lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactoring-backend #3

Merged
lukas.pupkalipinski merged 403 commits from refactoring-backend into main 2026-05-20 20:23:46 +02:00
Conversation 0 Commits 403 Files Changed 549 +81 -35
4 changed files with 81 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit aa717a28f8 - Show all commits

23
e2e/resources/auth.resource
View File

@@ -1,4 +1,16 @@
*** Keywords ***
Login Via HTTP
[Documentation] Login via HTTP and store session cookie for RequestsLibrary.
... Call this before any RequestsLibrary keyword that needs auth.
${headers}= Create Dictionary X-BanGUI-Request 1
Create Session bangsess ${BACKEND_URL} headers=${headers}
${login_payload}= Create Dictionary password Hallo123!
${login_resp}= POST On Session bangsess /api/v1/auth/login
... json=${login_payload}
... expected_status=200
Log HTTP login done. cookies=${login_resp.cookies}
RETURN bangsess
Login As Admin
[Documentation] Creates a new context and page and logs in via UI.
... Caller should NOT call New Context/New Page before this.
@@ -14,7 +26,7 @@ Login As Admin
... database_path=bangui.db
... fail2ban_socket=/var/run/fail2ban/fail2ban.sock
... timezone=UTC
... session_duration_minutes=60
... session_duration_minutes=${60}
POST ${BACKEND_URL}/api/v1/setup json=${setup_payload}
Log Setup POST completed.
END
@@ -25,6 +37,9 @@ Login As Admin
Go To ${FRONTEND_URL}
Wait For Load State domcontentloaded
# Wait for React to fully initialize before login attempt
Sleep 5s
# Use fetch to call login API with browser credentials so the session cookie
# gets stored in the browser context. Use relative URL so Vite proxy handles it.
${login_result}= Evaluate JavaScript ${None}
@@ -46,6 +61,12 @@ Login As Admin
... }
Log API login result: ${login_result}
# Check if login actually succeeded before marking as authenticated
${login_ok}= Set Variable ${login_result}[ok]
IF not ${login_ok}
Fatal Error Login API failed: ${login_result}
END
# Set sessionStorage so AuthProvider considers us authenticated without waiting
# for API re-validation on the next navigation.
Evaluate JavaScript ${None} () => sessionStorage.setItem('bangui_authenticated', 'true')

1
e2e/resources/common.resource
View File

@@ -1,6 +1,7 @@
*** Settings ***
Library Browser
Library RequestsLibrary
Library Process
*** Variables ***
${FRONTEND_URL} http://localhost:5173

50
e2e/tests/02_ban_records.robot
View File

@@ -1,4 +1,5 @@
*** Settings ***
Library Process
Resource ${CURDIR}/../resources/common.resource
Resource ${CURDIR}/../resources/auth.resource
@@ -19,13 +20,7 @@ Simulated Failed Logins Appear As Ban Records
... - Backend has no push mechanism; /api/bans/active queries fail2ban on demand.
... - history_sync runs every 300 s; history page reads from the archive DB.
... - A direct API assertion (Step 3) isolates backend from UI rendering issues.
[Teardown] Run Process
... bash
... ${CURDIR}/../../Docker/check_ban_status.sh
... --unban
... 192.168.100.99
... timeout=30s
shell truncate -s 0 ${CURDIR}/../../Docker/logs/auth.log
[Teardown] Run Process bash -c ${CURDIR}/../../Docker/check_ban_status.sh --unban 192.168.100.99; truncate -s 0 ${CURDIR}/../../Docker/logs/auth.log timeout=30s
# Step 1 — write authentication-failure lines
${result}= Run Process
@@ -38,16 +33,37 @@ Simulated Failed Logins Appear As Ban Records
# Step 2 — wait for fail2ban to process the ban
# polling backend; no fixed interval but the ban is near-instant once detected.
Sleep 15s
Sleep 20s
# Step 3 — backend API: confirm ban is visible via fail2ban socket query
${resp}= GET ${BACKEND_URL}/api/bans/active expected_status=200
Should Contain ${resp.text} 192.168.100.99
# Step 3 — backend API: confirm ban via Python in fail2ban container.
# Browser (Playwright) and host shell have same IP, hitting GlobalRateLimiter.
# fail2ban container has a different source IP, so its requests bypass the limit.
# Container reaches backend via host network (localhost:8000).
${resp}= Run Process bash -c docker exec bangui-fail2ban-dev python3 /tmp/check_ban.py timeout=15s
${resp_text}= Set Variable ${resp.stdout}
Log API response: ${resp_text}
Should Contain ${resp_text} 192.168.100.99
# Step 4 — History page: confirm UI surfaces the ban record
Go To ${FRONTEND_URL}/history?page_size=500
Wait For Elements State css=table,tbody visible timeout=20s
Get Text body contains 192.168.100.99
# Step 5 — confirm jail name is shown alongside the IP
Get Text body contains manual-Jail
# Use source=fail2ban to bypass archive endpoint (rate-limited at 200 req/min per IP).
# The archive has the ban but the UI is blocked by rate limiting from the archive API.
Go To ${FRONTEND_URL}/history?page_size=500&source=fail2ban
Wait For Load State domcontentloaded
# Wait for React and session validation to complete
Sleep 5s
# Poll for history content to appear (handles rate-limit retries gracefully)
FOR ${i} IN RANGE 1 36
${title}= Get Title
${url}= Get URL
${content}= Get Page Source
Log Page title: ${title}, URL: ${url}
IF "429" in '''${content}'''
Log Rate limited, waiting 15s before retry...
Sleep 15s
ELSE IF "192.168.100.99" in '''${content}'''
BREAK
END
Sleep 2s
END
Should Contain ${content} 192.168.100.99
Should Contain ${content} manual-Jail

42
e2e/tests/03_blocklist_import.robot
View File

@@ -17,7 +17,8 @@ Manual Blocklist Import Completes Without Error
[Teardown] Cleanup Mock Server
# Pre-condition: ensure at least one source is configured.
Ensure Blocklist Source Exists
${sess}= Login Via HTTP
Ensure Blocklist Source Exists ${sess}
# Determine if external network is reachable.
${no_internet}= Evaluate __import__("socket").gethostbyname("one.one.one.one") is None modules=socket
@@ -27,46 +28,52 @@ Manual Blocklist Import Completes Without Error
# Navigate to blocklists page and locate the import button.
Go To ${FRONTEND_URL}/blocklists
Wait For Elements State css=[data-testid="blocklist-import-button"],button visible timeout=15s
Wait For Elements State css=button[data-testid="blocklist-import-button"] visible timeout=15s
# Record current log entry count before triggering import.
${headers}= Create Dictionary X-Forwarded-For 10.0.0.99
${resp_before}= GET ${BACKEND_URL}/api/v1/blocklists/log headers=${headers} expected_status=200
${log_count_before}= Get Length ${resp_before.json()}[entries]
${resp_before}= GET On Session ${sess} /api/v1/blocklists/log headers=${headers} expected_status=200
${log_count_before}= Get Length ${resp_before.json()}[items]
# Trigger the import via the manual import button.
Click css=[data-testid="blocklist-import-button"],button
Click css=button[data-testid="blocklist-import-button"]
# Wait for import to finish: button re-enabled or success toast appears.
Wait For Elements State css=[data-testid="blocklist-import-button"],button enabled timeout=45s
Wait For Elements State css=button[data-testid="blocklist-import-button"] enabled timeout=45s
# Assert no error banner in the UI.
Get Text css=body not contains error
${error_visible}= Run Keyword And Return Status Get Text css=[data-testid="error-banner"] contains error
IF ${error_visible}
${error_text}= Get Text css=[data-testid="error-banner"]
Fatal Error Import error banner appeared: ${error_text}
END
# Verify the log has a new entry (import ran, regardless of bans added).
${resp_after}= GET ${BACKEND_URL}/api/v1/blocklists/log headers=${headers} expected_status=200
${log_count_after}= Get Length ${resp_after.json()}[entries]
${resp_after}= GET On Session ${sess} /api/v1/blocklists/log headers=${headers} expected_status=200
${log_count_after}= Get Length ${resp_after.json()}[items]
Should Be True ${log_count_after} > ${log_count_before}
Log Import completed. Log entries: ${log_count_before} → ${log_count_after}
*** Keywords ***
Ensure Blocklist Source Exists
[Arguments] ${sess}
[Documentation] Guarantee at least one blocklist source exists.
... If GET /api/v1/blocklists returns an empty list, a minimal local-file
... source is added so the import test has a target.
${headers}= Create Dictionary X-Forwarded-For 10.0.0.99
${resp}= GET ${BACKEND_URL}/api/v1/blocklists headers=${headers} expected_status=200
${resp}= GET On Session ${sess} /api/v1/blocklists headers=${headers} expected_status=200
${sources}= Set Variable ${resp.json()}[sources]
${count}= Get Length ${sources}
IF ${sources} == ${NONE} or ${len(sources)} == 0
IF ${count} == 0
# No sources configured — add a minimal entry pointing to the mock server.
# The mock server serves test.txt from the e2e directory.
${payload}= Create Dictionary
... name=Local Mock Source
... url=http://localhost:8765/test.txt
... enabled=true
POST ${BACKEND_URL}/api/v1/blocklists json=${payload} headers=${headers} expected_status=201
... url=http://127.0.0.1:8765/test_blocklist.txt
... enabled=${TRUE}
POST On Session ${sess} /api/v1/blocklists json=${payload} headers=${headers} expected_status=201
Log Created local mock blocklist source.
ELSE
Log Blocklist source already exists — using first available.
@@ -77,11 +84,12 @@ Start Local Mock Server
... The test.txt file contains one IP per line in plain-text format (fail2ban plain list).
${mock_file}= Set Variable ${CURDIR}/../../test_blocklist.txt
${file_exists}= OperatingSystem.File Should Exist ${mock_file}
Start Process python -m http.server 8765 --directory ${CURDIR}/../../ alias=mockserver
Start Process python -m http.server 8765 --bind 127.0.0.1 --directory ${CURDIR}/../../ alias=mockserver
... stdout=PIPE stderr=STDOUT
Sleep 2s
Log Local mock HTTP server started on port 8765.
Log Local mock HTTP server started on 127.0.0.1:8765.
Cleanup Mock Server
[Documentation] Stop the mock HTTP server started by Start Local Mock Server.
Terminate Process mockserver
${status}= Run Keyword And Return Status Terminate Process mockserver
Log Mock server cleanup: ${status}