
+
+# Test 5: Security Headers
+echo ""
+echo "[5] Testing Security Headers..."
+security_headers=$(curl -s -I https://api.dragons-at-work.de/health)
+echo "Security Headers:"
+echo "$security_headers" | grep -i "x-content-type-options\|x-frame-options\|strict-transport"
+
+echo ""
+echo "Production Test Complete!"
+echo "========================"
+echo "Next: Hugo integration with https://api.dragons-at-work.de/v1/mail/send"

scripts/setup_env.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+# furt-lua/scripts/setup_env.sh
+# Add SMTP environment variables to existing .env (non-destructive)
+
+set -e
+
+# Colors for output
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m' # No Color
+
+echo -e "${GREEN}=== Furt SMTP Environment Setup ===${NC}"
+
+# Navigate to furt project root
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$(dirname "$SCRIPT_DIR")")"
+ENV_FILE="$PROJECT_ROOT/.env"
+
+echo -e "${YELLOW}Project root:${NC} $PROJECT_ROOT"
+echo -e "${YELLOW}Environment file:${NC} $ENV_FILE"
+
+# Check if .env exists
+if [ ! -f "$ENV_FILE" ]; then
+    echo -e "${YELLOW}Creating new .env file...${NC}"
+    cat > "$ENV_FILE" << 'EOF'
+# Dragons@Work Project Environment Variables
+
+# Furt SMTP Configuration for mail.dragons-at-work.de
+SMTP_HOST="mail.dragons-at-work.de"
+SMTP_PORT="465"
+SMTP_USERNAME="your_email@dragons-at-work.de"
+SMTP_PASSWORD="your_smtp_password"
+SMTP_FROM="noreply@dragons-at-work.de"
+SMTP_TO="michael@dragons-at-work.de"
+EOF
+    echo -e "${GREEN}[OK] Created new .env file${NC}"
+    echo -e "${YELLOW}[EDIT] Please edit:${NC} nano $ENV_FILE"
+    exit 0
+fi
+
+echo -e "${GREEN}[OK] Found existing .env file${NC}"
+
+# Check if SMTP variables already exist
+smtp_username_exists=$(grep -c "^SMTP_USERNAME=" "$ENV_FILE" 2>/dev/null || echo "0")
+smtp_password_exists=$(grep -c "^SMTP_PASSWORD=" "$ENV_FILE" 2>/dev/null || echo "0")
+
+if [ "$smtp_username_exists" -gt 0 ] && [ "$smtp_password_exists" -gt 0 ]; then
+    echo -e "${GREEN}[OK] SMTP variables already configured${NC}"
+    
+    # Load and show current values
+    source "$ENV_FILE"
+    echo -e "${YELLOW}Current SMTP User:${NC} ${SMTP_USERNAME:-NOT_SET}"
+    echo -e "${YELLOW}Current SMTP Password:${NC} ${SMTP_PASSWORD:+[CONFIGURED]}${SMTP_PASSWORD:-NOT_SET}"
+    
+    echo ""
+    echo -e "${YELLOW}To update SMTP settings:${NC} nano $ENV_FILE"
+    exit 0
+fi
+
+# Add missing SMTP variables
+echo -e "${YELLOW}Adding SMTP configuration to existing .env...${NC}"
+
+# Add section header if not present
+if ! grep -q "SMTP_" "$ENV_FILE" 2>/dev/null; then
+    echo "" >> "$ENV_FILE"
+    echo "# Furt SMTP Configuration for mail.dragons-at-work.de" >> "$ENV_FILE"
+fi
+
+# Add username if missing
+if [ "$smtp_username_exists" -eq 0 ]; then
+    echo "SMTP_HOST=\"mail.dragons-at-work.de\"" >> "$ENV_FILE"
+    echo "SMTP_PORT=\"465\"" >> "$ENV_FILE"
+    echo "SMTP_USERNAME=\"your_email@dragons-at-work.de\"" >> "$ENV_FILE"
+    echo -e "${GREEN}[OK] Added SMTP_HOST, SMTP_PORT, SMTP_USERNAME${NC}"
+fi
+
+# Add password if missing
+if [ "$smtp_password_exists" -eq 0 ]; then
+    echo "SMTP_PASSWORD=\"your_smtp_password\"" >> "$ENV_FILE"
+    echo "SMTP_FROM=\"noreply@dragons-at-work.de\"" >> "$ENV_FILE"
+    echo "SMTP_TO=\"michael@dragons-at-work.de\"" >> "$ENV_FILE"
+    echo -e "${GREEN}[OK] Added SMTP_PASSWORD, SMTP_FROM, SMTP_TO${NC}"
+fi
+
+echo -e "${GREEN}[OK] SMTP configuration added to .env${NC}"
+echo ""
+echo -e "${YELLOW}Next steps:${NC}"
+echo "1. Edit SMTP credentials: nano $ENV_FILE"
+echo "2. Set your actual email@dragons-at-work.de in SMTP_USERNAME"
+echo "3. Set your actual SMTP password in SMTP_PASSWORD"
+echo "4. Test with: ./scripts/start.sh"
+
+echo ""
+echo -e "${YELLOW}Current .env content:${NC}"
+echo "==================="
+cat "$ENV_FILE"
+echo "==================="
+echo ""
+echo -e "${GREEN}Ready for SMTP testing!${NC}"
+

scripts/stress_test.sh

@@ -4,7 +4,7 @@
 
 BASE_URL="http://127.0.0.1:8080"
 # Use correct API keys that match current .env
-API_KEY="YOUR_API_KEY_HERE"
+API_KEY="hugo-dev-key-change-in-production"
 
 echo "⚡ Furt API Stress Test"
 echo "======================"

scripts/test_auth.sh

@@ -3,8 +3,8 @@
 # Test API-Key-Authentifizierung (ohne jq parse errors)
 
 BASE_URL="http://127.0.0.1:8080"
-HUGO_API_KEY="YOUR_API_KEY_HERE"
+HUGO_API_KEY="hugo-dev-key-change-in-production"
-ADMIN_API_KEY="YOUR_ADMIN_KEY_HERE"
+ADMIN_API_KEY="admin-dev-key-change-in-production"
 INVALID_API_KEY="invalid-key-should-fail"
 
 echo "🔐 Testing Furt API-Key Authentication"

scripts/test_modular.sh

@@ -3,7 +3,7 @@
 # Test der modularen Furt-Architektur
 
 BASE_URL="http://127.0.0.1:8080"
-HUGO_API_KEY="YOUR_API_KEY_HERE"
+HUGO_API_KEY="hugo-dev-key-change-in-production"
 
 echo "🧩 Testing Modular Furt Architecture"
 echo "===================================="

scripts/test_smtp.sh

@@ -54,7 +54,7 @@ fi
 # Test 4: Valid Mail Request (REAL SMTP TEST)
 echo ""
 echo "[4] Testing REAL mail sending..."
-echo "WARNING: This will send a real email to admin@example.com"
+echo "WARNING: This will send a real email to michael@dragons-at-work.de"
 read -p "Continue with real mail test? (y/N): " -n 1 -r
 echo
 
@@ -65,7 +65,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
         -H "Content-Type: application/json" \
         -d '{
             "name": "Furt Test User",
-            "email": "test@example.com",
+            "email": "test@dragons-at-work.de", 
             "subject": "Furt SMTP Test - Week 2 Success!",
             "message": "This is a test email from the Furt Lua HTTP-Server.\n\nSMTP Integration is working!\n\nTimestamp: '$(date)'\nServer: furt-lua v1.0"
         }')
@@ -75,7 +75,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
     # Check for success
     if echo "$mail_response" | grep -q '"success":true'; then
         echo "[OK] MAIL SENT SUCCESSFULLY!"
-        echo "Check admin@example.com inbox"
+        echo "Check michael@dragons-at-work.de inbox"
         
         # Extract request ID
         request_id=$(echo "$mail_response" | grep -o '"request_id":"[^"]*"' | cut -d'"' -f4)

src/http_server.lua

@@ -91,7 +91,9 @@ end
 function FurtServer:add_cors_headers(request)
     local allowed_origins = config.cors and config.cors.allowed_origins or {
         "http://localhost:1313",
-        "http://127.0.0.1:1313"
+        "http://127.0.0.1:1313",
+        "https://dragons-at-work.de",
+        "https://www.dragons-at-work.de"
     }
 
     -- Check if request has Origin header

src/smtp.lua

@@ -95,11 +95,11 @@ end
 -- Create SMTP instance
 function SMTP:new(config)
     local instance = {
-        server = config.smtp_server,
+        server = config.smtp_server or "mail.dragons-at-work.de",
-        port = config.smtp_port,
+        port = config.smtp_port or 465,
         username = config.username,
         password = config.password,
-        from_address = config.from_address,
+        from_address = config.from_address or "noreply@dragons-at-work.de",
         use_ssl = config.use_ssl or true,
         debug = config.debug or false,
         ssl_compat = SSLCompat