#!/usr/bin/env python3 """ Test script to verify security features are working correctly. """ import asyncio import aiohttp import json import time async def test_cors_headers(): """Test CORS headers for unknown domains.""" print("🧪 Testing CORS headers...") async with aiohttp.ClientSession() as session: # Test with an unknown origin headers = { 'Origin': 'https://unknown-game-domain.com', 'Content-Type': 'application/json' } async with session.options('http://127.0.0.1:8000/items', headers=headers) as response: print(f" OPTIONS /items status: {response.status}") cors_headers = { 'Access-Control-Allow-Origin': response.headers.get('Access-Control-Allow-Origin'), 'Access-Control-Allow-Methods': response.headers.get('Access-Control-Allow-Methods'), 'Access-Control-Allow-Headers': response.headers.get('Access-Control-Allow-Headers'), } print(f" CORS headers: {cors_headers}") # Test actual request async with session.get('http://127.0.0.1:8000/items', headers=headers) as response: print(f" GET /items status: {response.status}") if response.status == 200: print(" ✅ CORS working for unknown domains") else: print(f" ❌ CORS failed: {response.status}") async def test_rate_limiting(): """Test rate limiting functionality.""" print("\n🧪 Testing rate limiting...") async with aiohttp.ClientSession() as session: # Make multiple rapid requests results = [] for i in range(5): try: async with session.get('http://127.0.0.1:8000/items') as response: results.append(response.status) rate_limit_headers = { 'X-RateLimit-Limit': response.headers.get('X-RateLimit-Limit'), 'X-RateLimit-Remaining': response.headers.get('X-RateLimit-Remaining'), } if i == 0: print(f" Rate limit headers: {rate_limit_headers}") except Exception as e: print(f" Request {i+1} failed: {e}") if all(status == 200 for status in results): print(f" ✅ Made {len(results)} requests successfully") else: print(f" ⚠️ Some requests failed: {results}") async def test_security_headers(): """Test security headers.""" print("\n🧪 Testing security headers...") async with aiohttp.ClientSession() as session: async with session.get('http://127.0.0.1:8000/items') as response: security_headers = { 'X-Content-Type-Options': response.headers.get('X-Content-Type-Options'), 'X-Frame-Options': response.headers.get('X-Frame-Options'), 'X-XSS-Protection': response.headers.get('X-XSS-Protection'), 'Referrer-Policy': response.headers.get('Referrer-Policy'), } print(f" Security headers: {security_headers}") if all(v for v in security_headers.values()): print(" ✅ All security headers present") else: print(" ⚠️ Some security headers missing") async def test_api_documentation(): """Test API documentation accessibility.""" print("\n🧪 Testing API documentation...") async with aiohttp.ClientSession() as session: async with session.get('http://127.0.0.1:8000/docs') as response: if response.status == 200: print(" ✅ OpenAPI docs accessible") else: print(f" ❌ OpenAPI docs failed: {response.status}") async with session.get('http://127.0.0.1:8000/openapi.json') as response: if response.status == 200: print(" ✅ OpenAPI schema accessible") else: print(f" ❌ OpenAPI schema failed: {response.status}") async def main(): """Run all tests.""" print("🚀 Testing Random Access API Security Features\n") try: await test_cors_headers() await test_rate_limiting() await test_security_headers() await test_api_documentation() print("\n✅ All security tests completed!") print("\n🎯 Summary:") print(" • CORS configured to allow unknown game domains") print(" • Rate limiting active") print(" • Security headers applied") print(" • API documentation accessible") print(" • Ready for web-based game integration!") except Exception as e: print(f"\n❌ Test failed with error: {e}") if __name__ == "__main__": asyncio.run(main())