first commit
This commit is contained in:
351
tests/test-self-hosted.sh
Normal file
351
tests/test-self-hosted.sh
Normal file
@@ -0,0 +1,351 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Smoke test for self-hosted Supabase - verifies core functionality end-to-end.
|
||||
#
|
||||
# Usage:
|
||||
# sh test-self-hosted.sh # Uses http://localhost:8000
|
||||
# sh test-self-hosted.sh <base_url> # Custom URL
|
||||
#
|
||||
# Prerequisites:
|
||||
# - Running self-hosted Supabase instance
|
||||
# - .env file with keys configured
|
||||
# - jq (for JSON parsing)
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
cleanup_files=""
|
||||
trap 'rm -f $cleanup_files' EXIT
|
||||
|
||||
BASE_URL="${1:-http://localhost:8000}"
|
||||
|
||||
if [ ! -f .env ]; then
|
||||
echo "Error: .env file not found. Run from the project directory."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command -v jq >/dev/null 2>&1; then
|
||||
echo "Error: jq not found. Install it: https://jqlang.github.io/jq/download/"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Read keys from .env
|
||||
ANON_KEY=$(grep '^ANON_KEY=' .env | cut -d= -f2-)
|
||||
SERVICE_ROLE_KEY=$(grep '^SERVICE_ROLE_KEY=' .env | cut -d= -f2-)
|
||||
DASHBOARD_USERNAME=$(grep '^DASHBOARD_USERNAME=' .env | cut -d= -f2-)
|
||||
DASHBOARD_PASSWORD=$(grep '^DASHBOARD_PASSWORD=' .env | cut -d= -f2-)
|
||||
|
||||
pass=0
|
||||
fail=0
|
||||
|
||||
check() {
|
||||
test_name="$1"
|
||||
expected="$2"
|
||||
actual="$3"
|
||||
|
||||
if [ "$actual" = "$expected" ]; then
|
||||
echo " PASS: $test_name"
|
||||
pass=$((pass + 1))
|
||||
else
|
||||
echo " FAIL: $test_name (expected $expected, got $actual)"
|
||||
fail=$((fail + 1))
|
||||
fi
|
||||
}
|
||||
|
||||
http_status() {
|
||||
url="$1"
|
||||
shift
|
||||
curl -s -o /dev/null -w "%{http_code}" "$@" "$url"
|
||||
}
|
||||
|
||||
http_body() {
|
||||
url="$1"
|
||||
shift
|
||||
curl -s "$@" "$url"
|
||||
}
|
||||
|
||||
echo ""
|
||||
echo "=== Self-hosted smoke test against $BASE_URL ==="
|
||||
echo ""
|
||||
|
||||
# ---------------------------------------------
|
||||
# 1. Container health (via docker compose)
|
||||
# ---------------------------------------------
|
||||
|
||||
echo "--- Container health ---"
|
||||
if command -v docker >/dev/null 2>&1; then
|
||||
container_status=$(docker compose ps --format json 2>/dev/null | jq -rs '
|
||||
[.[] | select(.State != "running" or (.Health != "" and .Health != "healthy"))]
|
||||
| (length | tostring) + "|" + ([.[] | .Service + ": State=" + .State + " Health=" + (.Health // "none")] | join(", "))
|
||||
' 2>/dev/null || echo "?|")
|
||||
unhealthy="${container_status%%|*}"
|
||||
container_issues="${container_status#*|}"
|
||||
if [ "$unhealthy" = "0" ]; then
|
||||
check "All containers healthy" "0" "$unhealthy"
|
||||
elif [ "$unhealthy" = "?" ]; then
|
||||
echo " SKIP: Could not check container health"
|
||||
else
|
||||
check "All containers healthy ($container_issues)" "0" "$unhealthy"
|
||||
fi
|
||||
else
|
||||
echo " SKIP: docker not available"
|
||||
fi
|
||||
|
||||
# ---------------------------------------------
|
||||
# 2. Studio dashboard
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- Studio dashboard ---"
|
||||
# Studio may redirect (307/302) after auth - follow redirects
|
||||
check "Studio accessible with basic auth" "200" \
|
||||
"$(http_status "$BASE_URL/" -L -u "$DASHBOARD_USERNAME:$DASHBOARD_PASSWORD")"
|
||||
check "Studio rejects without auth" "401" \
|
||||
"$(http_status "$BASE_URL/")"
|
||||
|
||||
# ---------------------------------------------
|
||||
# 3. Auth: create user, sign in, get user, public signup, delete
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- Auth: user lifecycle ---"
|
||||
|
||||
test_email="smoke-test-$$@example.com"
|
||||
test_password="smoke-test-password-123456"
|
||||
|
||||
# Create user via admin API (works regardless of email autoconfirm setting)
|
||||
create_resp=$(http_body "$BASE_URL/auth/v1/admin/users" \
|
||||
-X POST \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"email\":\"$test_email\",\"password\":\"$test_password\",\"email_confirm\":true}")
|
||||
|
||||
user_id=$(echo "$create_resp" | jq -r '.id // empty' 2>/dev/null)
|
||||
|
||||
if [ -n "$user_id" ]; then
|
||||
check "Create user (admin)" "true" "true"
|
||||
|
||||
# Sign in via public endpoint
|
||||
signin_resp=$(http_body "$BASE_URL/auth/v1/token?grant_type=password" \
|
||||
-H "apikey: $ANON_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"email\":\"$test_email\",\"password\":\"$test_password\"}")
|
||||
|
||||
access_token=$(echo "$signin_resp" | jq -r '.access_token // empty' 2>/dev/null)
|
||||
|
||||
if [ -n "$access_token" ]; then
|
||||
check "Sign in user" "true" "true"
|
||||
|
||||
# Get user profile with session JWT
|
||||
check "Get user profile" "200" \
|
||||
"$(http_status "$BASE_URL/auth/v1/user" \
|
||||
-H "apikey: $ANON_KEY" \
|
||||
-H "Authorization: Bearer $access_token")"
|
||||
else
|
||||
check "Sign in user" "true" "false"
|
||||
fi
|
||||
|
||||
# Delete user
|
||||
delete_status=$(http_status "$BASE_URL/auth/v1/admin/users/$user_id" \
|
||||
-X DELETE \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY")
|
||||
check "Delete user (admin)" "200" "$delete_status"
|
||||
else
|
||||
check "Create user (admin)" "true" "false"
|
||||
fi
|
||||
|
||||
# Public signup (optional — depends on email autoconfirm setting)
|
||||
signup_email="smoke-signup-$$@example.com"
|
||||
signup_resp=$(http_body "$BASE_URL/auth/v1/signup" \
|
||||
-H "apikey: $ANON_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"email\":\"$signup_email\",\"password\":\"$test_password\"}")
|
||||
|
||||
signup_token=$(echo "$signup_resp" | jq -r '.access_token // empty' 2>/dev/null)
|
||||
signup_user_id=$(echo "$signup_resp" | jq -r '.id // .user.id // empty' 2>/dev/null)
|
||||
|
||||
if [ -n "$signup_token" ]; then
|
||||
check "Public signup (autoconfirm on)" "true" "true"
|
||||
else
|
||||
echo " SKIP: Public signup (autoconfirm is off)"
|
||||
fi
|
||||
|
||||
# Clean up signup user if created
|
||||
if [ -n "$signup_user_id" ]; then
|
||||
http_status "$BASE_URL/auth/v1/admin/users/$signup_user_id" \
|
||||
-X DELETE \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
# ---------------------------------------------
|
||||
# 4. PostgREST: query
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- PostgREST ---"
|
||||
check "REST API query" "200" \
|
||||
"$(http_status "$BASE_URL/rest/v1/" \
|
||||
-H "apikey: $ANON_KEY")"
|
||||
|
||||
# ---------------------------------------------
|
||||
# 5. GraphQL
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- GraphQL ---"
|
||||
gql_resp=$(http_body "$BASE_URL/graphql/v1" \
|
||||
-H "apikey: $ANON_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"query":"{ __typename }"}')
|
||||
gql_has_data=$(echo "$gql_resp" | jq -r 'if .data then "true" else "false" end' 2>/dev/null)
|
||||
check "GraphQL introspection" "true" "$gql_has_data"
|
||||
|
||||
# ---------------------------------------------
|
||||
# 6. Storage: create bucket, upload >6MB file, download, cleanup
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- Storage: bucket + file lifecycle ---"
|
||||
|
||||
bucket_name="smoke-test-$$"
|
||||
|
||||
# Create bucket
|
||||
create_bucket_status=$(http_status "$BASE_URL/storage/v1/bucket" \
|
||||
-X POST \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"id\":\"$bucket_name\",\"name\":\"$bucket_name\",\"public\":true}")
|
||||
check "Create bucket" "200" "$create_bucket_status"
|
||||
|
||||
if [ "$create_bucket_status" = "200" ]; then
|
||||
# Generate a ~7MB file
|
||||
tmpfile=$(mktemp); cleanup_files="$cleanup_files $tmpfile"
|
||||
dd if=/dev/urandom of="$tmpfile" bs=1048576 count=7 2>/dev/null
|
||||
|
||||
# Upload file
|
||||
upload_status=$(http_status "$BASE_URL/storage/v1/object/$bucket_name/test-large-file.bin" \
|
||||
-X POST \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
||||
-H "Content-Type: application/octet-stream" \
|
||||
--data-binary "@$tmpfile")
|
||||
check "Upload 7MB file" "200" "$upload_status"
|
||||
|
||||
# Download file and verify size
|
||||
download_size=$(curl -s \
|
||||
"$BASE_URL/storage/v1/object/public/$bucket_name/test-large-file.bin" | wc -c | tr -d ' ')
|
||||
original_size=$(wc -c < "$tmpfile" | tr -d ' ')
|
||||
check "Download file (size matches)" "true" \
|
||||
"$([ "$download_size" = "$original_size" ] && echo true || echo false)"
|
||||
|
||||
rm -f "$tmpfile"
|
||||
|
||||
# Signed URL: upload a small file, create signed URL, fetch without auth
|
||||
sign_upload_status=$(http_status "$BASE_URL/storage/v1/object/$bucket_name/sign-test.txt" \
|
||||
-X POST \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
||||
-H "Content-Type: text/plain" \
|
||||
--data-binary "signed url test content")
|
||||
check "Upload file for signing" "200" "$sign_upload_status"
|
||||
|
||||
if [ "$sign_upload_status" = "200" ]; then
|
||||
sign_resp=$(http_body "$BASE_URL/storage/v1/object/sign/$bucket_name/sign-test.txt" \
|
||||
-X POST \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"expiresIn": 600}')
|
||||
signed_path=$(echo "$sign_resp" | jq -r '.signedURL // empty' 2>/dev/null)
|
||||
|
||||
if [ -n "$signed_path" ]; then
|
||||
check "Create signed URL" "true" "true"
|
||||
# Fetch signed URL without any auth headers (goes through Kong)
|
||||
signed_content=$(curl -s "$BASE_URL/storage/v1$signed_path")
|
||||
check "Fetch signed URL (no auth)" "signed url test content" "$signed_content"
|
||||
else
|
||||
check "Create signed URL" "true" "false"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Delete file
|
||||
delete_file_status=$(http_status "$BASE_URL/storage/v1/object/$bucket_name/test-large-file.bin" \
|
||||
-X DELETE \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY")
|
||||
check "Delete file" "200" "$delete_file_status"
|
||||
|
||||
# Delete signed test file
|
||||
http_status "$BASE_URL/storage/v1/object/$bucket_name/sign-test.txt" \
|
||||
-X DELETE \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY" >/dev/null 2>&1
|
||||
|
||||
# Delete bucket
|
||||
delete_bucket_status=$(http_status "$BASE_URL/storage/v1/bucket/$bucket_name" \
|
||||
-X DELETE \
|
||||
-H "apikey: $SERVICE_ROLE_KEY" \
|
||||
-H "Authorization: Bearer $SERVICE_ROLE_KEY")
|
||||
check "Delete bucket" "200" "$delete_bucket_status"
|
||||
fi
|
||||
|
||||
# ---------------------------------------------
|
||||
# 7. Edge Functions
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- Edge Functions ---"
|
||||
fn_resp=$(http_body "$BASE_URL/functions/v1/hello" \
|
||||
-X POST \
|
||||
-H "Authorization: Bearer $ANON_KEY" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{}')
|
||||
check "Call hello function" '"Hello from Edge Functions!"' "$fn_resp"
|
||||
|
||||
# ---------------------------------------------
|
||||
# 8. pg-meta (Studio backend)
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- pg-meta ---"
|
||||
check "pg-meta with service_role key" "200" \
|
||||
"$(http_status "$BASE_URL/pg/schemas" \
|
||||
-H "apikey: $SERVICE_ROLE_KEY")"
|
||||
check "pg-meta rejects anon key" "403" \
|
||||
"$(http_status "$BASE_URL/pg/schemas" \
|
||||
-H "apikey: $ANON_KEY")"
|
||||
check "pg-meta rejects no key" "401" \
|
||||
"$(http_status "$BASE_URL/pg/schemas")"
|
||||
|
||||
echo ""
|
||||
echo "--- MCP (blocked by default) ---"
|
||||
check "/api/mcp blocked" "403" \
|
||||
"$(http_status "$BASE_URL/api/mcp")"
|
||||
check "/mcp blocked" "403" \
|
||||
"$(http_status "$BASE_URL/mcp")"
|
||||
|
||||
# ---------------------------------------------
|
||||
# 9. Realtime
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "--- Realtime ---"
|
||||
check "Realtime health" "true" \
|
||||
"$([ "$(http_status "$BASE_URL/realtime/v1/api/tenants" \
|
||||
-H "apikey: $ANON_KEY")" != "401" ] && echo true || echo false)"
|
||||
|
||||
# ---------------------------------------------
|
||||
# Summary
|
||||
# ---------------------------------------------
|
||||
|
||||
echo ""
|
||||
echo "=== Results: $pass passed, $fail failed ==="
|
||||
echo ""
|
||||
|
||||
if [ "$fail" -gt 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user