#!/usr/bin/env python3 """ Test script to verify security features are working correctly. """ import asyncio import aiohttp async def test_cors_headers(): """Test CORS headers for unknown domains.""" print("🧪 Testing CORS headers...") async with aiohttp.ClientSession() as session: # Test with an unknown origin headers = { "Origin": "https://unknown-game-domain.com", "Content-Type": "application/json", } async with session.options( "http://127.0.0.1:8000/items", headers=headers ) as response: print(f" OPTIONS /items status: {response.status}") cors_headers = { "Access-Control-Allow-Origin": response.headers.get( "Access-Control-Allow-Origin" ), "Access-Control-Allow-Methods": response.headers.get( "Access-Control-Allow-Methods" ), "Access-Control-Allow-Headers": response.headers.get( "Access-Control-Allow-Headers" ), } print(f" CORS headers: {cors_headers}") # Test actual request async with session.get( "http://127.0.0.1:8000/items", headers=headers ) as response: print(f" GET /items status: {response.status}") if response.status == 200: print(" ✅ CORS working for unknown domains") else: print(f" ❌ CORS failed: {response.status}") async def test_rate_limiting(): """Test rate limiting functionality.""" print("\n🧪 Testing rate limiting...") async with aiohttp.ClientSession() as session: # Make multiple rapid requests results = [] for i in range(5): try: async with session.get("http://127.0.0.1:8000/items") as response: results.append(response.status) rate_limit_headers = { "X-RateLimit-Limit": response.headers.get("X-RateLimit-Limit"), "X-RateLimit-Remaining": response.headers.get( "X-RateLimit-Remaining" ), } if i == 0: print(f" Rate limit headers: {rate_limit_headers}") except Exception as e: print(f" Request {i+1} failed: {e}") if all(status == 200 for status in results): print(f" ✅ Made {len(results)} requests successfully") else: print(f" ⚠️ Some requests failed: {results}") async def test_security_headers(): """Test security headers.""" print("\n🧪 Testing security headers...") async with aiohttp.ClientSession() as session: async with session.get("http://127.0.0.1:8000/items") as response: security_headers = { "X-Content-Type-Options": response.headers.get( "X-Content-Type-Options" ), "X-Frame-Options": response.headers.get("X-Frame-Options"), "X-XSS-Protection": response.headers.get("X-XSS-Protection"), "Referrer-Policy": response.headers.get("Referrer-Policy"), } print(f" Security headers: {security_headers}") if all(v for v in security_headers.values()): print(" ✅ All security headers present") else: print(" ⚠️ Some security headers missing") async def test_api_documentation(): """Test API documentation accessibility.""" print("\n🧪 Testing API documentation...") async with aiohttp.ClientSession() as session: async with session.get("http://127.0.0.1:8000/docs") as response: if response.status == 200: print(" ✅ OpenAPI docs accessible") else: print(f" ❌ OpenAPI docs failed: {response.status}") async with session.get("http://127.0.0.1:8000/openapi.json") as response: if response.status == 200: print(" ✅ OpenAPI schema accessible") else: print(f" ❌ OpenAPI schema failed: {response.status}") async def main(): """Run all tests.""" print("🚀 Testing Random Access API Security Features\n") try: await test_cors_headers() await test_rate_limiting() await test_security_headers() await test_api_documentation() print("\n✅ All security tests completed!") print("\n🎯 Summary:") print(" • CORS configured to allow unknown game domains") print(" • Rate limiting active") print(" • Security headers applied") print(" • API documentation accessible") print(" • Ready for web-based game integration!") except Exception as e: print(f"\n❌ Test failed with error: {e}") if __name__ == "__main__": asyncio.run(main())