DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/furt-lua/scripts/stress_test.sh
michael 901f5eb2d8 feat(auth): implement complete API-key authentication with modular architecture (#47) 
- Add comprehensive API-key authentication system with X-API-Key header validation
- Implement permission-based access control (mail:send, * for admin)
- Add rate-limiting system (60 req/hour per API key, 100 req/hour per IP)
- Refactor monolithic 590-line main.lua into 6 modular components (<200 lines each)
- Add IP-restriction support with CIDR notation (127.0.0.1, 10.0.0.0/8)
- Implement Hugo integration with CORS support for localhost:1313
- Add production-ready configuration with environment variable support
- Create comprehensive testing suite (auth, rate-limiting, stress tests)
- Add production deployment checklist and cleanup scripts

This refactoring transforms the API gateway from a single-file monolith into a
biocodie-compliant modular architecture while adding enterprise-grade security
features. Performance testing shows 79 RPS concurrent throughput with <100ms
latency. Hugo contact form integration tested and working. System is now
production-ready for deployment to walter/aitvaras.

Resolves #47
2025-06-24 22:01:38 +02:00

171 lines
4.8 KiB
Bash
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# furt-lua/scripts/stress_test.sh
# Rate-Limiting und Performance Stress-Test
BASE_URL="http://127.0.0.1:8080"
# Use correct API keys that match current .env
API_KEY="hugo-dev-key-change-in-production"
echo "⚡ Furt API Stress Test"
echo "======================"
# Test 1: Rate-Limiting Test (schnelle Requests)
echo -e "\n1⃣ Rate-Limiting Test (20 quick requests):"
echo "Expected: First ~10 should work, then rate limiting kicks in"
rate_limit_failures=0
rate_limit_success=0
for i in {1..20}; do
response=$(curl -s -w "%{http_code}" \
-H "X-API-Key: $API_KEY" \
"$BASE_URL/v1/auth/status")
status=$(echo "$response" | tail -c 4)
if [ "$status" == "200" ]; then
rate_limit_remaining=$(echo "$response" | head -n -1 | jq -r '.rate_limit_remaining // "N/A"' 2>/dev/null)
echo "Request $i: ✅ 200 OK (Rate limit remaining: $rate_limit_remaining)"
((rate_limit_success++))
elif [ "$status" == "429" ]; then
echo "Request $i: ⛔ 429 Rate Limited"
((rate_limit_failures++))
else
echo "Request $i: ❌ $status Error"
fi
# Small delay to prevent overwhelming
sleep 0.1
done
echo "Rate-Limiting Results: $rate_limit_success success, $rate_limit_failures rate-limited"
# Test 2: Performance Test (concurrent requests)
echo -e "\n2⃣ Performance Test (10 concurrent requests):"
echo "Testing server under concurrent load..."
start_time=$(date +%s.%N)
# Create temp files for results
temp_dir=$(mktemp -d)
trap "rm -rf $temp_dir" EXIT
# Launch concurrent requests
for i in {1..10}; do
{
local_start=$(date +%s.%N)
response=$(curl -s -w "%{http_code}" \
-H "X-API-Key: $API_KEY" \
"$BASE_URL/health")
local_end=$(date +%s.%N)
status=$(echo "$response" | tail -c 4)
duration=$(echo "$local_end - $local_start" | bc -l)
echo "Concurrent $i: Status $status, Duration ${duration}s" > "$temp_dir/result_$i"
} &
done
# Wait for all background jobs
wait
end_time=$(date +%s.%N)
total_duration=$(echo "$end_time - $start_time" | bc -l)
echo "Concurrent Results:"
cat "$temp_dir"/result_* | sort
echo "Total Duration: ${total_duration}s"
# Test 3: Mail API Performance (lighter test)
echo -e "\n3⃣ Mail API Performance Test (5 requests):"
echo "Testing mail endpoint performance..."
mail_success=0
mail_errors=0
for i in {1..5}; do
start_time=$(date +%s.%N)
response=$(curl -s -w "%{http_code}" \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d "{\"name\":\"Stress Test $i\",\"email\":\"test$i@example.com\",\"subject\":\"Performance Test\",\"message\":\"Load test message $i\"}" \
"$BASE_URL/v1/mail/send")
end_time=$(date +%s.%N)
duration=$(echo "$end_time - $start_time" | bc -l)
status=$(echo "$response" | tail -c 4)
if [ "$status" == "200" ]; then
echo "Mail $i: ✅ 200 OK (${duration}s)"
((mail_success++))
else
echo "Mail $i: ❌ Status $status (${duration}s)"
((mail_errors++))
fi
# Delay between mail sends to be nice to SMTP server
sleep 1
done
echo "Mail Performance: $mail_success success, $mail_errors errors"
# Test 4: Mixed Load Test
echo -e "\n4⃣ Mixed Load Test (Auth + Health requests):"
echo "Testing mixed endpoint load..."
mixed_total=0
mixed_success=0
for i in {1..15}; do
((mixed_total++))
if [ $((i % 3)) -eq 0 ]; then
# Every 3rd request: auth status
endpoint="/v1/auth/status"
else
# Other requests: health check
endpoint="/health"
fi
response=$(curl -s -w "%{http_code}" \
-H "X-API-Key: $API_KEY" \
"$BASE_URL$endpoint")
status=$(echo "$response" | tail -c 4)
if [ "$status" == "200" ]; then
echo "Mixed $i ($endpoint): ✅ 200 OK"
((mixed_success++))
else
echo "Mixed $i ($endpoint): ❌ $status"
fi
sleep 0.2
done
echo "Mixed Load Results: $mixed_success/$mixed_total successful"
# Summary
echo -e "\n📊 Stress Test Summary:"
echo "================================="
echo "Rate-Limiting: $rate_limit_success success, $rate_limit_failures limited (Expected behavior ✅)"
echo "Concurrent Load: Check above results"
echo "Mail Performance: $mail_success/$((mail_success + mail_errors)) successful"
echo "Mixed Load: $mixed_success/$mixed_total successful"
if [ $rate_limit_failures -gt 0 ]; then
echo "✅ Rate limiting is working correctly!"
else
echo "⚠️ Rate limiting may need adjustment (no limits hit)"
fi
if [ $mixed_success -eq $mixed_total ] && [ $mail_success -gt 3 ]; then
echo "✅ Server performance looks good!"
else
echo "⚠️ Some performance issues detected"
fi
echo -e "\n🎯 Next: Check server logs for any errors or memory issues"
Reference in a new issue View git blame Copy permalink