From 927eab2102eb74ad010c7ebb8d58a8bf5751375f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=96=BB=E5=8B=87=E7=A5=A5?= <237899745@qq.com>
Date: Fri, 14 Nov 2025 00:16:05 +0800
Subject: [PATCH] =?UTF-8?q?test:=20=E6=B7=BB=E5=8A=A0=E5=88=86=E4=BA=AB?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=80=A7=E6=B5=8B=E8=AF=95=E8=84=9A=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

功能:
- 测试分享过期时间检查
- 测试分享密码防爆破保护(list接口)
- 提供手动测试指引

使用方法:
  ./test_share_security.sh
---
 test_share_security.sh | 86 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 test_share_security.sh

diff --git a/test_share_security.sh b/test_share_security.sh
new file mode 100644
index 0000000..058a40b
--- /dev/null
+++ b/test_share_security.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# 分享安全性测试脚本
+
+API_BASE="http://localhost:40001"
+
+echo "========================================"
+echo "  玩玩云分享安全性测试"
+echo "========================================"
+echo ""
+
+# 测试1: 分享过期时间检查
+echo "📝 测试1: 分享过期时间检查"
+echo "----------------------------------------"
+echo "此测试需要手动创建一个已过期的分享"
+echo "1. 在数据库中手动修改某个分享的expires_at为过去的时间"
+echo "2. 然后访问该分享链接,应该返回404"
+echo ""
+read -p "请输入已过期的分享码(留空跳过): " EXPIRED_CODE
+
+if [ -n "$EXPIRED_CODE" ]; then
+    echo "测试过期分享码: $EXPIRED_CODE"
+    RESPONSE=$(curl -s -X POST "$API_BASE/api/share/$EXPIRED_CODE/verify" \
+        -H "Content-Type: application/json" \
+        -d '{}')
+    
+    echo "响应: $RESPONSE"
+    echo ""
+    
+    if echo "$RESPONSE" | grep -q "分享不存在"; then
+        echo "✅ 测试通过: 过期分享正确返回'分享不存在'"
+    else
+        echo "❌ 测试失败: 过期分享仍然可以访问"
+    fi
+else
+    echo "⏭️  跳过过期时间测试"
+fi
+
+echo ""
+echo "========================================"
+echo ""
+
+# 测试2: 分享密码防爆破 (list接口)
+echo "📝 测试2: 分享密码防爆破 (list接口)"
+echo "----------------------------------------"
+echo "此测试需要一个带密码的分享"
+echo ""
+read -p "请输入带密码的分享码(留空跳过): " SHARE_CODE
+
+if [ -n "$SHARE_CODE" ]; then
+    echo "连续10次错误密码,第11次应被封锁..."
+    echo ""
+    
+    for i in {1..11}; do
+        echo "第 $i 次尝试 (list接口):"
+        RESPONSE=$(curl -s -X POST "$API_BASE/api/share/$SHARE_CODE/list" \
+            -H "Content-Type: application/json" \
+            -d '{"password":"wrongpassword123"}')
+        
+        MESSAGE=$(echo $RESPONSE | grep -o '"message":"[^"]*"' | cut -d'"' -f4)
+        BLOCKED=$(echo $RESPONSE | grep -o '"blocked":[^,}]*' | cut -d':' -f2)
+        
+        if [ "$BLOCKED" == "true" ]; then
+            echo "  ✅ 已被封锁: $MESSAGE"
+            break
+        else
+            echo "  ❌ $MESSAGE"
+        fi
+        echo ""
+        sleep 1
+    done
+else
+    echo "⏭️  跳过防爆破测试"
+fi
+
+echo ""
+echo "========================================"
+echo "测试完成!"
+echo "========================================"
+echo ""
+echo "💡 提示:"
+echo "1. 如果需要测试过期功能,可以手动修改数据库:"
+echo "   UPDATE shares SET expires_at = datetime('now', '-1 day') WHERE share_code='xxx';"
+echo ""
+echo "2. 如果需要清除封锁,重启后端服务即可:"
+echo "   pm2 restart vue-driven-cloud-storage-backend"