DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/scripts/test_auth.sh
michael 08b49d3d75 security: sanitize internal infrastructure details from open source package 
- Remove production_test_sequence.sh (DAW-specific production tests)
- Remove setup_env.sh (obsolete .env setup, replaced by furt.conf)
- Sanitize test scripts: replace dragons-at-work.de with example.com
- Sanitize API keys: replace dev keys with placeholder values
- Remove hardcoded DAW fallbacks from http_server.lua and smtp.lua
- Update .gitignore to exclude production-specific test files

Tests remain functional for developers with example domains.
All internal DAW infrastructure details removed from package.

Closes #101
2025-09-07 21:25:25 +02:00

79 lines
2.6 KiB
Bash
Executable file
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# furt-lua/scripts/test_auth.sh
# Test API-Key-Authentifizierung (ohne jq parse errors)
BASE_URL="http://127.0.0.1:8080"
HUGO_API_KEY="YOUR_API_KEY_HERE"
ADMIN_API_KEY="YOUR_ADMIN_KEY_HERE"
INVALID_API_KEY="invalid-key-should-fail"
echo "🔐 Testing Furt API-Key Authentication"
echo "======================================"
# Helper function to make clean API calls
make_request() {
local method="$1"
local url="$2"
local headers="$3"
local data="$4"
echo "Request: $method $url"
if [ -n "$headers" ]; then
echo "Headers: $headers"
fi
local response=$(curl -s $method \
${headers:+-H "$headers"} \
${data:+-d "$data"} \
-H "Content-Type: application/json" \
"$url")
local status=$(curl -s -o /dev/null -w "%{http_code}" $method \
${headers:+-H "$headers"} \
${data:+-d "$data"} \
-H "Content-Type: application/json" \
"$url")
echo "Status: $status"
echo "Response: $response" | jq '.' 2>/dev/null || echo "$response"
echo ""
}
# Test 1: Health-Check (public, no auth needed)
echo "1⃣ Public Health Check (no auth required):"
make_request "-X GET" "$BASE_URL/health"
# Test 2: No API-Key -> 401
echo "2⃣ Mail without API-Key (should fail with 401):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "" '{"name":"Test","email":"test@example.com","message":"Test"}'
# Test 3: Invalid API-Key -> 401
echo "3⃣ Mail with invalid API-Key (should fail with 401):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "X-API-Key: $INVALID_API_KEY" '{"name":"Test","email":"test@example.com","message":"Test"}'
# Test 4: Valid API-Key -> 200 (or SMTP error)
echo "4⃣ Mail with valid Hugo API-Key (should work):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "X-API-Key: $HUGO_API_KEY" '{
"name": "Test User",
"email": "test@example.com",
"subject": "API Auth Test",
"message": "This is a test message via authenticated API"
}'
# Test 5: Auth Status Check
echo "5⃣ Auth Status Check with Hugo API-Key:"
make_request "-X GET" "$BASE_URL/v1/auth/status" "X-API-Key: $HUGO_API_KEY"
# Test 6: Auth Status with Admin API-Key
echo "6⃣ Auth Status Check with Admin API-Key:"
make_request "-X GET" "$BASE_URL/v1/auth/status" "X-API-Key: $ADMIN_API_KEY"
echo "✅ Auth Testing Complete!"
echo ""
echo "Expected Results:"
echo "- Test 1: ✅ 200 OK (health check)"
echo "- Test 2: ❌ 401 Unauthorized (Missing API-Key)"
echo "- Test 3: ❌ 401 Unauthorized (Invalid API-Key)"
echo "- Test 4: ✅ 200 OK (Valid API-Key) or 500 if SMTP not configured"
echo "- Test 5,6: ✅ 200 OK with auth details"
Reference in a new issue View git blame Copy permalink