renamed server/ to api/ since this is really only the api portion of the typical fc server

server-api/tests/common.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+# Details for our bs user when testing things
+export id=1
+export secret=secret
+export name=godrah
+export joindate=123
+export status=1
+export permissions=69
+
+export simple_key='{"secret":"secret"}'
+
+export url='localhost:8888'
+
+export GET='-X GET'
+export POST='-X POST'
+
+export arrows='>>>>>'
+export line='============='
+
+export crl='curl --silent -i'

server-api/tests/main.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# This script is basically just a convenient launch pad script for running all 
+# the tests at once
+# Most tests should be runnable by doing ./script.sh name_of_test
+
+
+# First the 'good' input tests
+# This is to say that we get input that:
+# 1. is properly formatted
+# 2. has all the info we need & none we don't
+# 3. has basically nothing malicious about it
+
+log_result() {
+    name=$1
+    expect=$2
+    actual=$3
+    result=$4
+
+    green='\033[1;32m'
+    red='\033[1;91m'
+    nc='\033[0m'
+    if [ $expect != $actual ];then
+        echo -e ${red}${name}${nc} ${green}$expect ${red}$actual${nc}
+        echo -e ${red}==========${nc}
+        echo "$result" | sed 's/^/\t/g'
+        echo -e ${red}==========${nc}
+    else
+        echo -e ${green}${name}${nc} $expect $actual
+		if [ ! -z "$_show_body" ];then
+			echo ==========
+        	echo "$result" | sed 's/^/\t/g'
+        	echo ==========
+		fi
+    fi
+}
+
+if [ "$1" = "body" ];then
+	export _show_body=1
+fi
+
+source ./common.sh
+export -f log_result
+echo TestName ExpectedCode ActualCode
+
+bash ./verify_basic_cases.sh
+
+bash ./verify_err_cases.sh
+
+bash ./verify_mal_cases.sh

server-api/tests/status.md

@@ -0,0 +1,19 @@
+# State of Tests
+
+Here is a description of what is passing and what is failing where
+
+## Full passes
+
+_Nothing for now_
+
+## Basic Passes
+
+_Nothing for now_
+
+## Err Passes
+
+_Nothing for now_
+
+## Mal Passes
+
+_Nothing for now_

server-api/tests/todo.md

@@ -0,0 +1,25 @@
+Testing happens on a per-modules basis
+
+# Messages
+
+All required, none finished
+
+# Channels
+
+* list\_all\_channels
+
+	Good and bad users done
+
+	Malicious users not done
+
+* create\_channel - sql driver is totally fucked m80
+
+* delete\_channel - not ready for testing 
+
+* set\_channel\_attribute - not ready for testing
+
+# Invites
+
+* create - not tested
+
+* use - not tested

server-api/tests/verify_basic_cases.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Available tests marked with `TEST` - ez grep usage
+
+active_tests='list_all_channels create_channel delete_channel
+send_message
+'
+
+list_all_channels() { # TEST
+	result=$(curl --silent -i $GET $url/channels/list -d $simple_key)
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result "good_list_all_channels" 200 $code "$result"
+}
+
+create_channel() {
+	kv='{"secret":"secret", "name":"sample", "kind":2, "description":"some bs description"}'
+	result=$($crl $POST $url/channels/create -d "$kv")
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result good_create_channel 200 $code "$result"
+}
+
+delete_channel() {
+	kv='{"secret":"secret", "name":"sample"}'
+	result=$($crl $POST $url/channels/delete -d "$kv")
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result good_delete_channel 200 $code "$result"
+}
+
+send_message() {
+	# ignoring the reaction to this as its not _completely_ relevant for this test
+	$crl $POST $url/channels/create -d '{"secret":"secret","name":"msgchannel","kind":2}' > /dev/null
+
+	# now we can try sending the right parameters to send a basic message
+	kv='{"secret":"secret", "content":"message sample", "channel":"msgchannel"}'
+	result=$($crl $POST $url/message/send -d "$kv")
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	# non-existant channel for now but whatever ignore for now
+	log_result good_send_message 200 $code "$result"
+}
+
+# Dispatcher to run our tests
+if [ -z $1 ];then
+	for cmd in $active_tests;do
+		$cmd
+	done
+else
+	for cmd in $@;do
+		$cmd
+		echo '\n'$?
+	done
+fi

server-api/tests/verify_err_cases.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+active_tests='list_channels_no_key list_channels_bad_key delete_channel_missing_param delete_channel_no_channel'
+
+list_channels_no_key() {
+	result=$($crl $GET $url/channels/list)
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result list_channels_no_key 401 $code "$result"
+}
+
+list_channels_bad_key() {
+	result=$($crl $GET $url/channels/list -d '{"secret":"something else"}')
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result list_channels_bad_key 401 $code "$result"
+}
+
+delete_channel_missing_param() {
+	kv='{"secret":"secret"}'
+	result=$($crl $POST $url/channels/delete -d "$kv")
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result delete_channel_missing_param 400 $code "$result"
+}
+
+delete_channel_no_channel() {
+	# Should 200 as the api just drops the result
+	kv='{"secret":"secret", "name":"yes"}'
+	result=$($crl $POST $url/channels/delete -d "$kv")
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+	log_result delete_channel_no_channel_found 200 $code "$result"
+}
+
+# Dispatcher to run our tests
+if [ -z $1 ];then
+	for cmd in $active_tests;do
+		$cmd
+	done
+else
+	for cmd in $@;do
+		$cmd
+	done
+fi

server-api/tests/verify_mal_cases.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+active_tests='malicious_list_channels'
+
+malicious_list_channels() {
+    key='{"secret": ";-- select * from members;"}'
+    result=$(curl --silent -i -X GET localhost:8888/channels/list -d '{"secret": "-- select * from members;"}')
+	code=$(echo "$result" | grep HTTP\/1.1 | awk '{print $2}')
+    log_result malicious_list_channels 401 $code "$result"
+}
+
+
+# Dispatcher to run our tests
+if [ -z $1 ];then
+	for cmd in $active_tests;do
+		$cmd
+	done
+else
+	for cmd in $@;do
+		$cmd
+		echo '\n'$?
+	done
+fi