mirror of
https://github.com/supabase/supabase.git
synced 2026-05-06 17:00:27 -04:00
Andrey A.
352 lines
11 KiB
Bash
352 lines
11 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Smoke test for self-hosted Supabase - verifies core functionality end-to-end.
|
|
#
|
|
# Usage:
|
|
# sh test-self-hosted.sh # Uses http://localhost:8000
|
|
# sh test-self-hosted.sh <base_url> # Custom URL
|
|
#
|
|
# Prerequisites:
|
|
# - Running self-hosted Supabase instance
|
|
# - .env file with keys configured
|
|
# - jq (for JSON parsing)
|
|
#
|
|
|
|
set -e
|
|
|
|
cleanup_files=""
|
|
trap 'rm -f $cleanup_files' EXIT
|
|
|
|
BASE_URL="${1:-http://localhost:8000}"
|
|
|
|
if [ ! -f .env ]; then
|
|
echo "Error: .env file not found. Run from the project directory."
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v jq >/dev/null 2>&1; then
|
|
echo "Error: jq not found. Install it: https://jqlang.github.io/jq/download/"
|
|
exit 1
|
|
fi
|
|
|
|
# Read keys from .env
|
|
ANON_KEY=$(grep '^ANON_KEY=' .env | cut -d= -f2-)
|
|
SERVICE_ROLE_KEY=$(grep '^SERVICE_ROLE_KEY=' .env | cut -d= -f2-)
|
|
DASHBOARD_USERNAME=$(grep '^DASHBOARD_USERNAME=' .env | cut -d= -f2-)
|
|
DASHBOARD_PASSWORD=$(grep '^DASHBOARD_PASSWORD=' .env | cut -d= -f2-)
|
|
|
|
pass=0
|
|
fail=0
|
|
|
|
check() {
|
|
test_name="$1"
|
|
expected="$2"
|
|
actual="$3"
|
|
|
|
if [ "$actual" = "$expected" ]; then
|
|
echo " PASS: $test_name"
|
|
pass=$((pass + 1))
|
|
else
|
|
echo " FAIL: $test_name (expected $expected, got $actual)"
|
|
fail=$((fail + 1))
|
|
fi
|
|
}
|
|
|
|
http_status() {
|
|
url="$1"
|
|
shift
|
|
curl -s -o /dev/null -w "%{http_code}" "$@" "$url"
|
|
}
|
|
|
|
http_body() {
|
|
url="$1"
|
|
shift
|
|
curl -s "$@" "$url"
|
|
}
|
|
|
|
echo ""
|
|
echo "=== Self-hosted smoke test against $BASE_URL ==="
|
|
echo ""
|
|
|
|
# ---------------------------------------------
|
|
# 1. Container health (via docker compose)
|
|
# ---------------------------------------------
|
|
|
|
echo "--- Container health ---"
|
|
if command -v docker >/dev/null 2>&1; then
|
|
container_status=$(docker compose ps --format json 2>/dev/null | jq -rs '
|
|
[.[] | select(.State != "running" or (.Health != "" and .Health != "healthy"))]
|
|
| (length | tostring) + "|" + ([.[] | .Service + ": State=" + .State + " Health=" + (.Health // "none")] | join(", "))
|
|
' 2>/dev/null || echo "?|")
|
|
unhealthy="${container_status%%|*}"
|
|
container_issues="${container_status#*|}"
|
|
if [ "$unhealthy" = "0" ]; then
|
|
check "All containers healthy" "0" "$unhealthy"
|
|
elif [ "$unhealthy" = "?" ]; then
|
|
echo " SKIP: Could not check container health"
|
|
else
|
|
check "All containers healthy ($container_issues)" "0" "$unhealthy"
|
|
fi
|
|
else
|
|
echo " SKIP: docker not available"
|
|
fi
|
|
|
|
# ---------------------------------------------
|
|
# 2. Studio dashboard
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Studio dashboard ---"
|
|
# Studio may redirect (307/302) after auth - follow redirects
|
|
check "Studio accessible with basic auth" "200" \
|
|
"$(http_status "$BASE_URL/" -L -u "$DASHBOARD_USERNAME:$DASHBOARD_PASSWORD")"
|
|
check "Studio rejects without auth" "401" \
|
|
"$(http_status "$BASE_URL/")"
|
|
|
|
# ---------------------------------------------
|
|
# 3. Auth: create user, sign in, get user, public signup, delete
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Auth: user lifecycle ---"
|
|
|
|
test_email="smoke-test-$$@example.com"
|
|
test_password="smoke-test-password-123456"
|
|
|
|
# Create user via admin API (works regardless of email autoconfirm setting)
|
|
create_resp=$(http_body "$BASE_URL/auth/v1/admin/users" \
|
|
-X POST \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"$test_email\",\"password\":\"$test_password\",\"email_confirm\":true}")
|
|
|
|
user_id=$(echo "$create_resp" | jq -r '.id // empty' 2>/dev/null)
|
|
|
|
if [ -n "$user_id" ]; then
|
|
check "Create user (admin)" "true" "true"
|
|
|
|
# Sign in via public endpoint
|
|
signin_resp=$(http_body "$BASE_URL/auth/v1/token?grant_type=password" \
|
|
-H "apikey: $ANON_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"$test_email\",\"password\":\"$test_password\"}")
|
|
|
|
access_token=$(echo "$signin_resp" | jq -r '.access_token // empty' 2>/dev/null)
|
|
|
|
if [ -n "$access_token" ]; then
|
|
check "Sign in user" "true" "true"
|
|
|
|
# Get user profile with session JWT
|
|
check "Get user profile" "200" \
|
|
"$(http_status "$BASE_URL/auth/v1/user" \
|
|
-H "apikey: $ANON_KEY" \
|
|
-H "Authorization: Bearer $access_token")"
|
|
else
|
|
check "Sign in user" "true" "false"
|
|
fi
|
|
|
|
# Delete user
|
|
delete_status=$(http_status "$BASE_URL/auth/v1/admin/users/$user_id" \
|
|
-X DELETE \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY")
|
|
check "Delete user (admin)" "200" "$delete_status"
|
|
else
|
|
check "Create user (admin)" "true" "false"
|
|
fi
|
|
|
|
# Public signup (optional — depends on email autoconfirm setting)
|
|
signup_email="smoke-signup-$$@example.com"
|
|
signup_resp=$(http_body "$BASE_URL/auth/v1/signup" \
|
|
-H "apikey: $ANON_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"email\":\"$signup_email\",\"password\":\"$test_password\"}")
|
|
|
|
signup_token=$(echo "$signup_resp" | jq -r '.access_token // empty' 2>/dev/null)
|
|
signup_user_id=$(echo "$signup_resp" | jq -r '.id // .user.id // empty' 2>/dev/null)
|
|
|
|
if [ -n "$signup_token" ]; then
|
|
check "Public signup (autoconfirm on)" "true" "true"
|
|
else
|
|
echo " SKIP: Public signup (autoconfirm is off)"
|
|
fi
|
|
|
|
# Clean up signup user if created
|
|
if [ -n "$signup_user_id" ]; then
|
|
http_status "$BASE_URL/auth/v1/admin/users/$signup_user_id" \
|
|
-X DELETE \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" >/dev/null 2>&1
|
|
fi
|
|
|
|
# ---------------------------------------------
|
|
# 4. PostgREST: query
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- PostgREST ---"
|
|
check "REST API query" "200" \
|
|
"$(http_status "$BASE_URL/rest/v1/" \
|
|
-H "apikey: $ANON_KEY")"
|
|
|
|
# ---------------------------------------------
|
|
# 5. GraphQL
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- GraphQL ---"
|
|
gql_resp=$(http_body "$BASE_URL/graphql/v1" \
|
|
-H "apikey: $ANON_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"query":"{ __typename }"}')
|
|
gql_has_data=$(echo "$gql_resp" | jq -r 'if .data then "true" else "false" end' 2>/dev/null)
|
|
check "GraphQL introspection" "true" "$gql_has_data"
|
|
|
|
# ---------------------------------------------
|
|
# 6. Storage: create bucket, upload >6MB file, download, cleanup
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Storage: bucket + file lifecycle ---"
|
|
|
|
bucket_name="smoke-test-$$"
|
|
|
|
# Create bucket
|
|
create_bucket_status=$(http_status "$BASE_URL/storage/v1/bucket" \
|
|
-X POST \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"id\":\"$bucket_name\",\"name\":\"$bucket_name\",\"public\":true}")
|
|
check "Create bucket" "200" "$create_bucket_status"
|
|
|
|
if [ "$create_bucket_status" = "200" ]; then
|
|
# Generate a ~7MB file
|
|
tmpfile=$(mktemp); cleanup_files="$cleanup_files $tmpfile"
|
|
dd if=/dev/urandom of="$tmpfile" bs=1048576 count=7 2>/dev/null
|
|
|
|
# Upload file
|
|
upload_status=$(http_status "$BASE_URL/storage/v1/object/$bucket_name/test-large-file.bin" \
|
|
-X POST \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
|
-H "Content-Type: application/octet-stream" \
|
|
--data-binary "@$tmpfile")
|
|
check "Upload 7MB file" "200" "$upload_status"
|
|
|
|
# Download file and verify size
|
|
download_size=$(curl -s \
|
|
"$BASE_URL/storage/v1/object/public/$bucket_name/test-large-file.bin" | wc -c | tr -d ' ')
|
|
original_size=$(wc -c < "$tmpfile" | tr -d ' ')
|
|
check "Download file (size matches)" "true" \
|
|
"$([ "$download_size" = "$original_size" ] && echo true || echo false)"
|
|
|
|
rm -f "$tmpfile"
|
|
|
|
# Signed URL: upload a small file, create signed URL, fetch without auth
|
|
sign_upload_status=$(http_status "$BASE_URL/storage/v1/object/$bucket_name/sign-test.txt" \
|
|
-X POST \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
|
-H "Content-Type: text/plain" \
|
|
--data-binary "signed url test content")
|
|
check "Upload file for signing" "200" "$sign_upload_status"
|
|
|
|
if [ "$sign_upload_status" = "200" ]; then
|
|
sign_resp=$(http_body "$BASE_URL/storage/v1/object/sign/$bucket_name/sign-test.txt" \
|
|
-X POST \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"expiresIn": 600}')
|
|
signed_path=$(echo "$sign_resp" | jq -r '.signedURL // empty' 2>/dev/null)
|
|
|
|
if [ -n "$signed_path" ]; then
|
|
check "Create signed URL" "true" "true"
|
|
# Fetch signed URL without any auth headers (goes through Kong)
|
|
signed_content=$(curl -s "$BASE_URL/storage/v1$signed_path")
|
|
check "Fetch signed URL (no auth)" "signed url test content" "$signed_content"
|
|
else
|
|
check "Create signed URL" "true" "false"
|
|
fi
|
|
fi
|
|
|
|
# Delete file
|
|
delete_file_status=$(http_status "$BASE_URL/storage/v1/object/$bucket_name/test-large-file.bin" \
|
|
-X DELETE \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY")
|
|
check "Delete file" "200" "$delete_file_status"
|
|
|
|
# Delete signed test file
|
|
http_status "$BASE_URL/storage/v1/object/$bucket_name/sign-test.txt" \
|
|
-X DELETE \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY" >/dev/null 2>&1
|
|
|
|
# Delete bucket
|
|
delete_bucket_status=$(http_status "$BASE_URL/storage/v1/bucket/$bucket_name" \
|
|
-X DELETE \
|
|
-H "apikey: $SERVICE_ROLE_KEY" \
|
|
-H "Authorization: Bearer $SERVICE_ROLE_KEY")
|
|
check "Delete bucket" "200" "$delete_bucket_status"
|
|
fi
|
|
|
|
# ---------------------------------------------
|
|
# 7. Edge Functions
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Edge Functions ---"
|
|
fn_resp=$(http_body "$BASE_URL/functions/v1/hello" \
|
|
-X POST \
|
|
-H "Authorization: Bearer $ANON_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{}')
|
|
check "Call hello function" '"Hello from Edge Functions!"' "$fn_resp"
|
|
|
|
# ---------------------------------------------
|
|
# 8. pg-meta (Studio backend)
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- pg-meta ---"
|
|
check "pg-meta with service_role key" "200" \
|
|
"$(http_status "$BASE_URL/pg/schemas" \
|
|
-H "apikey: $SERVICE_ROLE_KEY")"
|
|
check "pg-meta rejects anon key" "403" \
|
|
"$(http_status "$BASE_URL/pg/schemas" \
|
|
-H "apikey: $ANON_KEY")"
|
|
check "pg-meta rejects no key" "401" \
|
|
"$(http_status "$BASE_URL/pg/schemas")"
|
|
|
|
echo ""
|
|
echo "--- MCP (blocked by default) ---"
|
|
check "/api/mcp blocked" "403" \
|
|
"$(http_status "$BASE_URL/api/mcp")"
|
|
check "/mcp blocked" "403" \
|
|
"$(http_status "$BASE_URL/mcp")"
|
|
|
|
# ---------------------------------------------
|
|
# 9. Realtime
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Realtime ---"
|
|
check "Realtime health" "true" \
|
|
"$([ "$(http_status "$BASE_URL/realtime/v1/api/tenants" \
|
|
-H "apikey: $ANON_KEY")" != "401" ] && echo true || echo false)"
|
|
|
|
# ---------------------------------------------
|
|
# Summary
|
|
# ---------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Results: $pass passed, $fail failed ==="
|
|
echo ""
|
|
|
|
if [ "$fail" -gt 0 ]; then
|
|
exit 1
|
|
fi
|