Rose/test.php at master · zepzeper/Rose · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php

// This is a simple script to test CORS middleware functionality

// Include autoloader
require_once __DIR__ . '/vendor/autoload.php';

use Rose\Http\Middleware\CorsMiddleware as RoseCorsMiddleware;
use Rose\Pipeline\Pipeline as RosePipeline;
use Rose\Roots\Application;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

// Create a simple application container mock for testing
$app = Application::configure(basePath: dirname(__DIR__))
    ->withRouting()
    ->create();

// Function to test CORS with different configurations
function testCors($app, $title, $config, $origin = null, $method = 'GET')
{
    echo "\033[1;33m=== Testing: {$title} ===\033[0m\n";

    // Create middleware
    $middleware = new RoseCorsMiddleware($config);

    // Create pipeline
    $pipeline = new RosePipeline($app);
    $pipeline->through([$middleware]);

    // Create test request
    $request = Request::create('/api/users', $method);
    if ($origin) {
        $request->headers->set('Origin', $origin);
    }

    if ($method === 'OPTIONS') {
        $request->headers->set('Access-Control-Request-Method', 'GET');
        $request->headers->set('Access-Control-Request-Headers', 'Content-Type');
    }

    // Process request through middleware
    $response = $pipeline->then($request, function ($request) {
        return new Response('Test response', 200);
    });

    // Check results
    echo "Request: {$method} /api/users" . ($origin ? " (Origin: {$origin})" : "") . "\n";
    echo "Response Status: {$response->getStatusCode()}\n";
    echo "Response Headers:\n";

    $corsHeaders = array_filter(
        $response->headers->all(),
        function ($key) {
            return strpos($key[0], 'access-control') === 0;
        },
        ARRAY_FILTER_USE_KEY
    );

    if (empty($corsHeaders)) {
        echo "  \033[31mNo CORS headers found\033[0m\n";
    } else {
        foreach ($corsHeaders as $name => $values) {
            echo "  \033[32m{$name}\033[0m: " . implode(', ', $values) . "\n";
        }
    }

    echo "\n";
}

$app->handleRequest(Request::createFromGlobals());
dd($app);

// Run tests with different configurations

// Test 1: Allow all origins with default settings
testCors($app, "Default configuration with wildcard origin", [
    'allowedOrigins' => ['*'],
], 'https://example.com');

// Test 2: Allow specific origin
testCors($app, "Specific allowed origin", [
    'allowedOrigins' => ['https://example.com'],
], 'https://example.com');

// Test 3: Disallowed origin
testCors($app, "Disallowed origin", [
    'allowedOrigins' => ['https://example.com'],
], 'https://malicious-site.com');

// Test 4: Preflight request
testCors($app, "Preflight request", [
    'allowedOrigins' => ['https://example.com'],
    'allowedMethods' => ['GET', 'POST'],
    'allowedHeaders' => ['Content-Type'],
    'maxAge' => 3600,
], 'https://example.com', 'OPTIONS');

// Test 5: With credentials
testCors($app, "With credentials support", [
    'allowedOrigins' => ['https://example.com'],
    'supportsCredentials' => true,
], 'https://example.com');

echo "\033[1;32mAll tests completed\033[0m\n";