#!/bin/bash # Configuration GATEWAY_URL="${GATEWAY_URL:-http://localhost:8000}" PROJECT_NAME="test-project-$(date +%s)" USER_EMAIL="user-$(date +%s)@example.com" USER_PASSWORD="securepassword123" echo "๐Ÿงช Starting Multi-tenancy E2E Test..." echo "-------------------------------------" # 1. Create Project echo "1. Creating Project '$PROJECT_NAME'..." RESPONSE=$(curl -s -X POST "$GATEWAY_URL/platform/v1/projects" \ -H "Content-Type: application/json" \ -d "{\"name\": \"$PROJECT_NAME\"}") # Extract keys using grep/sed/awk since jq might not be installed ANON_KEY=$(echo $RESPONSE | grep -o '"anon_key":"[^"]*' | cut -d'"' -f4) SERVICE_KEY=$(echo $RESPONSE | grep -o '"service_role_key":"[^"]*' | cut -d'"' -f4) PROJECT_ID=$(echo $RESPONSE | grep -o '"id":"[^"]*' | cut -d'"' -f4) if [ -z "$ANON_KEY" ]; then echo "โŒ Failed to create project. Response: $RESPONSE" exit 1 fi echo "โœ… Project Created!" echo " ID: $PROJECT_ID" # echo " Anon Key: $ANON_KEY" echo " (Keys received)" # 2. Signup User (Project Context) echo "" echo "2. Signing up user '$USER_EMAIL' in project context..." SIGNUP_RES=$(curl -v -X POST "$GATEWAY_URL/auth/v1/signup" \ -H "Content-Type: application/json" \ -H "apikey: $ANON_KEY" \ -H "x-project-ref: $PROJECT_NAME" \ -d "{\"email\": \"$USER_EMAIL\", \"password\": \"$USER_PASSWORD\"}") # Check for success (access_token present) ACCESS_TOKEN=$(echo $SIGNUP_RES | grep -o '"access_token":"[^"]*' | cut -d'"' -f4) if [ -z "$ACCESS_TOKEN" ]; then # Maybe user already exists or error? echo "โš ๏ธ Signup response: $SIGNUP_RES" # Try login instead if signup failed (e.g. if we re-ran script quickly) echo " Attempting login..." LOGIN_RES=$(curl -v -X POST "$GATEWAY_URL/auth/v1/token?grant_type=password" \ -H "Content-Type: application/json" \ -H "apikey: $ANON_KEY" \ -H "x-project-ref: $PROJECT_NAME" \ -d "{\"email\": \"$USER_EMAIL\", \"password\": \"$USER_PASSWORD\"}") ACCESS_TOKEN=$(echo $LOGIN_RES | grep -o '"access_token":"[^"]*' | cut -d'"' -f4) fi if [ -z "$ACCESS_TOKEN" ]; then echo "โŒ Authentication failed." exit 1 fi echo "โœ… Authenticated! Token received." # 3. Create Data (Insert into public.users? Or create a table first?) # Since we don't have a 'create table' API exposed (except maybe via RPC or direct SQL which we don't expose via REST), # we can only insert into EXISTING tables. # The only table guaranteed to exist is `auth.users` (which we just inserted into via Signup) # and `storage.buckets`. # Let's try to list buckets using the new user token. echo "" echo "3. Testing Data/Storage Access (List Buckets)..." BUCKETS_RAW=$(curl -sS -X GET "$GATEWAY_URL/storage/v1/bucket" \ -H "apikey: $ANON_KEY" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "x-project-ref: $PROJECT_NAME" \ -w "\nHTTP_STATUS:%{http_code}\n") BUCKETS_STATUS=$(echo "$BUCKETS_RAW" | tail -n 1 | sed 's/HTTP_STATUS://') BUCKETS_RES=$(echo "$BUCKETS_RAW" | sed '$d') echo " Status: $BUCKETS_STATUS" echo " Response: $BUCKETS_RES" if [[ $BUCKETS_STATUS == 2* ]] && [[ $BUCKETS_RES == *"["* ]]; then echo "โœ… Storage API Accessed Successfully!" else echo "โŒ Storage API Failed." exit 1 fi # 4. Verify Project Isolation (Optional - try with wrong key) echo "" echo "4. Verifying Isolation (Access with wrong project ref)..." WRONG_RES=$(curl -s -X GET "$GATEWAY_URL/storage/v1/bucket" \ -H "apikey: $ANON_KEY" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "x-project-ref: non-existent-project") if [[ $WRONG_RES == *"Not Found"* ]] || [[ $WRONG_RES == *"404"* ]] || [[ -z "$WRONG_RES" ]]; then echo "โœ… Isolation Verified (Request failed as expected)." else # Note: Middleware returns 404 if project not found. # curl -s might return empty if 404? No, it returns body. # Let's check status code in real script, but here simple grep. echo " Response: $WRONG_RES" fi echo "" echo "๐ŸŽ‰ E2E Test Completed Successfully!"