#!/bin/bash # Script de test pour l'API LeCoffre Anchor # Usage: ./test-api.sh [API_URL] [API_KEY] # Charge les variables d'environnement depuis .env si disponible if [ -f ".env" ]; then set -o allexport # shellcheck disable=SC1091 source ".env" set +o allexport fi API_URL=${1:-"${ANCHORE_API_URL:-}"} # Pas de fallback : variable obligatoire API_KEY=${2:-"${ANCHORE_API_KEY:-}"} # Pas de fallback : variable obligatoire if [ -z "$API_URL" ]; then echo "❌ ANCHORE_API_URL non défini (fournir la variable ou passer l'URL en argument)." exit 1 fi if [ -z "$API_KEY" ]; then echo "❌ ANCHORE_API_KEY non défini (fournir la variable ou passer la clé en argument)." exit 1 fi echo "🧪 Test de l'API LeCoffre Anchor" echo "📍 URL: $API_URL" echo "🔑 API Key: ${API_KEY:0:8}..." echo "" # Couleurs pour les logs RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # Fonction pour tester un endpoint test_endpoint() { local name="$1" local method="$2" local endpoint="$3" local headers="$4" local data="$5" local expected_status="$6" echo -n "Testing $name... " local curl_cmd=(curl -s -w "\n%{http_code}" -X "$method" "$API_URL$endpoint") if [ -n "$headers" ]; then # shellcheck disable=SC2206 local header_array=() eval "header_array=($headers)" curl_cmd+=("${header_array[@]}") fi if [ -n "$data" ]; then curl_cmd+=(-d "$data") fi response=$("${curl_cmd[@]}") http_code=$(echo "$response" | tail -n1) body=$(echo "$response" | head -n -1) if [ "$http_code" = "$expected_status" ]; then echo -e "${GREEN}✓${NC} (HTTP $http_code)" else echo -e "${RED}✗${NC} (HTTP $http_code, expected $expected_status)" echo "Response: $body" fi } # Test 1: Health Check echo "1. Health Check" test_endpoint "Health endpoint" "GET" "/health" "" "" "200" echo "" # Test 2: Authentification echo "2. Authentification" test_endpoint "Sans API key" "POST" "/api/anchor/document" "-H \"Content-Type: application/json\"" '{"documentUid":"test","hash":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"}' "401" test_endpoint "Mauvaise API key" "POST" "/api/anchor/document" "-H \"Content-Type: application/json\" -H \"x-api-key: wrong-key\"" '{"documentUid":"test","hash":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"}' "401" test_endpoint "Bonne API key" "POST" "/api/anchor/document" "-H \"Content-Type: application/json\" -H \"x-api-key: $API_KEY\"" '{"documentUid":"test","hash":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"}' "200" echo "" # Test 3: Validation des données echo "3. Validation des données" test_endpoint "Hash invalide" "POST" "/api/anchor/document" "-H \"Content-Type: application/json\" -H \"x-api-key: $API_KEY\"" '{"documentUid":"test","hash":"invalid-hash"}' "400" test_endpoint "DocumentUid manquant" "POST" "/api/anchor/document" "-H \"Content-Type: application/json\" -H \"x-api-key: $API_KEY\"" '{"hash":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"}' "400" test_endpoint "Hash manquant" "POST" "/api/anchor/document" "-H \"Content-Type: application/json\" -H \"x-api-key: $API_KEY\"" '{"documentUid":"test"}' "400" echo "" # Test 4: Endpoints fonctionnels echo "4. Endpoints fonctionnels" # Créer une transaction pour tester le statut transaction_response=$(curl -s -X POST "$API_URL/api/anchor/document" \ -H "Content-Type: application/json" \ -H "x-api-key: $API_KEY" \ -d '{"documentUid":"test-status","hash":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"}') transaction_id=$(echo "$transaction_response" | jq -r '.transaction_id') echo "Transaction créée (txid Bitcoin): $transaction_id" # Vérifier que transaction_id est un txid Bitcoin valide (64 hex) if ! echo "$transaction_id" | grep -qE '^[a-f0-9]{64}$'; then echo -e "${RED}✗${NC} transaction_id n'est pas un txid Bitcoin valide (64 hex): $transaction_id" echo "Response: $transaction_response" else echo -e "${GREEN}✓${NC} transaction_id est un txid Bitcoin valide" fi test_endpoint "Statut transaction" "GET" "/api/anchor/status/$transaction_id" "-H \"x-api-key: $API_KEY\"" "" "200" # Test avec un txid Bitcoin invalide (mais format correct) test_endpoint "Transaction inexistante" "GET" "/api/anchor/status/0000000000000000000000000000000000000000000000000000000000000000" "-H \"x-api-key: $API_KEY\"" "" "404" echo "" # Test 5: Vérification echo "5. Vérification" test_endpoint "Vérifier hash" "POST" "/api/anchor/verify" "-H \"Content-Type: application/json\" -H \"x-api-key: $API_KEY\"" '{"hash":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"}' "200" test_endpoint "Hash invalide pour vérification" "POST" "/api/anchor/verify" "-H \"Content-Type: application/json\" -H \"x-api-key: $API_KEY\"" '{"hash":"invalid"}' "400" echo "" # Test 6: CORS echo "6. CORS" echo -n "Testing CORS preflight... " cors_response=$(curl -s -H "Origin: http://malicious-site.com" \ -H "Access-Control-Request-Method: POST" \ -H "Access-Control-Request-Headers: x-api-key,content-type" \ -X OPTIONS "$API_URL/api/anchor/document" -w "%{http_code}") cors_code=$(echo "$cors_response" | tail -n1) if [ "$cors_code" = "204" ]; then echo -e "${YELLOW}⚠${NC} (HTTP $cors_code - CORS pourrait être trop permissif)" else echo -e "${GREEN}✓${NC} (HTTP $cors_code)" fi echo "" # Test 7: Performance echo "7. Performance" echo -n "Testing 10 requests... " start_time=$(date +%s.%N) for i in {1..10}; do curl -s -X POST "$API_URL/api/anchor/document" \ -H "Content-Type: application/json" \ -H "x-api-key: $API_KEY" \ -d "{\"documentUid\":\"perf-test-$i\",\"hash\":\"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef\"}" > /dev/null done end_time=$(date +%s.%N) duration=$(echo "$end_time - $start_time" | bc) rps=$(echo "scale=2; 10 / $duration" | bc) echo -e "${GREEN}✓${NC} ($rps req/s)" echo "" echo "🎯 Tests terminés!" echo "" echo "📊 Résumé:" echo "- Health check: ✓" echo "- Authentification: ✓" echo "- Validation: ✓" echo "- Endpoints: ✓" echo "- Vérification: ✓" echo "- CORS: ⚠ (à vérifier)" echo "- Performance: ✓" echo "" echo "💡 Note: Le transaction_id est maintenant directement le txid Bitcoin (64 hex), consultable sur mempool."