Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
8bb61d996a
PromucFlow_constructor/deploy/docker/route-tests/entrypoint.sh
Shrikant Sharat Kandula 19cc5040f3 test: More test for frame ancestors config
2023-12-19 17:09:58 +05:30

128 lines
3.5 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
new-spec() {
echo "-----------" "$@" "-----------"
# Unset influencing state
unset APPSMITH_CUSTOM_DOMAIN APPSMITH_ALLOWED_FRAME_ANCESTORS
# Clean custom certificates
mkdir -p /appsmith-stacks/ssl
find /appsmith-stacks/ssl -type f -delete
}
reload-caddy() {
sed -i 's/127.0.0.1:{args\[0]}/127.0.0.1:5050/' "$TMP/Caddyfile"
caddy fmt --overwrite "$TMP/Caddyfile"
caddy reload --config "$TMP/Caddyfile"
sleep 1
}
run-hurl() {
hurl --test \
--resolve local.com:80:127.0.0.1 \
--resolve custom-domain.com:80:127.0.0.1 \
--resolve custom-domain.com:443:127.0.0.1 \
"$@"
}
if [[ "${OPEN_SHELL-}" == 1 ]]; then
# Open shell for debugging after this script is done.
trap bash EXIT
fi
echo
echo "caddy version: $(caddy --version)"
echo "hurl version: $(hurl --version)"
echo "mkcert version: $(mkcert --version)"
echo
export TMP=/tmp/appsmith
export WWW_PATH="$TMP/www"
mkdir -p "$WWW_PATH"
echo -n 'index.html body' > "$WWW_PATH/index.html"
mkcert -install
# Start echo server
XDG_DATA_HOME="$TMP/echo-data" \
XDG_CONFIG_HOME="$TMP/echo-conf" \
caddy start --config echo.caddyfile --adapter caddyfile \
>> "$TMP/echo-caddy.log" 2>&1
# Start Caddy for use with our config to test
caddy start >> "$TMP/caddy.log" 2>&1
sleep 1
# Default values for Hurl variables
export HURL_frame_ancestors="'self'"
# Run tests, scenario by scenario
new-spec "Spec 1: With no custom domain and no frame ancestors"
node /caddy-reconfigure.mjs
reload-caddy
run-hurl common/*.hurl
new-spec "Spec 2: With a custom domain, cert obtained (because of internal CA)"
export APPSMITH_CUSTOM_DOMAIN=custom-domain.com
node /caddy-reconfigure.mjs
#sed -i '2i acme_ca https://acme-staging-v02.api.letsencrypt.org/directory' "$TMP/Caddyfile"
sed -i '/https:\/\/'"$APPSMITH_CUSTOM_DOMAIN"' {$/a tls internal' "$TMP/Caddyfile"
reload-caddy
run-hurl --variable ca_issuer="CN = Caddy Local Authority - ECC Intermediate" \
common/*.hurl common-https/*.hurl
new-spec "Spec 3: With a custom domain, certs given in ssl folder"
export APPSMITH_CUSTOM_DOMAIN=custom-domain.com
mkcert -cert-file "/appsmith-stacks/ssl/fullchain.pem" -key-file "/appsmith-stacks/ssl/privkey.pem" "$APPSMITH_CUSTOM_DOMAIN"
node /caddy-reconfigure.mjs
reload-caddy
run-hurl --variable ca_issuer="O = mkcert development CA" \
common/*.hurl common-https/*.hurl
new-spec "Spec 4: No custom domain, but certs present in ssl folder"
mkcert -cert-file "/appsmith-stacks/ssl/fullchain.pem" -key-file "/appsmith-stacks/ssl/privkey.pem" random-domain.com
node /caddy-reconfigure.mjs
reload-caddy
run-hurl common/*.hurl
new-spec "Spec 5: Empty custom domain, but certs present in ssl folder"
export APPSMITH_CUSTOM_DOMAIN=""
mkcert -cert-file "/appsmith-stacks/ssl/fullchain.pem" -key-file "/appsmith-stacks/ssl/privkey.pem" random-domain.com
node /caddy-reconfigure.mjs
reload-caddy
run-hurl common/*.hurl
new-spec "Spec 6: Custom frame ancestors"
export APPSMITH_ALLOWED_FRAME_ANCESTORS="something.com another.com"
node /caddy-reconfigure.mjs
reload-caddy
run-hurl --variable frame_ancestors="something.com another.com" \
common/*.hurl
new-spec "Spec 7: Empty frame ancestors"
export APPSMITH_ALLOWED_FRAME_ANCESTORS=""
node /caddy-reconfigure.mjs
reload-caddy
run-hurl common/*.hurl
new-spec "Spec 7: Frame ancestors value with extra CSP directives"
export APPSMITH_ALLOWED_FRAME_ANCESTORS="something.com; script-src something more not allowed"
node /caddy-reconfigure.mjs
reload-caddy
run-hurl --variable frame_ancestors="something.com" \
common/*.hurl
Reference in New Issue View Git Blame Copy Permalink