greebo/svg-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backend): enforce admin-only ops endpoints and cover destructive cleanup smoke

Browse Source 
restrict ops endpoints to admin-only access

block operator and viewer keys from admin maintenance routes
cover destructive pricing cleanup in smoke execution, not only preview

extend orchestration without regressing existing smoke stages
This commit is contained in:
greebo
2026-03-20 16:02:38 +03:00
parent 210981c953
commit 5aa35b1d04
10 changed files with 1090 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
backend/scripts/smoke_upload_negative.sh Normal file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
TMP_DIR="$(mktemp -d)"
trap 'rm -rf "${TMP_DIR}"' EXIT
# shellcheck source=backend/scripts/smoke_common.sh
source "${SCRIPT_DIR}/smoke_common.sh"
wait_for_health
require_fixture_svg
request "manifest" "GET" "${API_URL}/api/v1/manifest" "200"
MAX_FILE_SIZE_BYTES="$(json_get "${TMP_DIR}/manifest.body" "svg_limits.max_file_size_bytes")"
echo "MAX_FILE_SIZE_BYTES=${MAX_FILE_SIZE_BYTES}"
EMPTY_SVG_PATH="${TMP_DIR}/empty.svg"
NON_SVG_PATH="${TMP_DIR}/not-svg.txt"
SVG_BODY_WRONG_EXTENSION_PATH="${TMP_DIR}/svg-body.txt"
OVERSIZE_SVG_PATH="${TMP_DIR}/oversize.svg"
: > "${EMPTY_SVG_PATH}"
printf 'plain text payload\n' > "${NON_SVG_PATH}"
cp "${FIXTURE_SVG_PATH}" "${SVG_BODY_WRONG_EXTENSION_PATH}"
python3 - "${OVERSIZE_SVG_PATH}" "${MAX_FILE_SIZE_BYTES}" <<'PY'
import sys
from pathlib import Path
output_path = Path(sys.argv[1])
max_file_size_bytes = int(sys.argv[2])
payload = "<svg xmlns='http://www.w3.org/2000/svg'>" + (" " * max_file_size_bytes) + "</svg>"
output_path.write_text(payload, encoding="utf-8")
if output_path.stat().st_size <= max_file_size_bytes:
raise SystemExit("Generated oversize SVG is not larger than configured limit")
PY
upload_file_expect_status "upload_empty_file" "${EMPTY_SVG_PATH}" "empty.svg" "image/svg+xml" "400"
assert_file_contains "${TMP_DIR}/upload_empty_file.body" "Uploaded file is empty"
upload_file_expect_status "upload_non_svg_text_plain" "${NON_SVG_PATH}" "not-svg.txt" "text/plain" "400"
assert_file_contains "${TMP_DIR}/upload_non_svg_text_plain.body" "Only SVG files are allowed"
upload_file_expect_status "upload_svg_body_wrong_extension" "${SVG_BODY_WRONG_EXTENSION_PATH}" "valid-svg-body.txt" "text/plain" "400"
assert_file_contains "${TMP_DIR}/upload_svg_body_wrong_extension.body" "Only SVG files are allowed"
upload_file_expect_status "upload_oversize_svg" "${OVERSIZE_SVG_PATH}" "oversize.svg" "image/svg+xml" "413"
assert_file_contains "${TMP_DIR}/upload_oversize_svg.body" "SVG file exceeds configured size limit"
echo
echo "===== done ====="
echo "[OK] smoke upload negative completed successfully"