#!/bin/bash # 分享安全性测试脚本 API_BASE="http://localhost:40001" echo "========================================" echo " 玩玩云分享安全性测试" echo "========================================" echo "" # 测试1: 分享过期时间检查 echo "📝 测试1: 分享过期时间检查" echo "----------------------------------------" echo "此测试需要手动创建一个已过期的分享" echo "1. 在数据库中手动修改某个分享的expires_at为过去的时间" echo "2. 然后访问该分享链接,应该返回404" echo "" read -p "请输入已过期的分享码(留空跳过): " EXPIRED_CODE if [ -n "$EXPIRED_CODE" ]; then echo "测试过期分享码: $EXPIRED_CODE" RESPONSE=$(curl -s -X POST "$API_BASE/api/share/$EXPIRED_CODE/verify" \ -H "Content-Type: application/json" \ -d '{}') echo "响应: $RESPONSE" echo "" if echo "$RESPONSE" | grep -q "分享不存在"; then echo "✅ 测试通过: 过期分享正确返回'分享不存在'" else echo "❌ 测试失败: 过期分享仍然可以访问" fi else echo "⏭️ 跳过过期时间测试" fi echo "" echo "========================================" echo "" # 测试2: 分享密码防爆破 (list接口) echo "📝 测试2: 分享密码防爆破 (list接口)" echo "----------------------------------------" echo "此测试需要一个带密码的分享" echo "" read -p "请输入带密码的分享码(留空跳过): " SHARE_CODE if [ -n "$SHARE_CODE" ]; then echo "连续10次错误密码,第11次应被封锁..." echo "" for i in {1..11}; do echo "第 $i 次尝试 (list接口):" RESPONSE=$(curl -s -X POST "$API_BASE/api/share/$SHARE_CODE/list" \ -H "Content-Type: application/json" \ -d '{"password":"wrongpassword123"}') MESSAGE=$(echo $RESPONSE | grep -o '"message":"[^"]*"' | cut -d'"' -f4) BLOCKED=$(echo $RESPONSE | grep -o '"blocked":[^,}]*' | cut -d':' -f2) if [ "$BLOCKED" == "true" ]; then echo " ✅ 已被封锁: $MESSAGE" break else echo " ❌ $MESSAGE" fi echo "" sleep 1 done else echo "⏭️ 跳过防爆破测试" fi echo "" echo "========================================" echo "测试完成!" echo "========================================" echo "" echo "💡 提示:" echo "1. 如果需要测试过期功能,可以手动修改数据库:" echo " UPDATE shares SET expires_at = datetime('now', '-1 day') WHERE share_code='xxx';" echo "" echo "2. 如果需要清除封锁,重启后端服务即可:" echo " pm2 restart vue-driven-cloud-storage-backend"