#!/bin/bash # E2E Test: Admin Operations # Tests admin authentication, user management, and content moderation set -e BASE_URL="http://localhost:9876" ADMIN_BASE="$BASE_URL/api/admin" echo "=== Admin Operations E2E Test ===" # Test 1: Admin stats without authentication echo "Testing admin stats without authentication..." UNAUTH_RESPONSE=$(curl -s -w "%{http_code}" "$ADMIN_BASE/stats") HTTP_CODE="${UNAUTH_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Expected 401 Unauthorized but got $HTTP_CODE" exit 1 fi echo "✅ Admin endpoints properly protected" # Test 2: Test admin users endpoint echo "Testing admin users endpoint..." USERS_RESPONSE=$(curl -s -w "%{http_code}" "$ADMIN_BASE/users") HTTP_CODE="${USERS_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Admin users endpoint should return 401 without auth" exit 1 fi echo "✅ Admin users endpoint protected" # Test 3: Test admin files endpoint echo "Testing admin files endpoint..." FILES_RESPONSE=$(curl -s -w "%{http_code}" "$ADMIN_BASE/files") HTTP_CODE="${FILES_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Admin files endpoint should return 401 without auth" exit 1 fi echo "✅ Admin files endpoint protected" # Test 4: Test ban user endpoint echo "Testing ban user endpoint..." BAN_RESPONSE=$(curl -s -w "%{http_code}" -X POST \ -H "Content-Type: application/json" \ -d '{"reason": "test ban"}' \ "$ADMIN_BASE/users/test_pubkey/ban") HTTP_CODE="${BAN_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Ban user endpoint should return 401 without auth" exit 1 fi echo "✅ Ban user endpoint protected" # Test 5: Test cleanup endpoint echo "Testing cleanup endpoint..." CLEANUP_RESPONSE=$(curl -s -w "%{http_code}" -X POST "$ADMIN_BASE/cleanup") HTTP_CODE="${CLEANUP_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Cleanup endpoint should return 401 without auth" exit 1 fi echo "✅ Cleanup endpoint protected" # Test 6: Test reports endpoint echo "Testing reports endpoint..." REPORTS_RESPONSE=$(curl -s -w "%{http_code}" "$ADMIN_BASE/reports") HTTP_CODE="${REPORTS_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Reports endpoint should return 401 without auth" exit 1 fi echo "✅ Reports endpoint protected" # Test 7: Test logs endpoint echo "Testing logs endpoint..." LOGS_RESPONSE=$(curl -s -w "%{http_code}" "$ADMIN_BASE/logs") HTTP_CODE="${LOGS_RESPONSE: -3}" if [ "$HTTP_CODE" != "401" ]; then echo "❌ Logs endpoint should return 401 without auth" exit 1 fi echo "✅ Logs endpoint protected" # Test 8: Test admin page accessibility echo "Testing admin page accessibility..." ADMIN_PAGE_RESPONSE=$(curl -s -w "%{http_code}" "$BASE_URL/admin") HTTP_CODE="${ADMIN_PAGE_RESPONSE: -3}" if [ "$HTTP_CODE" != "200" ]; then echo "❌ Admin page should be accessible, got $HTTP_CODE" exit 1 fi echo "✅ Admin page accessible" # Test 9: Verify admin functionality is properly configured echo "Checking admin configuration..." # Check if admin is enabled in the running service by looking at stats STATS_RESPONSE=$(curl -s "$BASE_URL/api/stats") if [ -z "$STATS_RESPONSE" ]; then echo "❌ Could not get system stats" exit 1 fi echo "✅ Admin configuration appears functional" echo "" echo "🎉 All admin operations tests passed!" echo "✅ All admin endpoints properly protected" echo "✅ Admin page accessible" echo "✅ Admin authentication system functional" echo "✅ Content moderation endpoints secured" echo "" echo "📝 Notes:" echo " - These tests verify admin endpoints are protected" echo " - Full admin functionality requires valid Nostr admin authentication" echo " - To test with actual admin auth, use the admin interface with configured pubkey"