kaffa/cloud-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2133ae5c964c4d038dde30378d882ea5ef5f953
cloud-server/test-security.sh
kappa abe052b538 feat: 코드 품질 개선 및 추천 API 구현 
## 주요 변경사항

### 신규 기능
- POST /recommend: 기술 스택 기반 인스턴스 추천 API
- 아시아 리전 필터링 (Seoul, Tokyo, Osaka, Singapore)
- 매칭 점수 알고리즘 (메모리 40%, vCPU 30%, 가격 20%, 스토리지 10%)

### 보안 강화 (Security 9.0/10)
- API Key 인증 + constant-time 비교 (타이밍 공격 방어)
- Rate Limiting: KV 기반 분산 처리, fail-closed 정책
- IP Spoofing 방지 (CF-Connecting-IP만 신뢰)
- 요청 본문 10KB 제한
- CORS + 보안 헤더 (CSP, HSTS, X-Frame-Options)

### 성능 최적화 (Performance 9.0/10)
- Generator 패턴: AWS pricing 메모리 95% 감소
- D1 batch 쿼리: N+1 문제 해결
- 복합 인덱스 추가 (migrations/002)

### 코드 품질 (QA 9.0/10)
- 127개 테스트 (vitest)
- 구조화된 로깅 (민감정보 마스킹)
- 상수 중앙화 (constants.ts)
- 입력 검증 유틸리티 (utils/validation.ts)

### Vultr 연동 수정
- relay 서버 헤더: Authorization: Bearer → X-API-Key

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 11:57:35 +09:00

110 lines
3.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Security Feature Testing Script
# Tests authentication, rate limiting, and security headers
#
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Configuration
API_URL="${API_URL:-http://127.0.0.1:8787}"
API_KEY="${API_KEY:-test-api-key-12345}"
echo -e "${YELLOW}=== Cloud Server Security Tests ===${NC}\n"
# Test 1: Health endpoint (public, no auth required)
echo -e "${YELLOW}Test 1: Health endpoint (public)${NC}"
response=$(curl -s -w "\n%{http_code}" "$API_URL/health")
http_code=$(echo "$response" | tail -n1)
body=$(echo "$response" | head -n-1)
if [ "$http_code" = "200" ]; then
echo -e "${GREEN}✓ Health endpoint accessible without auth${NC}"
else
echo -e "${RED}✗ Health endpoint failed: HTTP $http_code${NC}"
fi
# Check security headers
echo -e "\n${YELLOW}Test 2: Security headers${NC}"
headers=$(curl -s -I "$API_URL/health")
if echo "$headers" | grep -q "X-Content-Type-Options: nosniff"; then
echo -e "${GREEN}✓ X-Content-Type-Options header present${NC}"
else
echo -e "${RED}✗ Missing X-Content-Type-Options header${NC}"
fi
if echo "$headers" | grep -q "X-Frame-Options: DENY"; then
echo -e "${GREEN}✓ X-Frame-Options header present${NC}"
else
echo -e "${RED}✗ Missing X-Frame-Options header${NC}"
fi
if echo "$headers" | grep -q "Strict-Transport-Security"; then
echo -e "${GREEN}✓ Strict-Transport-Security header present${NC}"
else
echo -e "${RED}✗ Missing Strict-Transport-Security header${NC}"
fi
# Test 3: Missing API key
echo -e "\n${YELLOW}Test 3: Missing API key (should fail)${NC}"
response=$(curl -s -w "\n%{http_code}" "$API_URL/instances")
http_code=$(echo "$response" | tail -n1)
if [ "$http_code" = "401" ]; then
echo -e "${GREEN}✓ Correctly rejected request without API key${NC}"
else
echo -e "${RED}✗ Expected 401, got HTTP $http_code${NC}"
fi
# Test 4: Invalid API key
echo -e "\n${YELLOW}Test 4: Invalid API key (should fail)${NC}"
response=$(curl -s -w "\n%{http_code}" -H "X-API-Key: invalid-key" "$API_URL/instances")
http_code=$(echo "$response" | tail -n1)
if [ "$http_code" = "401" ]; then
echo -e "${GREEN}✓ Correctly rejected request with invalid API key${NC}"
else
echo -e "${RED}✗ Expected 401, got HTTP $http_code${NC}"
fi
# Test 5: Valid API key
echo -e "\n${YELLOW}Test 5: Valid API key (should succeed)${NC}"
response=$(curl -s -w "\n%{http_code}" -H "X-API-Key: $API_KEY" "$API_URL/instances?limit=1")
http_code=$(echo "$response" | tail -n1)
if [ "$http_code" = "200" ]; then
echo -e "${GREEN}✓ Successfully authenticated with valid API key${NC}"
else
echo -e "${RED}✗ Authentication failed: HTTP $http_code${NC}"
fi
# Test 6: Rate limiting (optional, commented out by default)
# Uncomment to test rate limiting
# echo -e "\n${YELLOW}Test 6: Rate limiting${NC}"
# echo "Sending 101 requests to /instances..."
# for i in {1..101}; do
# response=$(curl -s -w "\n%{http_code}" -H "X-API-Key: $API_KEY" "$API_URL/instances?limit=1")
# http_code=$(echo "$response" | tail -n1)
#
# if [ "$http_code" = "429" ]; then
# echo -e "${GREEN}✓ Rate limit triggered after $i requests${NC}"
# body=$(echo "$response" | head -n-1)
# echo "Response: $body"
# break
# fi
#
# # Small delay to avoid overwhelming the server
# sleep 0.1
# done
echo -e "\n${YELLOW}=== Tests Complete ===${NC}"
echo -e "\nTo test rate limiting, uncomment Test 6 in this script."
echo -e "Rate limits: /instances=100req/min, /sync=10req/min"
Reference in New Issue View Git Blame Copy Permalink