-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest-security.js
More file actions
127 lines (111 loc) · 3.73 KB
/
test-security.js
File metadata and controls
127 lines (111 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/**
* Security Middleware Test Suite
* Tests authentication and rate limiting
*/
import fetch from 'node-fetch';
const GATEWAY_URL = 'http://localhost:5000';
const VALID_KEY = 'test-key-001';
const INVALID_KEY = 'bad-hacker-key';
const COLORS = {
reset: '\x1b[0m',
green: '\x1b[32m',
red: '\x1b[31m',
yellow: '\x1b[33m',
cyan: '\x1b[36m'
};
function log(message, color = 'reset') {
console.log(`${COLORS[color]}${message}${COLORS.reset}`);
}
async function testNoKey() {
log('\n🛑 TEST 1: Request WITHOUT API Key', 'cyan');
try {
const res = await fetch(`${GATEWAY_URL}/api/routes/optimize`, {
method: 'POST',
body: JSON.stringify({ test: true }),
headers: { 'Content-Type': 'application/json' }
});
if (res.status === 401) {
log('✅ PASS: Rejected with 401 Unauthorized', 'green');
return true;
} else {
log(`❌ FAIL: Expected 401, got ${res.status}`, 'red');
return false;
}
} catch (e) { log(`❌ Error: ${e.message}`, 'red'); return false; }
}
async function testBadKey() {
log('\n🛑 TEST 2: Request with INVALID API Key', 'cyan');
try {
const res = await fetch(`${GATEWAY_URL}/api/routes/optimize`, {
method: 'POST',
body: JSON.stringify({ test: true }),
headers: {
'Content-Type': 'application/json',
'x-api-key': INVALID_KEY
}
});
if (res.status === 403) {
log('✅ PASS: Rejected with 403 Forbidden', 'green');
return true;
} else {
log(`❌ FAIL: Expected 403, got ${res.status}`, 'red');
return false;
}
} catch (e) { log(`❌ Error: ${e.message}`, 'red'); return false; }
}
async function testValidKey() {
log('\n🟢 TEST 3: Request with VALID API Key', 'cyan');
try {
const res = await fetch(`${GATEWAY_URL}/api/routes/optimize`, {
method: 'POST',
body: JSON.stringify({
packageId: 'SECURE-PKG-001',
address: '123 Secure Lane',
priority: 'low'
}),
headers: {
'Content-Type': 'application/json',
'x-api-key': VALID_KEY
}
});
if (res.ok) { // 200 or 201
log('✅ PASS: Accepted with 200/201 OK', 'green');
return true;
} else {
log(`❌ FAIL: Expected Success, got ${res.status}`, 'red');
const txt = await res.text();
console.log(txt);
return false;
}
} catch (e) { log(`❌ Error: ${e.message}`, 'red'); return false; }
}
async function testSystemEndpoints() {
log('\n🏥 TEST 4: System Endpoints (No Auth Required)', 'cyan');
try {
const res = await fetch(`${GATEWAY_URL}/health`);
if (res.ok) {
log('✅ PASS: Health check accessible without key', 'green');
return true;
} else {
log(`❌ FAIL: Health check blocked (${res.status})`, 'red');
return false;
}
} catch (e) { log(`❌ Error: ${e.message}`, 'red'); return false; }
}
async function runTests() {
console.log('\n🔐 STARTING SECURITY AUDIT 🔐\n');
const results = [
await testNoKey(),
await testBadKey(),
await testValidKey(),
await testSystemEndpoints()
];
const passed = results.filter(r => r).length;
console.log(`\n📊 Security Score: ${passed}/${results.length}`);
if (passed === results.length) {
log('\n🎉 GATEWAY IS SECURE! 🎉', 'green');
} else {
log('\n⚠️ SECURITY VULNERABILITIES DETECTED', 'red');
}
}
runTests();