#!/bin/bash # Configuration BINARY="./bin/veza-backend-api" LOG_FILE="verification_p0.log" echo "=== Verifying P0 Fixes ===" > $LOG_FILE # 1. Verification: Missing JWT_SECRET should exit 1 (MOD-P0-001) echo "[TEST 1] Missing JWT_SECRET" | tee -a $LOG_FILE export DATABASE_URL="postgres://user:pass@localhost:5432/veza_test" unset JWT_SECRET # Run usage: 2>&1 to capture stderr where logs might go OUTPUT=$($BINARY 2>&1) EXIT_CODE=$? if [ $EXIT_CODE -eq 1 ]; then if echo "$OUTPUT" | grep -q "required environment variable JWT_SECRET is not set"; then echo "✅ PASS: Service exited with 1 and identifying error message." | tee -a $LOG_FILE else echo "❌ FAIL: Service exited with 1 but wrong message: $OUTPUT" | tee -a $LOG_FILE fi else echo "❌ FAIL: Service did not exit with 1 (Code: $EXIT_CODE)" | tee -a $LOG_FILE fi echo "--------------------------------" | tee -a $LOG_FILE # 2. Verification: Missing DATABASE_URL should exit 1 echo "[TEST 2] Missing DATABASE_URL" | tee -a $LOG_FILE export JWT_SECRET="super-secret-key-that-is-long-enough-for-validation-32chars" unset DATABASE_URL OUTPUT=$($BINARY 2>&1) EXIT_CODE=$? if [ $EXIT_CODE -eq 1 ]; then if echo "$OUTPUT" | grep -q "DATABASE_URL"; then # Loose check as validation might vary echo "✅ PASS: Service exited with 1 on missing DB URL." | tee -a $LOG_FILE else echo "❌ FAIL: Service exited with 1 but wrong message: $OUTPUT" | tee -a $LOG_FILE fi else echo "❌ FAIL: Service did not exit with 1 (Code: $EXIT_CODE)" | tee -a $LOG_FILE fi echo "--------------------------------" | tee -a $LOG_FILE # 3. Verification: Empty CORS should warn in Prod (MOD-P0-002) echo "[TEST 3] Empty CORS in Production" | tee -a $LOG_FILE export DATABASE_URL="postgres://user:pass@localhost:5432/veza_test" export JWT_SECRET="super-secret-key-that-is-long-enough-for-validation-32chars" export APP_ENV="production" export REDIS_URL="redis://localhost:6379" export RABBITMQ_ENABLE="false" unset CORS_ALLOWED_ORIGINS # We need to run it, check logs, and kill it quickly because it might start successfully # We assume DB/Redis connection failure will happen later or we mock them? # Actually main() calls initDatabase which connects. It will fail on connection usually if DB not up. # But we just want to see validation phase passing -> log warning -> fail on DB. # If it fails on DB, it means it PASSED config validation! # But wait, config.Validate() doesn't check DB connection. initDatabaseWithRetry does. # initDatabaseWithRetry is called inside NewConfig. # So if NewConfig succeeds, it means validation passed. # If db is not reachable, NewConfig returns error "Failed to initialize database". # We want to check the LOG for CORS warning BEFORE that failure or along with it. OUTPUT=$($BINARY 2>&1) # It should fail on DB connection (exit 1), but we grep for CORS warning if echo "$OUTPUT" | grep -q "CORS_ALLOWED_ORIGINS is empty in production. Strict mode enabled"; then echo "✅ PASS: Logged Strict Mode warning." | tee -a $LOG_FILE else echo "❌ FAIL: Did not log Strict Mode warning." | tee -a $LOG_FILE echo "DEBUG OUTPUT: $OUTPUT" >> $LOG_FILE fi echo "=== Verification Complete ===" | tee -a $LOG_FILE cat $LOG_FILE