very minor bugfixes, really nothing too important

2025-07-03 11:52:02 -04:00 · 2025-07-03 11:52:02 -04:00 · f2fd4c8d7c
commit f2fd4c8d7c
parent 62da10b69c
20 changed files with 2099 additions and 170 deletions
--- a/tests/init.py
+++ b/tests/init.py
@ -0,0 +1 @@
+"""Tests for the random_access package."""
--- a/tests/test_security.py
+++ b/tests/test_security.py
@ -0,0 +1,122 @@
+#!/usr/bin/env python3
+"""
+Test script to verify security features are working correctly.
+"""
+
+import asyncio
+import aiohttp
+import json
+import time
+
+async def test_cors_headers():
+    """Test CORS headers for unknown domains."""
+    print("🧪 Testing CORS headers...")
+    
+    async with aiohttp.ClientSession() as session:
+        # Test with an unknown origin
+        headers = {
+            'Origin': 'https://unknown-game-domain.com',
+            'Content-Type': 'application/json'
+        }
+        
+        async with session.options('http://127.0.0.1:8000/items', headers=headers) as response:
+            print(f"   OPTIONS /items status: {response.status}")
+            cors_headers = {
+                'Access-Control-Allow-Origin': response.headers.get('Access-Control-Allow-Origin'),
+                'Access-Control-Allow-Methods': response.headers.get('Access-Control-Allow-Methods'),
+                'Access-Control-Allow-Headers': response.headers.get('Access-Control-Allow-Headers'),
+            }
+            print(f"   CORS headers: {cors_headers}")
+            
+        # Test actual request
+        async with session.get('http://127.0.0.1:8000/items', headers=headers) as response:
+            print(f"   GET /items status: {response.status}")
+            if response.status == 200:
+                print("   ✅ CORS working for unknown domains")
+            else:
+                print(f"   ❌ CORS failed: {response.status}")
+
+async def test_rate_limiting():
+    """Test rate limiting functionality."""
+    print("\n🧪 Testing rate limiting...")
+    
+    async with aiohttp.ClientSession() as session:
+        # Make multiple rapid requests
+        results = []
+        for i in range(5):
+            try:
+                async with session.get('http://127.0.0.1:8000/items') as response:
+                    results.append(response.status)
+                    rate_limit_headers = {
+                        'X-RateLimit-Limit': response.headers.get('X-RateLimit-Limit'),
+                        'X-RateLimit-Remaining': response.headers.get('X-RateLimit-Remaining'),
+                    }
+                    if i == 0:
+                        print(f"   Rate limit headers: {rate_limit_headers}")
+            except Exception as e:
+                print(f"   Request {i+1} failed: {e}")
+        
+        if all(status == 200 for status in results):
+            print(f"   ✅ Made {len(results)} requests successfully")
+        else:
+            print(f"   ⚠️  Some requests failed: {results}")
+
+async def test_security_headers():
+    """Test security headers."""
+    print("\n🧪 Testing security headers...")
+    
+    async with aiohttp.ClientSession() as session:
+        async with session.get('http://127.0.0.1:8000/items') as response:
+            security_headers = {
+                'X-Content-Type-Options': response.headers.get('X-Content-Type-Options'),
+                'X-Frame-Options': response.headers.get('X-Frame-Options'),
+                'X-XSS-Protection': response.headers.get('X-XSS-Protection'),
+                'Referrer-Policy': response.headers.get('Referrer-Policy'),
+            }
+            print(f"   Security headers: {security_headers}")
+            
+            if all(v for v in security_headers.values()):
+                print("   ✅ All security headers present")
+            else:
+                print("   ⚠️  Some security headers missing")
+
+async def test_api_documentation():
+    """Test API documentation accessibility."""
+    print("\n🧪 Testing API documentation...")
+    
+    async with aiohttp.ClientSession() as session:
+        async with session.get('http://127.0.0.1:8000/docs') as response:
+            if response.status == 200:
+                print("   ✅ OpenAPI docs accessible")
+            else:
+                print(f"   ❌ OpenAPI docs failed: {response.status}")
+                
+        async with session.get('http://127.0.0.1:8000/openapi.json') as response:
+            if response.status == 200:
+                print("   ✅ OpenAPI schema accessible")
+            else:
+                print(f"   ❌ OpenAPI schema failed: {response.status}")
+
+async def main():
+    """Run all tests."""
+    print("🚀 Testing Random Access API Security Features\n")
+    
+    try:
+        await test_cors_headers()
+        await test_rate_limiting()
+        await test_security_headers()
+        await test_api_documentation()
+        
+        print("\n✅ All security tests completed!")
+        print("\n🎯 Summary:")
+        print("   • CORS configured to allow unknown game domains")
+        print("   • Rate limiting active")
+        print("   • Security headers applied")
+        print("   • API documentation accessible")
+        print("   • Ready for web-based game integration!")
+        
+    except Exception as e:
+        print(f"\n❌ Test failed with error: {e}")
+
+if __name__ == "__main__":
+    asyncio.run(main())