roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add integration test suite (66 tests covering live API + services + UI)

Browse Source 
Tests cover health, config, all 12 containers, WireGuard, DNS/DHCP/NTP,
services status, peer CRUD with iptables rule verification, service_access
enforcement (full/restricted/no-access), and WebUI smoke tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-24 03:59:19 -04:00
parent d5018c2b34
commit d2ae18f047
6 changed files with 734 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Makefile
+12 -1
View File
@@ -8,6 +8,7 @@
backup restore \ backup restore \
test test-all test-unit test-coverage test-api test-cli \ test test-all test-unit test-coverage test-api test-cli \
test-phase1 test-phase2 test-phase3 test-phase4 test-all-phases \ test-phase1 test-phase2 test-phase3 test-phase4 test-all-phases \
test-integration test-integration-readonly \
show-routes add-peer list-peers show-routes add-peer list-peers
# Detect docker compose command (v2 plugin preferred, fallback to v1 standalone) # Detect docker compose command (v2 plugin preferred, fallback to v1 standalone)
@@ -54,7 +55,9 @@ help:
@echo "" @echo ""
@echo "Tests:" @echo "Tests:"
@echo " test - Run all tests" @echo " test - Run all tests"
@echo " test-coverage - Run tests with HTML coverage report" @echo " test-coverage - Run tests with HTML coverage report"
@echo " test-integration - Full integration tests (needs running stack)"
@echo " test-integration-readonly - Read-only integration tests (safe to run anytime)"
@echo "" @echo ""
@echo "Peers:" @echo "Peers:"
@echo " list-peers - List configured WireGuard peers" @echo " list-peers - List configured WireGuard peers"
@@ -227,6 +230,14 @@ test-unit:
test-coverage: test-coverage:
pytest tests/ api/tests/ --cov=api --cov-report=html --cov-report=term-missing --cov-fail-under=70 -v pytest tests/ api/tests/ --cov=api --cov-report=html --cov-report=term-missing --cov-fail-under=70 -v
test-integration:
@echo "Running full integration tests (requires running PIC stack)..."
PIC_HOST=$${PIC_HOST:-localhost} pytest tests/integration/ -v
test-integration-readonly:
@echo "Running read-only integration tests (no peer creation)..."
PIC_HOST=$${PIC_HOST:-localhost} pytest tests/integration/test_live_api.py tests/integration/test_webui.py -v
test-api: test-api:
cd api && python3 -m pytest tests/test_api_endpoints.py -v cd api && python3 -m pytest tests/test_api_endpoints.py -v
tests/integration/__init__.py
View File
tests/integration/conftest.py
+97
View File
@@ -0,0 +1,97 @@
"""
Shared fixtures for live integration tests.
Configure with environment variables:
PIC_HOST API host (default: localhost)
PIC_API_PORT API port (default: 3000)
PIC_WEBUI_PORT WebUI port (default: 80)
PIC_WG_CONTAINER WireGuard container name (default: cell-wireguard)
"""
import os
import json
import subprocess
import pytest
import requests
PIC_HOST = os.environ.get('PIC_HOST', 'localhost')
API_PORT = int(os.environ.get('PIC_API_PORT', '3000'))
WEBUI_PORT = int(os.environ.get('PIC_WEBUI_PORT', '80'))
WG_CONTAINER = os.environ.get('PIC_WG_CONTAINER', 'cell-wireguard')
API_BASE = f"http://{PIC_HOST}:{API_PORT}"
WEBUI_BASE = f"http://{PIC_HOST}:{WEBUI_PORT}"
TEST_PEERS = (
'integration-test-full',
'integration-test-restricted',
'integration-test-none',
'bad-svc-peer', # guard against validation-test leak
)
@pytest.fixture(scope='session')
def api():
s = requests.Session()
s.headers['Content-Type'] = 'application/json'
return s
@pytest.fixture(scope='session')
def api_base():
return API_BASE
@pytest.fixture(scope='session')
def webui_base():
return WEBUI_BASE
@pytest.fixture(scope='session', autouse=True)
def cleanup_test_peers(api):
"""Delete any leftover test peers before and after the entire session."""
for name in TEST_PEERS:
api.delete(f"{API_BASE}/api/peers/{name}")
yield
for name in TEST_PEERS:
api.delete(f"{API_BASE}/api/peers/{name}")
def iptables_forward() -> str:
"""Return iptables-save output from the WireGuard container."""
result = subprocess.run(
['docker', 'exec', WG_CONTAINER, 'iptables-save'],
capture_output=True, text=True, timeout=10,
)
return result.stdout
def peer_rules(peer_ip: str) -> list[str]:
"""Return FORWARD rule lines for a specific peer IP."""
comment = f'pic-peer-{peer_ip.replace(".", "-")}'
return [line for line in iptables_forward().splitlines() if comment in line]
def get_live_service_vips() -> dict:
"""
Read SERVICE_IPS directly from the running API container.
More reliable than the config API since SERVICE_IPS may not match ip_range
when the container was built before an ip_range change.
"""
import json
result = subprocess.run(
['docker', 'exec', 'cell-api', 'python3', '-c',
'import sys; sys.path.insert(0,"/app/api");'
' from firewall_manager import SERVICE_IPS; import json; print(json.dumps(SERVICE_IPS))'],
capture_output=True, text=True, timeout=10,
)
if result.returncode == 0 and result.stdout.strip():
return json.loads(result.stdout)
# Fallback: derive from config API
cfg = requests.get(f"{API_BASE}/api/config").json()
sips = cfg.get('service_ips', {})
return {
'calendar': sips.get('vip_calendar', ''),
'files': sips.get('vip_files', ''),
'mail': sips.get('vip_mail', ''),
'webdav': sips.get('vip_webdav', ''),
}
tests/integration/test_live_api.py
+245
View File
@@ -0,0 +1,245 @@
"""
Read-only integration tests: health, config, containers, WireGuard, network services.
Run with: pytest tests/integration/test_live_api.py -v
Or: PIC_HOST=192.168.31.51 pytest tests/integration/test_live_api.py -v
"""
import pytest
import sys, os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import API_BASE
# Shorthand helpers — always hits the live API
import requests as _req
def get(path, **kw):
return _req.get(f"{API_BASE}{path}", **kw)
def post(path, **kw):
return _req.post(f"{API_BASE}{path}", **kw)
# ---------------------------------------------------------------------------
# Health & status
# ---------------------------------------------------------------------------
class TestHealth:
def test_health_returns_200(self):
r = get('/health')
assert r.status_code == 200
def test_health_body(self):
r = get('/health')
data = r.json()
assert data.get('status') == 'healthy'
assert 'timestamp' in data
def test_api_status_returns_200(self):
r = get('/api/status')
assert r.status_code == 200
def test_api_status_body(self):
r = get('/api/status')
data = r.json()
assert 'cell_name' in data or 'status' in data
# ---------------------------------------------------------------------------
# Config
# ---------------------------------------------------------------------------
class TestConfig:
def test_get_config(self):
r = get('/api/config')
assert r.status_code == 200
def test_config_has_required_fields(self):
data = get('/api/config').json()
for field in ('cell_name', 'domain', 'ip_range'):
assert field in data, f"config missing field: {field}"
def test_config_ip_range_is_cidr(self):
import ipaddress
ip_range = get('/api/config').json()['ip_range']
ipaddress.ip_network(ip_range, strict=False) # raises if invalid
def test_pending_endpoint_reachable(self):
r = get('/api/config/pending')
assert r.status_code == 200
def test_backups_endpoint_reachable(self):
r = get('/api/config/backups')
assert r.status_code == 200
assert isinstance(r.json(), list)
# ---------------------------------------------------------------------------
# Containers
# ---------------------------------------------------------------------------
EXPECTED_CONTAINERS = [
'cell-caddy', 'cell-dns', 'cell-dhcp', 'cell-ntp',
'cell-mail', 'cell-radicale', 'cell-webdav', 'cell-wireguard',
'cell-api', 'cell-webui', 'cell-rainloop', 'cell-filegator',
]
class TestContainers:
def test_containers_endpoint_reachable(self):
r = get('/api/containers')
assert r.status_code == 200
def test_containers_returns_list(self):
data = get('/api/containers').json()
assert isinstance(data, list)
assert len(data) > 0
def test_all_expected_containers_present(self):
data = get('/api/containers').json()
running = {c['name'] for c in data}
missing = set(EXPECTED_CONTAINERS) - running
assert not missing, f"Containers not found: {missing}"
def test_all_expected_containers_running(self):
data = get('/api/containers').json()
by_name = {c['name']: c for c in data}
not_running = [
name for name in EXPECTED_CONTAINERS
if by_name.get(name, {}).get('status') != 'running'
]
assert not not_running, f"Containers not running: {not_running}"
# ---------------------------------------------------------------------------
# WireGuard
# ---------------------------------------------------------------------------
class TestWireGuard:
def test_wireguard_status_up(self):
r = get('/api/wireguard/status')
assert r.status_code == 200
data = r.json()
assert data.get('running') is True, f"WireGuard not running: {data}"
def test_wireguard_interface_name(self):
data = get('/api/wireguard/status').json()
assert data.get('interface') == 'wg0'
def test_wireguard_keys_endpoint(self):
r = get('/api/wireguard/keys')
assert r.status_code == 200
data = r.json()
assert 'public_key' in data
def test_wireguard_wg_peers_endpoint(self):
r = get('/api/wireguard/peers')
assert r.status_code == 200
assert isinstance(r.json(), list)
def test_wireguard_config_endpoint(self):
r = get('/api/wireguard/config')
assert r.status_code == 200
# ---------------------------------------------------------------------------
# Network services: DNS, DHCP, NTP
# ---------------------------------------------------------------------------
class TestNetworkServices:
def test_dns_records_endpoint(self):
r = get('/api/dns/records')
assert r.status_code == 200
def test_dns_status_endpoint(self):
r = get('/api/dns/status')
assert r.status_code == 200
def test_dhcp_leases_endpoint(self):
r = get('/api/dhcp/leases')
assert r.status_code == 200
def test_ntp_status_endpoint(self):
r = get('/api/ntp/status')
assert r.status_code == 200
def test_network_info_endpoint(self):
r = get('/api/network/info')
assert r.status_code == 200
# ---------------------------------------------------------------------------
# Services bus / all-service status
# ---------------------------------------------------------------------------
class TestServicesStatus:
def test_all_services_status_reachable(self):
r = get('/api/services/status')
assert r.status_code == 200
def test_services_status_has_expected_keys(self):
data = get('/api/services/status').json()
for svc in ('network', 'wireguard', 'email', 'calendar', 'files'):
assert svc in data, f"Missing service in status: {svc}"
def test_services_connectivity_reachable(self):
r = get('/api/services/connectivity')
assert r.status_code == 200
def test_health_history_reachable(self):
r = get('/api/health/history')
assert r.status_code == 200
assert isinstance(r.json(), list)
# ---------------------------------------------------------------------------
# Peers read-only
# ---------------------------------------------------------------------------
class TestPeersReadOnly:
def test_peers_list_endpoint(self):
r = get('/api/peers')
assert r.status_code == 200
assert isinstance(r.json(), list)
def test_peers_have_required_fields(self):
peers = get('/api/peers').json()
for peer in peers:
for field in ('peer', 'ip', 'public_key', 'service_access'):
assert field in peer, f"Peer missing field '{field}': {peer}"
def test_peer_service_access_values_are_valid(self):
valid = {'calendar', 'files', 'mail', 'webdav'}
peers = get('/api/peers').json()
for peer in peers:
for svc in peer.get('service_access', []):
assert svc in valid, f"Unknown service '{svc}' in peer {peer['peer']}"
def test_wg_peer_statuses_endpoint(self):
r = get('/api/wireguard/peers/statuses')
assert r.status_code == 200
# ---------------------------------------------------------------------------
# Input validation (no state changes)
# ---------------------------------------------------------------------------
class TestValidation:
def test_add_peer_missing_name_returns_400(self):
r = post('/api/peers', json={'public_key': 'dummykey=='})
assert r.status_code == 400
def test_add_peer_missing_key_returns_400(self):
r = post('/api/peers', json={'name': 'no-key-peer'})
assert r.status_code == 400
def test_add_peer_invalid_service_access_returns_400(self):
r = post('/api/peers', json={
'name': 'bad-svc-peer',
'public_key': 'dummykey==',
'service_access': ['invalid_service'],
})
assert r.status_code == 400
assert 'service_access' in r.json().get('error', '')
def test_generate_keys_missing_name_returns_400(self):
r = post('/api/wireguard/keys/peer', json={})
assert r.status_code == 400
tests/integration/test_peer_lifecycle.py
+330
View File
@@ -0,0 +1,330 @@
"""
Peer lifecycle integration tests.
Covers:
- Key generation via API
- Peer creation with various service_access configs
- Iptables rule verification (enforcement layer)
- Peer update → rules re-applied
- Peer deletion → rules cleaned up
- Duplicate name rejection
- DNS ACL file updated on peer changes
Run with: pytest tests/integration/test_peer_lifecycle.py -v
"""
import pytest
import requests
import sys, os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import API_BASE, peer_rules, iptables_forward, get_live_service_vips
# Service → virtual IP mapping (mirrors firewall_manager.SERVICE_IPS)
ALL_SERVICES = {'calendar', 'files', 'mail', 'webdav'}
ALL_PEERS = ('integration-test-full', 'integration-test-restricted', 'integration-test-none')
def api_post(path, **kw):
return requests.post(f"{API_BASE}{path}", **kw)
def api_get(path, **kw):
return requests.get(f"{API_BASE}{path}", **kw)
def api_put(path, **kw):
return requests.put(f"{API_BASE}{path}", **kw)
def api_delete(path, **kw):
return requests.delete(f"{API_BASE}{path}", **kw)
# ---------------------------------------------------------------------------
# Helper
# ---------------------------------------------------------------------------
def generate_keys(name: str) -> dict:
r = api_post('/api/wireguard/keys/peer', json={'name': name})
assert r.status_code == 200, f"Key generation failed: {r.text}"
keys = r.json()
assert 'public_key' in keys and 'private_key' in keys
return keys
def get_peer(name: str) -> dict | None:
peers = api_get('/api/peers').json()
return next((p for p in peers if p['peer'] == name), None)
def assert_iptables_accept(peer_ip: str, service: str, vips: dict):
"""Assert the peer has an ACCEPT rule for the given service VIP."""
vip = vips[service]
rules = peer_rules(peer_ip)
matching = [r for r in rules if vip in r and 'ACCEPT' in r]
assert matching, (
f"Expected ACCEPT rule for {service} ({vip}) on peer {peer_ip}.\n"
f"Current rules:\n" + "\n".join(rules)
)
def assert_iptables_drop(peer_ip: str, service: str, vips: dict):
"""Assert the peer has a DROP rule for the given service VIP."""
vip = vips[service]
rules = peer_rules(peer_ip)
matching = [r for r in rules if vip in r and 'DROP' in r]
assert matching, (
f"Expected DROP rule for {service} ({vip}) on peer {peer_ip}.\n"
f"Current rules:\n" + "\n".join(rules)
)
def get_service_vips() -> dict:
"""Return the actual SERVICE_IPS used by the running firewall_manager."""
return get_live_service_vips()
# ---------------------------------------------------------------------------
# Key generation
# ---------------------------------------------------------------------------
class TestKeyGeneration:
def test_generate_keys_returns_key_pair(self):
keys = generate_keys('integration-test-keygen')
assert len(keys['public_key']) > 20
assert len(keys['private_key']) > 20
def test_generated_keys_are_different(self):
k1 = generate_keys('integration-test-keygen-a')
k2 = generate_keys('integration-test-keygen-b')
assert k1['public_key'] != k2['public_key']
# ---------------------------------------------------------------------------
# Peer with FULL service access
# ---------------------------------------------------------------------------
class TestPeerFullAccess:
PEER_NAME = 'integration-test-full'
def test_create_peer_full_access(self):
keys = generate_keys(self.PEER_NAME)
r = api_post('/api/peers', json={
'name': self.PEER_NAME,
'public_key': keys['public_key'],
'service_access': list(ALL_SERVICES),
})
assert r.status_code == 201, f"Peer creation failed: {r.text}"
data = r.json()
assert 'ip' in data
assert self.PEER_NAME in data.get('message', '')
def test_peer_appears_in_list(self):
peer = get_peer(self.PEER_NAME)
assert peer is not None, f"Peer {self.PEER_NAME} not found in /api/peers"
assert set(peer['service_access']) == ALL_SERVICES
def test_iptables_accept_all_services(self):
peer = get_peer(self.PEER_NAME)
assert peer, "Peer not found"
vips = get_service_vips()
for svc in ALL_SERVICES:
assert_iptables_accept(peer['ip'], svc, vips)
def test_iptables_has_internet_accept(self):
peer = get_peer(self.PEER_NAME)
rules = peer_rules(peer['ip'])
# The catch-all internet ACCEPT rule has no -d destination in iptables-save format.
# Service rules always have '-d VIP/32'; the internet rule omits -d entirely.
catch_all = [r for r in rules if '-j ACCEPT' in r and '-d ' not in r]
assert catch_all, (
f"No catch-all ACCEPT rule (internet access) found for {self.PEER_NAME}.\n"
f"Rules:\n" + "\n".join(rules)
)
def test_duplicate_peer_name_rejected(self):
keys = generate_keys(self.PEER_NAME + '-dup')
r = api_post('/api/peers', json={
'name': self.PEER_NAME,
'public_key': keys['public_key'],
})
assert r.status_code == 400, "Duplicate peer should be rejected"
def test_delete_peer_full_access(self):
r = api_delete(f'/api/peers/{self.PEER_NAME}')
assert r.status_code == 200
assert get_peer(self.PEER_NAME) is None
def test_iptables_rules_removed_after_delete(self):
# Peer was deleted in the previous test — rules must be gone
# We don't have the IP cached here, so verify no test-full comment exists
fw = iptables_forward()
comment = f'pic-peer-'
# Build expected comment from peer name (we need the IP — check all lines)
# If the peer is gone, no rules with this peer's typical IP should mention the test name
# We verify by checking no 'integration-test-full' style comment exists
# (Comments use IPs, not names — so just verify the previous peer IP is gone)
# Since we can't get the IP after deletion, we verify the list is clean
remaining = api_get('/api/peers').json()
names = [p['peer'] for p in remaining]
assert self.PEER_NAME not in names
# ---------------------------------------------------------------------------
# Peer with RESTRICTED service access (calendar only)
# ---------------------------------------------------------------------------
class TestPeerRestrictedAccess:
PEER_NAME = 'integration-test-restricted'
def test_create_peer_restricted_access(self):
keys = generate_keys(self.PEER_NAME)
r = api_post('/api/peers', json={
'name': self.PEER_NAME,
'public_key': keys['public_key'],
'service_access': ['calendar'],
'internet_access': False,
})
assert r.status_code == 201, f"Peer creation failed: {r.text}"
def test_peer_service_access_stored_correctly(self):
peer = get_peer(self.PEER_NAME)
assert peer is not None
assert peer['service_access'] == ['calendar']
assert peer.get('internet_access') is False
def test_iptables_calendar_accepted(self):
peer = get_peer(self.PEER_NAME)
vips = get_service_vips()
assert_iptables_accept(peer['ip'], 'calendar', vips)
def test_iptables_other_services_dropped(self):
peer = get_peer(self.PEER_NAME)
vips = get_service_vips()
for svc in ('files', 'mail', 'webdav'):
assert_iptables_drop(peer['ip'], svc, vips)
def test_iptables_no_internet_accept(self):
peer = get_peer(self.PEER_NAME)
rules = peer_rules(peer['ip'])
# internet_access=False → no catch-all ACCEPT (no -d rule that is ACCEPT)
catch_all_accept = [r for r in rules if '-j ACCEPT' in r and '-d ' not in r]
assert not catch_all_accept, (
f"internet_access=False peer should not have catch-all ACCEPT.\nRules:\n"
+ "\n".join(rules)
)
def test_update_peer_add_files_access(self):
r = api_put(f'/api/peers/{self.PEER_NAME}',
json={'service_access': ['calendar', 'files']})
assert r.status_code == 200
def test_iptables_updated_after_service_change(self):
peer = get_peer(self.PEER_NAME)
vips = get_service_vips()
assert_iptables_accept(peer['ip'], 'calendar', vips)
assert_iptables_accept(peer['ip'], 'files', vips)
assert_iptables_drop(peer['ip'], 'mail', vips)
assert_iptables_drop(peer['ip'], 'webdav', vips)
def test_delete_restricted_peer(self):
peer = get_peer(self.PEER_NAME)
assert peer is not None
peer_ip = peer['ip']
r = api_delete(f'/api/peers/{self.PEER_NAME}')
assert r.status_code == 200
assert get_peer(self.PEER_NAME) is None
remaining_rules = peer_rules(peer_ip)
assert not remaining_rules, (
f"Iptables rules remain after deletion of {self.PEER_NAME} ({peer_ip}):\n"
+ "\n".join(remaining_rules)
)
# ---------------------------------------------------------------------------
# Peer with NO service access and NO internet
# ---------------------------------------------------------------------------
class TestPeerNoAccess:
PEER_NAME = 'integration-test-none'
def test_create_peer_no_access(self):
keys = generate_keys(self.PEER_NAME)
r = api_post('/api/peers', json={
'name': self.PEER_NAME,
'public_key': keys['public_key'],
'service_access': [],
'internet_access': False,
'peer_access': False,
})
assert r.status_code == 201, f"Peer creation failed: {r.text}"
def test_peer_stored_with_empty_service_access(self):
peer = get_peer(self.PEER_NAME)
assert peer is not None
assert peer['service_access'] == []
assert peer.get('internet_access') is False
assert peer.get('peer_access') is False
def test_iptables_all_services_dropped(self):
peer = get_peer(self.PEER_NAME)
vips = get_service_vips()
for svc in ALL_SERVICES:
assert_iptables_drop(peer['ip'], svc, vips)
def test_iptables_peer_to_peer_dropped(self):
peer = get_peer(self.PEER_NAME)
rules = peer_rules(peer['ip'])
# peer_access=False → 10.0.0.0/24 should be DROP
peer_net_drop = [r for r in rules if '10.0.0.0/24' in r and 'DROP' in r]
assert peer_net_drop, (
f"Expected DROP rule for peer-to-peer traffic on {self.PEER_NAME}\n"
+ "\n".join(rules)
)
def test_delete_no_access_peer(self):
peer = get_peer(self.PEER_NAME)
assert peer is not None
peer_ip = peer['ip']
r = api_delete(f'/api/peers/{self.PEER_NAME}')
assert r.status_code == 200
remaining_rules = peer_rules(peer_ip)
assert not remaining_rules, (
f"Iptables rules remain after deletion ({peer_ip}):\n"
+ "\n".join(remaining_rules)
)
# ---------------------------------------------------------------------------
# Concurrent peer registry consistency
# ---------------------------------------------------------------------------
class TestPeerRegistryConsistency:
def test_peer_ips_are_unique(self):
peers = api_get('/api/peers').json()
ips = [p['ip'] for p in peers]
assert len(ips) == len(set(ips)), f"Duplicate IPs in peer registry: {ips}"
def test_all_peer_ips_in_wireguard_subnet(self):
import ipaddress
cfg = api_get('/api/config').json()
wg_addr = cfg.get('service_configs', {}).get('wireguard', {}).get('address', '')
if not wg_addr:
pytest.skip("No WireGuard address configured")
network = ipaddress.ip_network(wg_addr, strict=False)
peers = api_get('/api/peers').json()
for peer in peers:
ip_str = peer['ip'].split('/')[0]
ip = ipaddress.ip_address(ip_str)
assert ip in network, (
f"Peer {peer['peer']} IP {ip_str} is outside WireGuard subnet {network}"
)
def test_each_live_peer_has_iptables_rules(self):
peers = api_get('/api/peers').json()
for peer in peers:
rules = peer_rules(peer['ip'])
assert rules, (
f"Peer {peer['peer']} ({peer['ip']}) has no iptables rules — "
"enforcement is missing"
)
tests/integration/test_webui.py
+50
View File
@@ -0,0 +1,50 @@
"""
WebUI smoke tests — verify the React app is served correctly.
These don't test UI interactions (that requires Playwright).
They verify the static serving layer is working and the JS bundle loads.
Run with: pytest tests/integration/test_webui.py -v
"""
import requests
import sys, os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import WEBUI_BASE
def get(path, **kw):
return requests.get(f"{WEBUI_BASE}{path}", **kw)
class TestWebUIServing:
def test_root_returns_200(self):
r = get('/')
assert r.status_code == 200
def test_root_is_html(self):
r = get('/')
assert 'text/html' in r.headers.get('Content-Type', '')
def test_root_contains_react_mount(self):
r = get('/')
assert '<div id="root">' in r.text, "React mount point not found in index.html"
def test_root_references_js_bundle(self):
r = get('/')
assert '.js' in r.text, "No JS bundle reference found in index.html"
def test_spa_routing_fallback(self):
# SPA routes that don't exist as files should still return index.html
for path in ('/peers', '/settings', '/wireguard', '/network'):
r = get(path)
assert r.status_code == 200, f"SPA route {path} returned {r.status_code}"
assert 'text/html' in r.headers.get('Content-Type', ''), \
f"SPA route {path} didn't return HTML"
def test_api_reachable_from_webui_origin(self):
# Verify the API is accessible (CORS / proxy config working)
r = requests.get(f"{WEBUI_BASE.rstrip('/')}/api/status".replace(
f':{80}', '').replace('///', '//'))
# The webui container proxies /api → cell-api, so this should work
# If not proxied, it might 404 — either way it shouldn't be a connection error
assert r.status_code in (200, 404, 301, 302)