lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
42d5c2a01ffa01251f5918d82fa38801a8761153
BanGUI/e2e/resources/api.resource
Lukas 0d21e3253e test(e2e): split suite by feature area with shared resources 
Restructure 5 existing .robot files into 10 numbered files, one per
feature area in Docs/Features.md. Each file is independently runnable.
Add api.resource + data.resource for CSRF/XFF-aware wrappers and
RFC5737 IP generators.

Coverage: 110 new tests across login, dashboard, map, jails, config,
history, blocklists, layout. Uses existing data-testid/aria-label/role
selectors only — no frontend changes.

Tests bypass per-IP rate limits via X-Forwarded-For header rotation.
Hard rule preserved: failures are findings, never app-code fixes.
2026-06-21 07:55:19 +02:00

79 lines
3.3 KiB
Plaintext
Raw Blame History

*** Settings ***
Documentation Lightweight wrappers around RequestsLibrary that auto-inject
... the CSRF X-BanGUI-Request header and rotate X-Forwarded-For
... to bypass per-IP rate limits. Requires a logged-in session
... named 'bangsess' (created via Login Via HTTP in auth.resource).
*** Keywords ***
Build Headers
[Documentation] Returns a headers dict with X-BanGUI-Request always set
... and X-Forwarded-For rotated if ${XFF_HEADER} is set.
[Arguments] ${extra_headers}=${None}
${headers}= Create Dictionary X-BanGUI-Request 1
IF "${XFF_HEADER}" != ""
Set To Dictionary ${headers} X-Forwarded-For ${XFF_HEADER}
END
IF "${extra_headers}" != "${None}"
FOR ${key} IN @{extra_headers.keys()}
Set To Dictionary ${headers} ${key} ${extra_headers}[${key}]
END
END
RETURN ${headers}
Api Get
[Documentation] GET wrapper that injects CSRF + XFF headers.
[Arguments] ${url_path} ${expected_status}=200 ${params}=${None}
${headers}= Build Headers
${kwargs}= Create Dictionary headers ${headers} expected_status ${expected_status}
IF "${params}" != "${None}"
Set To Dictionary ${kwargs} params ${params}
END
${resp}= GET On Session bangsess ${url_path} &{kwargs}
RETURN ${resp}
Api Post
[Documentation] POST wrapper that injects CSRF + XFF headers.
[Arguments] ${url_path} ${payload}=${EMPTY} ${expected_status}=200
${headers}= Build Headers
IF "${payload}" != "${EMPTY}"
${resp}= POST On Session bangsess ${url_path}
... json=${payload} headers=${headers} expected_status=${expected_status}
ELSE
${resp}= POST On Session bangsess ${url_path}
... headers=${headers} expected_status=${expected_status}
END
RETURN ${resp}
Api Put
[Documentation] PUT wrapper that injects CSRF + XFF headers.
[Arguments] ${url_path} ${payload} ${expected_status}=200
${headers}= Build Headers
${resp}= PUT On Session bangsess ${url_path}
... json=${payload} headers=${headers} expected_status=${expected_status}
RETURN ${resp}
Api Delete
[Documentation] DELETE wrapper that injects CSRF + XFF headers.
[Arguments] ${url_path} ${payload}=${EMPTY} ${expected_status}=200
${headers}= Build Headers
IF "${payload}" != "${EMPTY}"
${resp}= DELETE On Session bangsess ${url_path}
... json=${payload} headers=${headers} expected_status=${expected_status}
ELSE
${resp}= DELETE On Session bangsess ${url_path}
... headers=${headers} expected_status=${expected_status}
END
RETURN ${resp}
Status Is Acceptable
[Documentation] Returns True if the response status is one of the accepted codes.
[Arguments] ${response} @{accepted_codes}
${ok}= Set Variable ${FALSE}
FOR ${code} IN @{accepted_codes}
IF ${response.status_code} == ${code}
${ok}= Set Variable ${TRUE}
EXIT FOR LOOP
END
END
RETURN ${ok}
Reference in New Issue View Git Blame Copy Permalink