mra/random-access
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
random-access/tests/test_security.py

143 lines
5 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
Test script to verify security features are working correctly.
"""
import asyncio
import json
import time
import aiohttp
async def test_cors_headers():
"""Test CORS headers for unknown domains."""
print("🧪 Testing CORS headers...")
async with aiohttp.ClientSession() as session:
# Test with an unknown origin
headers = {
"Origin": "https://unknown-game-domain.com",
"Content-Type": "application/json",
}
async with session.options(
"http://127.0.0.1:8000/items", headers=headers
) as response:
print(f" OPTIONS /items status: {response.status}")
cors_headers = {
"Access-Control-Allow-Origin": response.headers.get(
"Access-Control-Allow-Origin"
),
"Access-Control-Allow-Methods": response.headers.get(
"Access-Control-Allow-Methods"
),
"Access-Control-Allow-Headers": response.headers.get(
"Access-Control-Allow-Headers"
),
}
print(f" CORS headers: {cors_headers}")
# Test actual request
async with session.get(
"http://127.0.0.1:8000/items", headers=headers
) as response:
print(f" GET /items status: {response.status}")
if response.status == 200:
print(" ✅ CORS working for unknown domains")
else:
print(f" ❌ CORS failed: {response.status}")
async def test_rate_limiting():
"""Test rate limiting functionality."""
print("\n🧪 Testing rate limiting...")
async with aiohttp.ClientSession() as session:
# Make multiple rapid requests
results = []
for i in range(5):
try:
async with session.get("http://127.0.0.1:8000/items") as response:
results.append(response.status)
rate_limit_headers = {
"X-RateLimit-Limit": response.headers.get("X-RateLimit-Limit"),
"X-RateLimit-Remaining": response.headers.get(
"X-RateLimit-Remaining"
),
}
if i == 0:
print(f" Rate limit headers: {rate_limit_headers}")
except Exception as e:
print(f" Request {i+1} failed: {e}")
if all(status == 200 for status in results):
print(f" ✅ Made {len(results)} requests successfully")
else:
print(f" ⚠️ Some requests failed: {results}")
async def test_security_headers():
"""Test security headers."""
print("\n🧪 Testing security headers...")
async with aiohttp.ClientSession() as session:
async with session.get("http://127.0.0.1:8000/items") as response:
security_headers = {
"X-Content-Type-Options": response.headers.get(
"X-Content-Type-Options"
),
"X-Frame-Options": response.headers.get("X-Frame-Options"),
"X-XSS-Protection": response.headers.get("X-XSS-Protection"),
"Referrer-Policy": response.headers.get("Referrer-Policy"),
}
print(f" Security headers: {security_headers}")
if all(v for v in security_headers.values()):
print(" ✅ All security headers present")
else:
print(" ⚠️ Some security headers missing")
async def test_api_documentation():
"""Test API documentation accessibility."""
print("\n🧪 Testing API documentation...")
async with aiohttp.ClientSession() as session:
async with session.get("http://127.0.0.1:8000/docs") as response:
if response.status == 200:
print(" ✅ OpenAPI docs accessible")
else:
print(f" ❌ OpenAPI docs failed: {response.status}")
async with session.get("http://127.0.0.1:8000/openapi.json") as response:
if response.status == 200:
print(" ✅ OpenAPI schema accessible")
else:
print(f" ❌ OpenAPI schema failed: {response.status}")
async def main():
"""Run all tests."""
print("🚀 Testing Random Access API Security Features\n")
try:
await test_cors_headers()
await test_rate_limiting()
await test_security_headers()
await test_api_documentation()
print("\n✅ All security tests completed!")
print("\n🎯 Summary:")
print(" • CORS configured to allow unknown game domains")
print(" • Rate limiting active")
print(" • Security headers applied")
print(" • API documentation accessible")
print(" • Ready for web-based game integration!")
except Exception as e:
print(f"\n❌ Test failed with error: {e}")
if __name__ == "__main__":
asyncio.run(main())
Reference in a new issue View git blame Copy permalink