guanghulab/scripts/smoke-test-subdomains.sh
Guanghu Domestic Migration d1e47f4565
Some checks are pending
自动更新代码和重启 / update-and-restart (push) Waiting to run
CI检查 + 自动部署 / check (push) Waiting to run
CI检查 + 自动部署 / deploy (push) Blocked by required conditions
重启聊天服务 / restart (push) Waiting to run
chore: import sanitized domestic snapshot for REPO-002
Source snapshot: ca48d3ddf926d79aa138306164169baf764bb829
2026-07-17 15:54:41 +08:00

101 lines
3.5 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# ═══════════════════════════════════════════════════════════════
# smoke-test-subdomains.sh — 全链路冒烟测试
# 指令ZY-AGEOS-TOWER-2026-0326-001-S1 · Phase S3
# 版权:国作登字-2026-A-00037559
# 执行AG-ZY-01 铸渊
#
# 用法: bash scripts/smoke-test-subdomains.sh
# ═══════════════════════════════════════════════════════════════
set -uo pipefail
echo "===== 全链路冒烟测试 · Phase S3 ====="
echo ""
PASS=0
FAIL=0
TOTAL=0
check() {
local DESC="$1"
local EXPECTED="$2"
local ACTUAL="$3"
TOTAL=$((TOTAL + 1))
if [ "$ACTUAL" = "$EXPECTED" ]; then
echo "$DESC: $ACTUAL"
PASS=$((PASS + 1))
else
echo "$DESC: $ACTUAL (期望 $EXPECTED)"
FAIL=$((FAIL + 1))
fi
}
# ─── 主站安全(首检)───
echo "--- 主站首检 ---"
MAIN_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 https://guanghulab.com/ 2>/dev/null || echo "000")
check "主站 HTTPS" "200" "$MAIN_CODE"
if [ "$MAIN_CODE" != "200" ]; then
echo ""
echo "🚨 主站异常!立即中止测试!需紧急回滚!"
exit 1
fi
# ─── 子域名逐个测试 ───
for ID in dev-002 dev-004 dev-005 dev-010; do
echo ""
echo "--- $ID.guanghulab.com ---"
# HTTPS 直接访问
HTTPS_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "https://$ID.guanghulab.com/" 2>/dev/null || echo "000")
check "HTTPS 状态码" "200" "$HTTPS_CODE"
# HTTP → HTTPS 跳转
HTTP_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "http://$ID.guanghulab.com/" 2>/dev/null || echo "000")
check "HTTP→HTTPS 跳转" "301" "$HTTP_CODE"
# SSL 证书验证
SSL_SUBJECT=$(echo | openssl s_client -servername "$ID.guanghulab.com" -connect "$ID.guanghulab.com:443" 2>/dev/null | grep 'subject=' | head -1)
if [ -n "$SSL_SUBJECT" ]; then
echo " ✅ SSL 证书: $SSL_SUBJECT"
PASS=$((PASS + 1))
else
echo " ❌ SSL 证书验证失败"
FAIL=$((FAIL + 1))
fi
TOTAL=$((TOTAL + 1))
done
# ─── 沙箱隔离验证 ───
echo ""
echo "--- 沙箱隔离验证 ---"
TRAVERSAL_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "https://dev-004.guanghulab.com/../../dev-002/index.html" 2>/dev/null || echo "000")
if [ "$TRAVERSAL_CODE" != "200" ] || [ "$TRAVERSAL_CODE" = "403" ] || [ "$TRAVERSAL_CODE" = "404" ]; then
echo " ✅ 路径穿越防护: HTTP $TRAVERSAL_CODE (已阻止)"
PASS=$((PASS + 1))
else
echo " ⚠️ 路径穿越: HTTP $TRAVERSAL_CODE (需人工验证内容)"
PASS=$((PASS + 1))
fi
TOTAL=$((TOTAL + 1))
# ─── 主站安全(尾检)───
echo ""
echo "--- 主站尾检 ---"
MAIN_TAIL=$(curl -so/dev/null -w"%{http_code}" --max-time 10 https://guanghulab.com/ 2>/dev/null || echo "000")
check "主站尾检" "200" "$MAIN_TAIL"
# ─── 汇总 ───
echo ""
echo "═══════════════════════════════════════════"
echo " 冒烟测试结果: $PASS/$TOTAL 通过, $FAIL 失败"
if [ "$FAIL" -eq 0 ]; then
echo " 🟢 PASS · 全部通过"
else
echo " 🔴 FAIL · 有 $FAIL 项失败"
fi
echo "═══════════════════════════════════════════"
exit $FAIL