fix(smoke-test): add auth-aware frontend checks with login support (#3641)

This commit is contained in:
Zhipeng Zheng 2026-06-19 11:15:28 +08:00 committed by GitHub
parent 86a4744941
commit b5a4d3414b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 137 additions and 4 deletions

View file

@ -97,14 +97,14 @@ smoke-test/
2. **Check frontend service** - Visit `http://localhost:2026` and verify that the page loads
3. **Check API Gateway** - Verify the `http://localhost:2026/health` endpoint
4. **Check LangGraph-compatible API** - Verify the `/api/langgraph/*` route exposed by Gateway
5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace`
5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace`. The script auto-detects whether authentication is enabled and, if so, registers / logs in a smoke-test user so the real pages are verified rather than the login redirect.
**Docker mode health check** (when using Docker):
1. **Check container status** - Run `docker ps` and confirm that all containers are running
2. **Check frontend service** - Visit `http://localhost:2026` and verify that the page loads
3. **Check API Gateway** - Verify the `http://localhost:2026/health` endpoint
4. **Check LangGraph-compatible API** - Verify the `/api/langgraph/*` route exposed by Gateway
5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace`
5. **Frontend route smoke check** - Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh` to verify key routes under `/workspace`. The script auto-detects whether authentication is enabled and, if so, registers / logs in a smoke-test user so the real pages are verified rather than the login redirect.
### Optional Functional Verification
@ -136,6 +136,7 @@ smoke-test/
The following warnings can appear during smoke testing and do not block a successful result:
- Feishu/Lark SSL errors in Gateway logs (certificate verification failure) can be ignored if that channel is not enabled
- Warnings in Gateway logs about missing methods in the custom checkpointer, such as `adelete_for_runs` or `aprune`, do not affect the core functionality
- The `frontend_check.sh` script automatically handles authentication. When auth is enabled it registers / logs in a smoke-test user (`smoke-test@deerflow.dev` by default) to verify the real `/workspace/*` pages. The registration may produce a log entry from the auth provider, which is expected and harmless.
## Key Tools

View file

@ -361,6 +361,22 @@ curl http://localhost:2026/health
---
#### 5.1.5 Frontend Route Smoke Check
**Objective**: Verify key `/workspace/*` frontend routes render correctly.
**Steps**:
1. Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh`.
2. The script auto-detects whether authentication (`DEER_FLOW_AUTH_DISABLED`) is enabled.
3. When auth is on, the script registers / logs in a smoke-test user (`smoke-test@deerflow.dev` by default) and passes the session cookie so the real `/workspace/*` pages are verified — not the login redirect.
4. When auth is off, the routes are checked anonymously as before.
**Customisation**:
- `SMOKE_TEST_EMAIL` — email for the test account (default: `smoke-test@deerflow.dev`).
- `SMOKE_TEST_PASSWORD` — password for the test account (default: `SmokeTest123!`).
---
### 5.2 Docker Mode Health Check (When Using Docker)
#### 5.2.1 Check Container Status
@ -411,6 +427,22 @@ curl http://localhost:2026/health
---
#### 5.2.5 Frontend Route Smoke Check
**Objective**: Verify key `/workspace/*` frontend routes render correctly.
**Steps**:
1. Run `bash .agent/skills/smoke-test/scripts/frontend_check.sh`.
2. The script auto-detects whether authentication (`DEER_FLOW_AUTH_DISABLED`) is enabled.
3. When auth is on, the script registers / logs in a smoke-test user (`smoke-test@deerflow.dev` by default) and passes the session cookie so the real `/workspace/*` pages are verified — not the login redirect.
4. When auth is off, the routes are checked anonymously as before.
**Customisation**:
- `SMOKE_TEST_EMAIL` — email for the test account (default: `smoke-test@deerflow.dev`).
- `SMOKE_TEST_PASSWORD` — password for the test account (default: `SmokeTest123!`).
---
## Optional Functional Verification
### 6.1 List Available Models

View file

@ -9,6 +9,99 @@ echo ""
BASE_URL="${BASE_URL:-http://localhost:2026}"
DOC_PATH="${DOC_PATH:-/en/docs}"
# When the gateway has authentication enabled (DEER_FLOW_AUTH_DISABLED != 1),
# protected /workspace/* routes redirect anonymous requests to /login.
# We detect auth, register / log in a smoke-test user, and pass the session
# cookie to all curl calls so the real pages are verified, not the login form.
SMOKE_TEST_EMAIL="${SMOKE_TEST_EMAIL:-smoke-test@deerflow.dev}"
SMOKE_TEST_PASSWORD="${SMOKE_TEST_PASSWORD:-SmokeTest123!}"
COOKIE_JAR=$(mktemp /tmp/deerflow-smoke-cookies.XXXXXX)
trap 'rm -f "$COOKIE_JAR"' EXIT
CURL_AUTH_OPTS=""
authenticate() {
# Make sure the service is reachable before detecting auth
local health
health=$(curl -s -o /dev/null -w "%{http_code}" "${BASE_URL}/" 2>/dev/null)
if [ "$health" = "000" ]; then
echo "✗ Cannot reach ${BASE_URL} — is the service running?"
return 1
fi
# A protected endpoint returns 401 when auth is on
local auth_check
auth_check=$(curl -s -o /dev/null -w "%{http_code}" "${BASE_URL}/api/models" 2>/dev/null)
if [ "$auth_check" != "401" ]; then
echo " Auth is disabled — no login needed"
return 0
fi
echo "🔐 Auth is enabled — setting up smoke test session..."
# Check whether the system needs first-boot initialization
local needs_setup
needs_setup=$(curl -s "${BASE_URL}/api/v1/auth/setup-status" \
| grep -o '"needs_setup":[^,}]*' | grep -o 'true\|false')
if [ "$needs_setup" = "true" ]; then
echo " Initializing system with smoke test admin..."
local init_code
init_code=$(curl -s -o /dev/null -w "%{http_code}" \
-X POST "${BASE_URL}/api/v1/auth/initialize" \
-H "Content-Type: application/json" \
-d "{\"email\":\"${SMOKE_TEST_EMAIL}\",\"password\":\"${SMOKE_TEST_PASSWORD}\"}" \
-c "$COOKIE_JAR" 2>/dev/null)
if [ "$init_code" != "201" ]; then
echo "✗ Initialize failed (HTTP $init_code)"
return 1
fi
echo "✓ Admin initialized & logged in"
elif [ -z "$needs_setup" ]; then
echo "⚠ Could not determine setup status — skipping initialize, trying register/login"
else
# Register first — on success (201) it also auto-logs-in via the cookie.
# This avoids a wasted login attempt that counts toward rate-limiting.
local auth_code
auth_code=$(curl -s -o /dev/null -w "%{http_code}" \
-X POST "${BASE_URL}/api/v1/auth/register" \
-H "Content-Type: application/json" \
-d "{\"email\":\"${SMOKE_TEST_EMAIL}\",\"password\":\"${SMOKE_TEST_PASSWORD}\"}" \
-c "$COOKIE_JAR" 2>/dev/null)
if [ "$auth_code" = "201" ]; then
echo "✓ Registered as ${SMOKE_TEST_EMAIL}"
else
# User already exists — clear stale cookies from register attempt, then log in
: > "$COOKIE_JAR"
local login_code
login_code=$(curl -s -o /dev/null -w "%{http_code}" \
-X POST "${BASE_URL}/api/v1/auth/login/local" \
--data-urlencode "username=${SMOKE_TEST_EMAIL}" \
--data-urlencode "password=${SMOKE_TEST_PASSWORD}" \
-c "$COOKIE_JAR" 2>/dev/null)
if [ "$login_code" != "200" ]; then
echo "✗ Login failed (HTTP $login_code)"
return 1
fi
echo "✓ Logged in as ${SMOKE_TEST_EMAIL}"
fi
fi
# Verify the session cookie works across all branches
local me_code
me_code=$(curl -s -o /dev/null -w "%{http_code}" \
-b "$COOKIE_JAR" "${BASE_URL}/api/v1/auth/me" 2>/dev/null)
if [ "$me_code" = "200" ]; then
echo "✓ Session verified for ${SMOKE_TEST_EMAIL}"
CURL_AUTH_OPTS="-b $COOKIE_JAR"
return 0
fi
echo "✗ Auth failed — session cookie not accepted (HTTP $me_code)"
echo " Set SMOKE_TEST_EMAIL / SMOKE_TEST_PASSWORD or check the existing account"
return 1
}
all_passed=true
check_status() {
@ -17,7 +110,7 @@ check_status() {
local expected_re="$3"
local status
status="$(curl -s -o /dev/null -w "%{http_code}" -L "$url")"
status="$(curl -s -o /dev/null -w "%{http_code}" -L ${CURL_AUTH_OPTS} "$url")"
if echo "$status" | grep -Eq "$expected_re"; then
echo "$name ($url) -> $status"
else
@ -32,7 +125,7 @@ check_final_url() {
local expected_path_re="$3"
local effective
effective="$(curl -s -o /dev/null -w "%{url_effective}" -L "$url")"
effective="$(curl -s -o /dev/null -w "%{url_effective}" -L ${CURL_AUTH_OPTS} "$url")"
if echo "$effective" | grep -Eq "$expected_path_re"; then
echo "$name redirect target -> $effective"
else
@ -41,6 +134,10 @@ check_final_url() {
fi
}
# Authenticate before checking protected routes
authenticate || exit 1
echo ""
echo "1. Checking entry pages..."
check_status "Landing page" "${BASE_URL}/" "200"
check_status "Workspace redirect" "${BASE_URL}/workspace" "200|301|302|307|308"
@ -49,8 +146,11 @@ echo ""
echo "2. Checking key workspace routes..."
check_status "New chat page" "${BASE_URL}/workspace/chats/new" "200"
check_final_url "New chat page" "${BASE_URL}/workspace/chats/new" "/workspace/"
check_status "Chats list page" "${BASE_URL}/workspace/chats" "200"
check_final_url "Chats list page" "${BASE_URL}/workspace/chats" "/workspace/"
check_status "Agents gallery page" "${BASE_URL}/workspace/agents" "200"
check_final_url "Agents gallery page" "${BASE_URL}/workspace/agents" "/workspace/agents"
echo ""
echo "3. Checking docs route (optional)..."