test: add comprehensive authentication middleware test (issue #4)

- Add Test 5 to integration_test.sh for authentication verification - Test admin endpoints reject unauthorized requests properly - Test admin endpoints work with valid JWT tokens - Test KV endpoints respect anonymous access configuration - Extract and use auto-generated root account tokens docs: update README and CLAUDE.md for recent security features - Document allow_anonymous_read and allow_anonymous_write config options - Update API documentation with authentication requirements - Add security notes about DELETE operations always requiring auth - Update configuration table with new anonymous access settings - Document new authentication test coverage in CLAUDE.md 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-21 12:34:15 +03:00
parent b4f57b3604
commit 2431d3cfb0
3 changed files with 95 additions and 4 deletions
--- a/integration_test.sh
+++ b/integration_test.sh
@@ -361,6 +361,79 @@ EOF
    fi
 }

+# Test 5: Authentication middleware (Issue #4)
+test_authentication_middleware() {
+    test_start "Authentication middleware test (Issue #4)"
+    
+    # Create auth test config
+    cat > auth_test.yaml <<EOF
+node_id: "auth-test"
+bind_address: "127.0.0.1"
+port: 8095
+data_dir: "./auth_test_data"
+seed_nodes: []
+log_level: "error"
+auth_enabled: true
+allow_anonymous_read: false
+allow_anonymous_write: false
+EOF
+    
+    # Start node
+    $BINARY auth_test.yaml >auth_test.log 2>&1 &
+    local pid=$!
+    
+    if wait_for_service 8095; then
+        sleep 2  # Allow root account creation
+        
+        # Extract the token from logs
+        local token=$(grep "Token:" auth_test.log | sed 's/.*Token: //' | tr -d '\n\r')
+        
+        if [ -z "$token" ]; then
+            log_error "Failed to extract authentication token from logs"
+            kill $pid 2>/dev/null || true
+            return
+        fi
+        
+        # Test 1: Admin endpoints should fail without authentication
+        local no_auth_response=$(curl -s -X POST http://localhost:8095/api/users -H "Content-Type: application/json" -d '{"nickname":"test","password":"test"}')
+        if echo "$no_auth_response" | grep -q "Unauthorized"; then
+            log_success "Admin endpoints properly reject unauthenticated requests"
+        else
+            log_error "Admin endpoints should reject unauthenticated requests, got: $no_auth_response"
+        fi
+        
+        # Test 2: Admin endpoints should work with valid authentication
+        local auth_response=$(curl -s -X POST http://localhost:8095/api/users -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d '{"nickname":"authtest","password":"authtest"}')
+        if echo "$auth_response" | grep -q "uuid"; then
+            log_success "Admin endpoints work with valid authentication"
+        else
+            log_error "Admin endpoints should work with authentication, got: $auth_response"
+        fi
+        
+        # Test 3: KV endpoints should require auth when anonymous access is disabled
+        local kv_no_auth=$(curl -s -X PUT http://localhost:8095/kv/test/auth -H "Content-Type: application/json" -d '{"test":"auth"}')
+        if echo "$kv_no_auth" | grep -q "Unauthorized"; then
+            log_success "KV endpoints properly require authentication when anonymous access disabled"
+        else
+            log_error "KV endpoints should require auth when anonymous access disabled, got: $kv_no_auth"
+        fi
+        
+        # Test 4: KV endpoints should work with valid authentication
+        local kv_auth=$(curl -s -X PUT http://localhost:8095/kv/test/auth -H "Content-Type: application/json" -H "Authorization: Bearer $token" -d '{"test":"auth"}')
+        if echo "$kv_auth" | grep -q "uuid\|timestamp" || [ -z "$kv_auth" ]; then
+            log_success "KV endpoints work with valid authentication"
+        else
+            log_error "KV endpoints should work with authentication, got: $kv_auth"
+        fi
+        
+        kill $pid 2>/dev/null || true
+        sleep 2
+    else
+        log_error "Auth test node failed to start"
+        kill $pid 2>/dev/null || true
+    fi
+}
+
 # Main test execution
 main() {
    echo "=================================================="
@@ -378,6 +451,7 @@ main() {
    test_basic_functionality
    test_cluster_formation
    test_conflict_resolution
+    test_authentication_middleware
    
    # Results
    echo "=================================================="