mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-11-02 19:35:49 +01:00
cfeac42527
- Added extract_auth_token() function to handle both Bearer and X-API-Key authentication - Updated all file operation endpoints to support X-API-Key headers: - list_files() - get_file_content() - scanner_backup_file() - scanner_get_file() - scanner_replace_file() - scanner_rename_file() - scanner_delete_file() - Maintains backward compatibility with existing Bearer token authentication - Added test script to verify both authentication methods work correctly - Enables permanent API key authentication for file fixes (no more expired token issues) This change allows the platform to fix files using the permanent CyberPanel API key instead of temporary file access tokens that expire after ~1 hour.
130 lines
4.1 KiB
Python
130 lines
4.1 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Test script to verify both Bearer token and X-API-Key authentication work
|
|
for CyberPanel AI Scanner file operations.
|
|
"""
|
|
|
|
import requests
|
|
import json
|
|
import sys
|
|
|
|
# Test configuration
|
|
BASE_URL = "http://localhost:8001" # Adjust if needed
|
|
SCAN_ID = "test-scan-123"
|
|
FILE_PATH = "wp-content/plugins/test.php"
|
|
|
|
def test_bearer_auth(token):
|
|
"""Test with Bearer token authentication"""
|
|
print("Testing Bearer token authentication...")
|
|
|
|
headers = {
|
|
"Authorization": f"Bearer {token}",
|
|
"X-Scan-ID": SCAN_ID,
|
|
"Content-Type": "application/json"
|
|
}
|
|
|
|
# Test get-file endpoint
|
|
url = f"{BASE_URL}/api/scanner/get-file"
|
|
params = {"file_path": FILE_PATH}
|
|
|
|
response = requests.get(url, params=params, headers=headers)
|
|
print(f"Bearer auth response: {response.status_code}")
|
|
if response.status_code != 200:
|
|
print(f"Response: {response.text}")
|
|
return response.status_code == 200 or response.status_code == 404 # 404 is ok if file doesn't exist
|
|
|
|
|
|
def test_api_key_auth(api_key):
|
|
"""Test with X-API-Key authentication"""
|
|
print("\nTesting X-API-Key authentication...")
|
|
|
|
headers = {
|
|
"X-API-Key": api_key,
|
|
"X-Scan-ID": SCAN_ID,
|
|
"Content-Type": "application/json"
|
|
}
|
|
|
|
# Test get-file endpoint
|
|
url = f"{BASE_URL}/api/scanner/get-file"
|
|
params = {"file_path": FILE_PATH}
|
|
|
|
response = requests.get(url, params=params, headers=headers)
|
|
print(f"X-API-Key auth response: {response.status_code}")
|
|
if response.status_code != 200:
|
|
print(f"Response: {response.text}")
|
|
return response.status_code == 200 or response.status_code == 404 # 404 is ok if file doesn't exist
|
|
|
|
|
|
def test_mixed_endpoints():
|
|
"""Test different endpoints with both authentication methods"""
|
|
print("\n" + "="*50)
|
|
print("Testing multiple endpoints with both auth methods")
|
|
print("="*50)
|
|
|
|
# You would need real tokens for this to work
|
|
test_token = "cp_test_token_12345"
|
|
test_api_key = "cp_test_api_key_67890"
|
|
|
|
endpoints = [
|
|
("GET", "/api/ai-scanner/files/list", {"path": "wp-content"}),
|
|
("GET", "/api/ai-scanner/files/content", {"path": FILE_PATH}),
|
|
("GET", "/api/scanner/get-file", {"file_path": FILE_PATH}),
|
|
]
|
|
|
|
for method, endpoint, params in endpoints:
|
|
print(f"\nTesting {method} {endpoint}")
|
|
|
|
# Test with Bearer token
|
|
headers_bearer = {
|
|
"Authorization": f"Bearer {test_token}",
|
|
"X-Scan-ID": SCAN_ID
|
|
}
|
|
|
|
# Test with X-API-Key
|
|
headers_api_key = {
|
|
"X-API-Key": test_api_key,
|
|
"X-Scan-ID": SCAN_ID
|
|
}
|
|
|
|
url = f"{BASE_URL}{endpoint}"
|
|
|
|
# Make requests (will fail without valid tokens, but shows the headers work)
|
|
if method == "GET":
|
|
response_bearer = requests.get(url, params=params, headers=headers_bearer)
|
|
response_api_key = requests.get(url, params=params, headers=headers_api_key)
|
|
|
|
print(f" Bearer auth: {response_bearer.status_code}")
|
|
print(f" X-API-Key auth: {response_api_key.status_code}")
|
|
|
|
|
|
def main():
|
|
"""Main test function"""
|
|
print("CyberPanel AI Scanner Authentication Test")
|
|
print("="*50)
|
|
|
|
if len(sys.argv) > 1:
|
|
# If token provided as argument, use it
|
|
token = sys.argv[1]
|
|
|
|
# Test both authentication methods with the same token
|
|
# (assumes token is valid for both methods)
|
|
bearer_success = test_bearer_auth(token)
|
|
api_key_success = test_api_key_auth(token)
|
|
|
|
print("\n" + "="*50)
|
|
print("Test Results:")
|
|
print(f" Bearer authentication: {'✓ PASS' if bearer_success else '✗ FAIL'}")
|
|
print(f" X-API-Key authentication: {'✓ PASS' if api_key_success else '✗ FAIL'}")
|
|
print("="*50)
|
|
else:
|
|
# Run mock tests to show the endpoints accept both header formats
|
|
test_mixed_endpoints()
|
|
|
|
print("\n" + "="*50)
|
|
print("Note: To run real tests, provide a valid token:")
|
|
print(f" python {sys.argv[0]} cp_your_token_here")
|
|
print("="*50)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main() |