mra/random-access
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
random-access/tests/test_security.py

122 lines
4.8 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
Test script to verify security features are working correctly.
"""
import asyncio
import aiohttp
import json
import time
async def test_cors_headers():
"""Test CORS headers for unknown domains."""
print("🧪 Testing CORS headers...")
async with aiohttp.ClientSession() as session:
# Test with an unknown origin
headers = {
'Origin': 'https://unknown-game-domain.com',
'Content-Type': 'application/json'
}
async with session.options('http://127.0.0.1:8000/items', headers=headers) as response:
print(f" OPTIONS /items status: {response.status}")
cors_headers = {
'Access-Control-Allow-Origin': response.headers.get('Access-Control-Allow-Origin'),
'Access-Control-Allow-Methods': response.headers.get('Access-Control-Allow-Methods'),
'Access-Control-Allow-Headers': response.headers.get('Access-Control-Allow-Headers'),
}
print(f" CORS headers: {cors_headers}")
# Test actual request
async with session.get('http://127.0.0.1:8000/items', headers=headers) as response:
print(f" GET /items status: {response.status}")
if response.status == 200:
print(" ✅ CORS working for unknown domains")
else:
print(f" ❌ CORS failed: {response.status}")
async def test_rate_limiting():
"""Test rate limiting functionality."""
print("\n🧪 Testing rate limiting...")
async with aiohttp.ClientSession() as session:
# Make multiple rapid requests
results = []
for i in range(5):
try:
async with session.get('http://127.0.0.1:8000/items') as response:
results.append(response.status)
rate_limit_headers = {
'X-RateLimit-Limit': response.headers.get('X-RateLimit-Limit'),
'X-RateLimit-Remaining': response.headers.get('X-RateLimit-Remaining'),
}
if i == 0:
print(f" Rate limit headers: {rate_limit_headers}")
except Exception as e:
print(f" Request {i+1} failed: {e}")
if all(status == 200 for status in results):
print(f" ✅ Made {len(results)} requests successfully")
else:
print(f" ⚠️ Some requests failed: {results}")
async def test_security_headers():
"""Test security headers."""
print("\n🧪 Testing security headers...")
async with aiohttp.ClientSession() as session:
async with session.get('http://127.0.0.1:8000/items') as response:
security_headers = {
'X-Content-Type-Options': response.headers.get('X-Content-Type-Options'),
'X-Frame-Options': response.headers.get('X-Frame-Options'),
'X-XSS-Protection': response.headers.get('X-XSS-Protection'),
'Referrer-Policy': response.headers.get('Referrer-Policy'),
}
print(f" Security headers: {security_headers}")
if all(v for v in security_headers.values()):
print(" ✅ All security headers present")
else:
print(" ⚠️ Some security headers missing")
async def test_api_documentation():
"""Test API documentation accessibility."""
print("\n🧪 Testing API documentation...")
async with aiohttp.ClientSession() as session:
async with session.get('http://127.0.0.1:8000/docs') as response:
if response.status == 200:
print(" ✅ OpenAPI docs accessible")
else:
print(f" ❌ OpenAPI docs failed: {response.status}")
async with session.get('http://127.0.0.1:8000/openapi.json') as response:
if response.status == 200:
print(" ✅ OpenAPI schema accessible")
else:
print(f" ❌ OpenAPI schema failed: {response.status}")
async def main():
"""Run all tests."""
print("🚀 Testing Random Access API Security Features\n")
try:
await test_cors_headers()
await test_rate_limiting()
await test_security_headers()
await test_api_documentation()
print("\n✅ All security tests completed!")
print("\n🎯 Summary:")
print(" • CORS configured to allow unknown game domains")
print(" • Rate limiting active")
print(" • Security headers applied")
print(" • API documentation accessible")
print(" • Ready for web-based game integration!")
except Exception as e:
print(f"\n❌ Test failed with error: {e}")
if __name__ == "__main__":
asyncio.run(main())
Reference in a new issue View git blame Copy permalink