Files
crypto_monitor/scripts/verify_hub_embed_auth.py
T
2026-05-30 11:57:00 +08:00

49 lines
1.5 KiB
Python

"""验证中控 embed-auth 与 login 返回 session_token。"""
from __future__ import annotations
import sys
from pathlib import Path
ROOT = Path(__file__).resolve().parents[1]
sys.path.insert(0, str(ROOT / "manual_trading_hub"))
sys.path.insert(0, str(ROOT))
from fastapi.testclient import TestClient
import os
os.environ.setdefault("HUB_PASSWORD", "test-pass")
os.environ.setdefault("HUB_USERNAME", "admin")
os.environ["HUB_ALLOW_PUBLIC"] = "true"
import hub as hub_mod # noqa: E402
client = TestClient(hub_mod.app)
def main() -> int:
r = client.post("/api/auth/login", json={"username": "admin", "password": "test-pass"})
assert r.status_code == 200, r.text
data = r.json()
assert data.get("ok") is True, data
token = data.get("session_token")
assert token, "login 应返回 session_token"
r2 = client.get(f"/embed-auth?token={token}&next=/monitor", follow_redirects=False)
assert r2.status_code in (302, 307), r2.status_code
assert r2.headers.get("location", "").endswith("/monitor")
assert hub_mod.SESSION_COOKIE in r2.headers.get("set-cookie", "")
r3 = client.get("/monitor", cookies={hub_mod.SESSION_COOKIE: token})
assert r3.status_code == 200, r3.status_code
csp = client.get("/login").headers.get("content-security-policy", "")
assert "frame-ancestors" in csp, csp
print("OK: embed-auth sets session cookie; login returns session_token")
return 0
if __name__ == "__main__":
raise SystemExit(main())