Inicio Explorar Axuda
Iniciar sesión
chiappa
/
irdb
réplica de https://git.snix.ch/chiappa/irdb.git
1
0
Fork 0
Ficheiros Incidencias 0
Rama: main
Ramas Etiquetas
irdb
/
tests
/
e2e
/
demo.sh

demo.sh 6.5 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. #!/usr/bin/env bash
    2. 

  2. # End-to-end smoke check.
    3. 

  3. #
    4. 

  4. # Mirrors the README quickstart: boots the compose stack, creates an
    5. 

  5. # admin token, creates a reporter + consumer + their tokens, posts a
    6. 

  6. # report, triggers the recompute job, pulls the blocklist, and asserts
    7. 

  7. # the IP shows up. Tears down at the end.
    8. 

  8. #
    9. 

  9. # Run from the repo root:
    10. 

  10. #     ./tests/e2e/demo.sh
    11. 

  11. #
    12. 

  12. # Requirements: Docker. No PHP/Node/Composer needed on the host.
    13. 

  13. # Expected runtime: ~90 seconds (most of it the FrankenPHP cold start).
    14. 

  14. #
    15. 

  15. # Exits non-zero on any step failure. Sets `set -e` so the first error
    16. 

  16. # aborts; `trap` ensures the stack is torn down even on early exit.
    17. 

  17. set -euo pipefail
    18. 

  18. 

  19. REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
    20. 

  20. cd "$REPO_ROOT"
    21. 

  21. 

  22. LOG_PREFIX="\033[1;36m[e2e]\033[0m"
    23. 

  23. log()  { printf "%b %s\n" "$LOG_PREFIX" "$*"; }
    24. 

  24. fail() { printf "\033[1;31m[fail]\033[0m %s\n" "$*" >&2; exit 1; }
    25. 

  25. 

  26. cleanup() {
    27. 

  27.     log "tearing down compose stack"
    28. 

  28.     docker compose down -v >/dev/null 2>&1 || true
    29. 

  29. }
    30. 

  30. trap cleanup EXIT
    31. 

  31. 

  32. # ---- Step 1: prepare a clean .env ---------------------------------
    33. 

  33. log "preparing .env from .env.example"
    34. 

  34. cp .env.example .env
    35. 

  35. 

  36. # Generate a deterministic local-admin password hash so the test is
    37. 

  37. # reproducible. The helper escape doubles every $ so docker-compose
    38. 

  38. # variable substitution doesn't eat them.
    39. 

  39. HASH=$(php -r "echo password_hash('e2e-demo-password', PASSWORD_ARGON2ID);" | sed 's/\$/$$/g')
    40. 

  40. 

  41. # Fill in the secrets needed for boot. Use a small awk to substitute
    42. 

  42. # in place — POSIX sed's behaviour for "key=" lines varies across
    43. 

  43. # distros for special chars in the value.
    44. 

  44. awk -v hash="$HASH" '
    45. 

  45.     BEGIN { ui_secret=ui_svc=int_tok=app_secret="" }
    46. 

  46.     /^UI_SECRET=/      { print "UI_SECRET="                            "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"; next }
    47. 

  47.     /^APP_SECRET=/     { print "APP_SECRET="                           "fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210"; next }
    48. 

  48.     /^INTERNAL_JOB_TOKEN=/ { print "INTERNAL_JOB_TOKEN="               "abababababababababababababababababababababababababababababababab"; next }
    49. 

  49.     /^UI_SERVICE_TOKEN=/   { print "UI_SERVICE_TOKEN="                 "irdb_svc_AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD"; next }
    50. 

  50.     /^OIDC_ENABLED=/   { print "OIDC_ENABLED=false"; next }
    51. 

  51.     /^LOCAL_ADMIN_PASSWORD_HASH=/ { print "LOCAL_ADMIN_PASSWORD_HASH=" hash; next }
    52. 

  52.     { print }
    53. 

  53. ' .env > .env.tmp && mv .env.tmp .env
    54. 

  54. 

  55. # ---- Step 2: bring the stack up ----------------------------------
    56. 

  56. log "compose up"
    57. 

  57. docker compose up -d --build >/dev/null
    58. 

  58. 

  59. log "waiting for api healthcheck (up to 60s)"
    60. 

  60. for _ in $(seq 1 60); do
    61. 

  61.     if curl -sf http://localhost:8081/healthz >/dev/null 2>&1; then
    62. 

  62.         break
    63. 

  63.     fi
    64. 

  64.     sleep 1
    65. 

  65. done
    66. 

  66. curl -sf http://localhost:8081/healthz >/dev/null || fail "api never became healthy"
    67. 

  67. 

  68. log "waiting for ui healthcheck (up to 30s)"
    69. 

  69. for _ in $(seq 1 30); do
    70. 

  70.     if curl -sf http://localhost:8080/healthz >/dev/null 2>&1; then
    71. 

  71.         break
    72. 

  72.     fi
    73. 

  73.     sleep 1
    74. 

  74. done
    75. 

  75. curl -sf http://localhost:8080/healthz >/dev/null || fail "ui never became healthy"
    76. 

  76. 

  77. # ---- Step 3: bootstrap the service token + admin token -----------
    78. 

  78. log "bootstrapping the UI service token row"
    79. 

  79. docker compose exec -T api php bin/console auth:bootstrap-service-token >/dev/null
    80. 

  80. 

  81. log "creating an admin token via CLI"
    82. 

  82. ADMIN_TOKEN=$(docker compose exec -T api php bin/console \
    83. 

  83.     auth:create-token --kind=admin --role=admin --quiet | tr -d '\r')
    84. 

  84. [ -n "$ADMIN_TOKEN" ] || fail "no admin token returned"
    85. 

  85. 

  86. # ---- Step 4: create a reporter + reporter token ------------------
    87. 

  87. log "creating reporter + token"
    88. 

  88. RID=$(curl -sf -X POST -H "Authorization: Bearer $ADMIN_TOKEN" \
    89. 

  89.     -H "Content-Type: application/json" \
    90. 

  90.     -d '{"name":"e2e-rep","trust_weight":1.0}' \
    91. 

  91.     http://localhost:8081/api/v1/admin/reporters \
    92. 

  92.     | php -r 'echo json_decode(stream_get_contents(STDIN),true)["id"];')
    93. 

  93. [ -n "$RID" ] || fail "no reporter id returned"
    94. 

  94. 

  95. REP_TOKEN=$(curl -sf -X POST -H "Authorization: Bearer $ADMIN_TOKEN" \
    96. 

  96.     -H "Content-Type: application/json" \
    97. 

  97.     -d "{\"kind\":\"reporter\",\"reporter_id\":$RID}" \
    98. 

  98.     http://localhost:8081/api/v1/admin/tokens \
    99. 

  99.     | php -r 'echo json_decode(stream_get_contents(STDIN),true)["raw_token"];')
    100. 

  100. [ -n "$REP_TOKEN" ] || fail "no reporter token returned"
    101. 

  101. 

  102. # ---- Step 5: post some reports ----------------------------------
    103. 

  103. log "submitting reports for 203.0.113.10..12"
    104. 

  104. for i in 10 11 12; do
    105. 

  105.     curl -sf -X POST -H "Authorization: Bearer $REP_TOKEN" \
    106. 

  106.         -H "Content-Type: application/json" \
    107. 

  107.         -d "{\"ip\":\"203.0.113.$i\",\"category\":\"brute_force\"}" \
    108. 

  108.         http://localhost:8081/api/v1/report > /dev/null
    109. 

  109. done
    110. 

  110. 

  111. # ---- Step 6: create a consumer + consumer token -----------------
    112. 

  112. log "creating consumer + token"
    113. 

  113. # Pick policy id 1 (the seeded "moderate" policy).
    114. 

  114. CID=$(curl -sf -X POST -H "Authorization: Bearer $ADMIN_TOKEN" \
    115. 

  115.     -H "Content-Type: application/json" \
    116. 

  116.     -d '{"name":"e2e-con","policy_id":1}' \
    117. 

  117.     http://localhost:8081/api/v1/admin/consumers \
    118. 

  118.     | php -r 'echo json_decode(stream_get_contents(STDIN),true)["id"];')
    119. 

  119. [ -n "$CID" ] || fail "no consumer id returned"
    120. 

  120. 

  121. CON_TOKEN=$(curl -sf -X POST -H "Authorization: Bearer $ADMIN_TOKEN" \
    122. 

  122.     -H "Content-Type: application/json" \
    123. 

  123.     -d "{\"kind\":\"consumer\",\"consumer_id\":$CID}" \
    124. 

  124.     http://localhost:8081/api/v1/admin/tokens \
    125. 

  125.     | php -r 'echo json_decode(stream_get_contents(STDIN),true)["raw_token"];')
    126. 

  126. [ -n "$CON_TOKEN" ] || fail "no consumer token returned"
    127. 

  127. 

  128. # ---- Step 7: trigger recompute via admin endpoint ---------------
    129. 

  129. log "triggering recompute-scores"
    130. 

  130. RESP=$(curl -sf -X POST -H "Authorization: Bearer $ADMIN_TOKEN" \
    131. 

  131.     -H "Content-Type: application/json" -d '{"full":true}' \
    132. 

  132.     http://localhost:8081/api/v1/admin/jobs/trigger/recompute-scores)
    133. 

  133. echo "$RESP" | grep -q '"status":"success"' || fail "recompute did not succeed: $RESP"
    134. 

  134. 

  135. # ---- Step 8: pull the blocklist; assert non-empty ----------------
    136. 

  136. log "pulling blocklist"
    137. 

  137. LIST=$(curl -sf -H "Authorization: Bearer $CON_TOKEN" http://localhost:8081/api/v1/blocklist)
    138. 

  138. COUNT=$(printf '%s\n' "$LIST" | grep -cE '^[0-9]' || true)
    139. 

  139. [ "$COUNT" -ge 1 ] || fail "blocklist empty (count=$COUNT)"
    140. 

  140. log "blocklist has $COUNT entries"
    141. 

  141. 

  142. # ---- Step 9: poke the OpenAPI viewer -----------------------------
    143. 

  143. log "fetching /api/v1/openapi.yaml"
    144. 

  144. curl -sf http://localhost:8081/api/v1/openapi.yaml | grep -q '^openapi:' \
    145. 

  145.     || fail "openapi.yaml missing or unexpected"
    146. 

  146. 

  147. log "fetching /api/docs"
    148. 

  148. curl -sf http://localhost:8081/api/docs | grep -qi 'rapi-doc' \
    149. 

  149.     || fail "/api/docs did not render the viewer"
    150. 

  150. 

  151. log "all checks passed"
    152.