mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-21 12:11:14 +00:00
Oleksandr Bezdieniezhnykh
96cd3c4495
Adds Microsoft.AspNetCore.Authentication.JwtBearer 8.0.21 and the SatelliteProvider.Api.Authentication.AddSatelliteJwt extension that validates HS256 tokens against a shared JWT_SECRET (>=32 bytes, fail fast at startup). Every minimal-API endpoint now carries .RequireAuthorization(); the middleware chain is UseExceptionHandler -> UseHttpsRedirection -> UseCors -> UseAuthentication -> UseAuthorization -> endpoints. Swagger UI gets a Bearer security definition so the Authorize button works. Test infrastructure: JwtTokenFactory (unit) and JwtTestHelpers (integration) mint deterministic tokens against the same secret; the integration test runner attaches a default Bearer token to its shared HttpClient so existing tests continue to exercise protected endpoints. JwtIntegrationTests adds AC-1..AC-4 and AC-7 (Swagger advertises Bearer) end-to-end; AuthenticationServiceCollectionExtensionsTests covers AC-5 (missing/empty/short secret fail-fast) plus env-var precedence; JwtTokenFactoryTests covers AC-6 (claims pass through the JwtSecurityTokenHandler.ValidateToken path JwtBearer uses). docker-compose and scripts/run-tests.sh now propagate JWT_SECRET to the api and integration-tests containers, with a >=32-byte guard. .env.example documents the required keys; .env stays gitignored. Code review verdict: PASS_WITH_WARNINGS (2 Low findings surfaced in _docs/03_implementation/reviews/batch_01_cycle2_review.md). Cross-component coordination: gps-denied-onboard and the mission planner UI must attach Bearer tokens before this lands in dev. Co-authored-by: Cursor <cursoragent@cursor.com>
109 lines
4.0 KiB
Bash
Executable File
109 lines
4.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
|
|
|
|
cleanup() {
|
|
docker compose -f "$PROJECT_ROOT/docker-compose.yml" -f "$PROJECT_ROOT/docker-compose.tests.yml" down --remove-orphans || true
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: $(basename "$0") [--unit-only | --smoke | --full] [--skip-format]
|
|
|
|
Modes:
|
|
--unit-only Run only the .NET unit test project (no Docker Compose, no integration tests)
|
|
--smoke Run unit tests + a fast integration subset (~2 min target, tightened timeouts)
|
|
--full Run unit tests + the full integration suite (default if no flag is provided)
|
|
|
|
Flags:
|
|
--skip-format Skip the dotnet format --verify-no-changes check (use only for emergency runs)
|
|
|
|
Environment:
|
|
GOOGLE_MAPS_API_KEY Required for any integration test mode (loaded from .env or shell env).
|
|
JWT_SECRET Required for any integration test mode. Shared HMAC secret used by the
|
|
API and the integration test runner; must be at least 32 bytes (UTF-8).
|
|
Loaded from .env or shell env.
|
|
EOF
|
|
}
|
|
|
|
mode="full"
|
|
skip_format="false"
|
|
for arg in "$@"; do
|
|
case "$arg" in
|
|
--unit-only) mode="unit"; ;;
|
|
--smoke) mode="smoke"; ;;
|
|
--full) mode="full"; ;;
|
|
--skip-format) skip_format="true"; ;;
|
|
-h|--help) usage; exit 0; ;;
|
|
"") ;;
|
|
*) echo "Unknown argument: $arg"; usage; exit 2; ;;
|
|
esac
|
|
done
|
|
|
|
echo "=== Satellite Provider Test Suite ==="
|
|
echo "Mode: $mode"
|
|
echo ""
|
|
|
|
if [[ "$skip_format" == "true" ]]; then
|
|
echo "Step 0: Skipping dotnet format check (--skip-format)"
|
|
else
|
|
echo "Step 0: dotnet format whitespace --verify-no-changes"
|
|
if ! docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:8.0 \
|
|
dotnet format whitespace SatelliteProvider.sln --verify-no-changes; then
|
|
echo ""
|
|
echo "ERROR: Whitespace violations detected. Run 'dotnet format whitespace SatelliteProvider.sln' to fix."
|
|
exit 4
|
|
fi
|
|
echo ""
|
|
fi
|
|
|
|
if [[ "$mode" == "unit" ]]; then
|
|
echo "Running unit tests only..."
|
|
docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:8.0 \
|
|
sh -c "dotnet restore SatelliteProvider.sln && dotnet test SatelliteProvider.Tests/SatelliteProvider.Tests.csproj --no-restore --configuration Release --collect:'XPlat Code Coverage' --results-directory /src/TestResults --logger 'console;verbosity=normal'"
|
|
echo ""
|
|
echo "=== Unit tests complete (coverage written to ./TestResults/) ==="
|
|
exit 0
|
|
fi
|
|
|
|
if { [[ -z "${GOOGLE_MAPS_API_KEY:-}" ]] || [[ -z "${JWT_SECRET:-}" ]]; } && [[ -f "$PROJECT_ROOT/.env" ]]; then
|
|
set -o allexport
|
|
# shellcheck disable=SC1091
|
|
source "$PROJECT_ROOT/.env"
|
|
set +o allexport
|
|
fi
|
|
|
|
if [[ -z "${GOOGLE_MAPS_API_KEY:-}" ]]; then
|
|
echo "ERROR: GOOGLE_MAPS_API_KEY is not set (export it or add to .env). Integration tests will fail."
|
|
exit 3
|
|
fi
|
|
|
|
if [[ -z "${JWT_SECRET:-}" ]]; then
|
|
echo "ERROR: JWT_SECRET is not set (export it or add to .env). API will fail to start without it."
|
|
exit 3
|
|
fi
|
|
|
|
jwt_secret_bytes=${#JWT_SECRET}
|
|
if (( jwt_secret_bytes < 32 )); then
|
|
echo "ERROR: JWT_SECRET is ${jwt_secret_bytes} bytes; HMAC-SHA256 requires at least 32 bytes."
|
|
exit 3
|
|
fi
|
|
export JWT_SECRET
|
|
|
|
echo "Step 1: Unit tests"
|
|
docker run --rm -v "$PROJECT_ROOT:/src" -w /src mcr.microsoft.com/dotnet/sdk:8.0 \
|
|
sh -c "dotnet restore SatelliteProvider.sln && dotnet test SatelliteProvider.Tests/SatelliteProvider.Tests.csproj --no-restore --configuration Release --collect:'XPlat Code Coverage' --results-directory /src/TestResults --logger 'console;verbosity=normal'"
|
|
|
|
echo ""
|
|
echo "Step 2: Integration tests (Docker Compose, mode=$mode)"
|
|
INTEGRATION_TESTS_MODE="$mode" docker compose \
|
|
-f "$PROJECT_ROOT/docker-compose.yml" \
|
|
-f "$PROJECT_ROOT/docker-compose.tests.yml" \
|
|
up --build --abort-on-container-exit --exit-code-from integration-tests
|
|
|
|
echo ""
|
|
echo "=== All tests passed (mode=$mode) ==="
|