237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

test: 添加分享安全性测试脚本

Browse Source 
功能:
- 测试分享过期时间检查
- 测试分享密码防爆破保护(list接口)
- 提供手动测试指引

使用方法:
  ./test_share_security.sh
This commit is contained in:
喻勇祥
2025-11-14 00:16:05 +08:00
parent 4879d4891f
commit 927eab2102
1 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
test_share_security.sh Normal file
View File

@@ -0,0 +1,86 @@
#!/bin/bash
# 分享安全性测试脚本
API_BASE="http://localhost:40001"
echo "========================================"
echo " 玩玩云分享安全性测试"
echo "========================================"
echo ""
# 测试1: 分享过期时间检查
echo "📝 测试1: 分享过期时间检查"
echo "----------------------------------------"
echo "此测试需要手动创建一个已过期的分享"
echo "1. 在数据库中手动修改某个分享的expires_at为过去的时间"
echo "2. 然后访问该分享链接,应该返回404"
echo ""
read -p "请输入已过期的分享码(留空跳过): " EXPIRED_CODE
if [ -n "$EXPIRED_CODE" ]; then
echo "测试过期分享码: $EXPIRED_CODE"
RESPONSE=$(curl -s -X POST "$API_BASE/api/share/$EXPIRED_CODE/verify" \
-H "Content-Type: application/json" \
-d '{}')
echo "响应: $RESPONSE"
echo ""
if echo "$RESPONSE" | grep -q "分享不存在"; then
echo "✅ 测试通过: 过期分享正确返回'分享不存在'"
else
echo "❌ 测试失败: 过期分享仍然可以访问"
fi
else
echo "⏭️ 跳过过期时间测试"
fi
echo ""
echo "========================================"
echo ""
# 测试2: 分享密码防爆破 (list接口)
echo "📝 测试2: 分享密码防爆破 (list接口)"
echo "----------------------------------------"
echo "此测试需要一个带密码的分享"
echo ""
read -p "请输入带密码的分享码(留空跳过): " SHARE_CODE
if [ -n "$SHARE_CODE" ]; then
echo "连续10次错误密码,第11次应被封锁..."
echo ""
for i in {1..11}; do
echo "$i 次尝试 (list接口):"
RESPONSE=$(curl -s -X POST "$API_BASE/api/share/$SHARE_CODE/list" \
-H "Content-Type: application/json" \
-d '{"password":"wrongpassword123"}')
MESSAGE=$(echo $RESPONSE | grep -o '"message":"[^"]*"' | cut -d'"' -f4)
BLOCKED=$(echo $RESPONSE | grep -o '"blocked":[^,}]*' | cut -d':' -f2)
if [ "$BLOCKED" == "true" ]; then
echo " ✅ 已被封锁: $MESSAGE"
break
else
echo "$MESSAGE"
fi
echo ""
sleep 1
done
else
echo "⏭️ 跳过防爆破测试"
fi
echo ""
echo "========================================"
echo "测试完成!"
echo "========================================"
echo ""
echo "💡 提示:"
echo "1. 如果需要测试过期功能,可以手动修改数据库:"
echo " UPDATE shares SET expires_at = datetime('now', '-1 day') WHERE share_code='xxx';"
echo ""
echo "2. 如果需要清除封锁,重启后端服务即可:"
echo " pm2 restart vue-driven-cloud-storage-backend"