mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3486d3d4abf9261e8b94c19bba1c5dffbb2490e0
next.orly.dev/scripts/run-policy-filter-test.sh
mleku 80ab3caa5f
Some checks failed
Go / build (push) Has been cancelled
Details
Go / release (push) Has been cancelled
Details
Implement policy-based event filtering and add integration tests 
- Enhanced the HandleReq function to incorporate policy checks for privileged events, ensuring only authorized users can access sensitive data.
- Introduced a new integration test suite for policy filtering, validating the behavior of event access based on user authentication and policy rules.
- Added a script to automate the policy filter integration tests, improving testing efficiency and reliability.
- Updated version to v0.20.2 to reflect the new features and improvements.
2025-10-30 17:51:15 +00:00

199 lines
5.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euo pipefail
# Policy Filter Integration Test
# This script runs the relay with the example policy and tests event filtering
# Config
PORT=${PORT:-34568}
URL=${URL:-ws://127.0.0.1:${PORT}}
LOG=/tmp/orly-policy-filter.out
PID=/tmp/orly-policy-filter.pid
DATADIR=$(mktemp -d)
CONFIG_DIR="$HOME/.config/ORLY_POLICY_TEST"
cleanup() {
trap - EXIT
if [[ -f "$PID" ]]; then
kill -INT "$(cat "$PID")" 2>/dev/null || true
rm -f "$PID"
fi
rm -rf "$DATADIR"
rm -rf "$CONFIG_DIR"
}
trap cleanup EXIT
echo "🧪 Policy Filter Integration Test"
echo "=================================="
# Create config directory
mkdir -p "$CONFIG_DIR"
# Generate keys using Go helper
echo "🔑 Generating test keys..."
KEYGEN_TMP=$(mktemp)
cat > "$KEYGEN_TMP.go" <<'EOF'
package main
import (
"encoding/json"
"fmt"
"next.orly.dev/pkg/crypto/p256k"
"next.orly.dev/pkg/encoders/hex"
)
func main() {
// Generate allowed signer
allowedSigner := &p256k.Signer{}
if err := allowedSigner.Generate(); err != nil {
panic(err)
}
allowedPubkeyHex := hex.Enc(allowedSigner.Pub())
allowedSecHex := hex.Enc(allowedSigner.Sec())
// Generate unauthorized signer
unauthorizedSigner := &p256k.Signer{}
if err := unauthorizedSigner.Generate(); err != nil {
panic(err)
}
unauthorizedPubkeyHex := hex.Enc(unauthorizedSigner.Pub())
unauthorizedSecHex := hex.Enc(unauthorizedSigner.Sec())
result := map[string]string{
"allowedPubkey": allowedPubkeyHex,
"allowedSec": allowedSecHex,
"unauthorizedPubkey": unauthorizedPubkeyHex,
"unauthorizedSec": unauthorizedSecHex,
}
jsonBytes, _ := json.Marshal(result)
fmt.Println(string(jsonBytes))
}
EOF
# Run from the project root directory
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
cd "$PROJECT_ROOT"
KEYS=$(go run -tags=cgo "$KEYGEN_TMP.go" 2>&1 | grep -E '^\{.*\}$' || true)
rm -f "$KEYGEN_TMP.go"
cd - > /dev/null
ALLOWED_PUBKEY=$(echo "$KEYS" | jq -r '.allowedPubkey')
ALLOWED_SEC=$(echo "$KEYS" | jq -r '.allowedSec')
UNAUTHORIZED_PUBKEY=$(echo "$KEYS" | jq -r '.unauthorizedPubkey')
UNAUTHORIZED_SEC=$(echo "$KEYS" | jq -r '.unauthorizedSec')
echo "✅ Generated keys:"
echo " Allowed pubkey: $ALLOWED_PUBKEY"
echo " Unauthorized pubkey: $UNAUTHORIZED_PUBKEY"
# Create policy JSON with generated keys
echo "📝 Creating policy.json..."
cat > "$CONFIG_DIR/policy.json" <<EOF
{
"kind": {
"whitelist": [4678, 10306, 30520, 30919]
},
"rules": {
"4678": {
"description": "Zenotp message events",
"script": "$CONFIG_DIR/validate4678.js",
"privileged": true
},
"10306": {
"description": "End user whitelist changes",
"read_allow": [
"$ALLOWED_PUBKEY"
],
"privileged": true
},
"30520": {
"description": "Zenotp events",
"write_allow": [
"$ALLOWED_PUBKEY"
],
"privileged": true
},
"30919": {
"description": "Zenotp events",
"write_allow": [
"$ALLOWED_PUBKEY"
],
"privileged": true
}
}
}
EOF
echo "✅ Policy file created at: $CONFIG_DIR/policy.json"
# Build relay and test client
echo "🔨 Building relay..."
go build -o orly .
# Start relay
echo "🚀 Starting relay on ${URL} with policy enabled..."
ORLY_APP_NAME="ORLY_POLICY_TEST" \
ORLY_DATA_DIR="$DATADIR" \
ORLY_PORT=${PORT} \
ORLY_POLICY_ENABLED=true \
ORLY_ACL_MODE=none \
ORLY_AUTH_TO_WRITE=true \
ORLY_LOG_LEVEL=info \
./orly >"$LOG" 2>&1 & echo $! >"$PID"
# Wait for relay to start
sleep 3
if ! ps -p "$(cat "$PID")" >/dev/null 2>&1; then
echo "❌ Relay failed to start; logs:" >&2
sed -n '1,200p' "$LOG" >&2
exit 1
fi
echo "✅ Relay started (PID: $(cat "$PID"))"
# Build test client
echo "🔨 Building test client..."
go build -o cmd/policyfiltertest/policyfiltertest ./cmd/policyfiltertest
# Export keys for test client
export ALLOWED_PUBKEY
export ALLOWED_SEC
export UNAUTHORIZED_PUBKEY
export UNAUTHORIZED_SEC
# Run tests
echo "🧪 Running policy filter tests..."
set +e
cmd/policyfiltertest/policyfiltertest -url "${URL}" -allowed-pubkey "$ALLOWED_PUBKEY" -allowed-sec "$ALLOWED_SEC" -unauthorized-pubkey "$UNAUTHORIZED_PUBKEY" -unauthorized-sec "$UNAUTHORIZED_SEC"
TEST_RESULT=$?
set -e
# Check logs for "policy rule is inactive" messages
echo "📋 Checking logs for policy rule inactivity..."
if grep -q "policy rule is inactive" "$LOG"; then
echo "⚠️ WARNING: Found 'policy rule is inactive' messages in logs"
grep "policy rule is inactive" "$LOG" | head -5
else
echo "✅ No 'policy rule is inactive' messages found (good)"
fi
# Check logs for policy filtered events
echo "📋 Checking logs for policy filtered events..."
if grep -q "policy filtered out event" "$LOG"; then
echo "✅ Found policy filtered events (expected):"
grep "policy filtered out event" "$LOG" | head -5
fi
if [ $TEST_RESULT -eq 0 ]; then
echo "✅ All tests passed!"
exit 0
else
echo "❌ Tests failed with exit code $TEST_RESULT"
echo "📋 Last 50 lines of relay log:"
tail -50 "$LOG"
exit $TEST_RESULT
fi
Reference in New Issue View Git Blame Copy Permalink