test: Add 3 and update 5 files

.gitignore

@@ -59,3 +59,7 @@ Thumbs.db
 
 # Log files
 *.log
+
+# Test configuration files (contain sensitive tokens)
+testing/sos_config.json
+sos_config.json

testing/README.md

@@ -0,0 +1,67 @@
+# Testing Documentation
+
+## Security Note
+
+Authentication tokens are now generated dynamically for each test run to prevent hardcoded credentials in the repository.
+
+## Configuration
+
+### Automatic Token Generation
+
+The test scripts automatically generate secure random tokens before each test run using `generate_test_config.sh`. This ensures:
+- No hardcoded tokens in version control
+- Different tokens for each test run
+- Cryptographically secure random token generation
+
+### Manual Configuration
+
+If you need to manually create a configuration:
+
+1. Copy the example template:
+   ```bash
+   cp sos_config.json.example sos_config.json
+   ```
+
+2. Replace the placeholder tokens with secure values:
+   ```bash
+   # Generate secure tokens
+   openssl rand -base64 32
+   ```
+
+3. Update the `sos_config.json` file with your generated tokens
+
+### Test Scripts
+
+- `test.sh` - Main integration test suite (randomly selects from available tokens)
+- `test_1GB_file_upload.sh` - Large file upload test (randomly selects from available tokens)
+- `test-docker.sh` - Docker-based test runner (generates config automatically)
+- `generate_test_config.sh` - Generates test configuration with random tokens
+
+### Token Selection
+
+Test scripts randomly select one of the available tokens for each test run, ensuring all tokens are exercised during testing.
+
+## Running Tests
+
+### Local Testing
+```bash
+./test.sh http://localhost:7703
+```
+
+### Docker Testing
+```bash
+./test-docker.sh
+```
+
+The Docker test automatically:
+1. Builds the application
+2. Generates random test tokens
+3. Runs the full test suite
+4. Cleans up containers
+
+## Security Best Practices
+
+1. **Never commit `sos_config.json`** - It's in `.gitignore` for security
+2. **Use strong tokens in production** - At least 32 characters of random data
+3. **Rotate tokens regularly** - Generate new tokens periodically
+4. **Store tokens securely** - Use environment variables or secure vaults in production

testing/generate_test_config.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Generate secure random tokens and create test configuration
+# This script generates a new sos_config.json with random tokens for each test run
+
+set -euo pipefail
+
+SCRIPT_DIR=$(dirname "$0")
+CONFIG_FILE="${SCRIPT_DIR}/sos_config.json"
+
+# Function to generate a secure random token
+generate_token() {
+    # Generate 32 bytes of random data and encode as base64
+    # Remove non-alphanumeric characters for simplicity
+    openssl rand -base64 32 | tr -d '/+=' | cut -c1-32
+}
+
+# Generate 3 random tokens
+TOKEN1=$(generate_token)
+TOKEN2=$(generate_token)
+TOKEN3=$(generate_token)
+
+# Create the configuration file
+cat > "${CONFIG_FILE}" << EOF
+{
+    "write_tokens": [
+        "${TOKEN1}",
+        "${TOKEN2}",
+        "${TOKEN3}"
+    ],
+    "rate_limiting": {
+        "auth_rate_limit": 5,
+        "auth_window_seconds": 2
+    },
+    "port": 7703,
+    "host": "127.0.0.1"
+}
+EOF
+
+# Export tokens as environment variables for scripts that need them
+export TEST_TOKEN1="${TOKEN1}"
+export TEST_TOKEN2="${TOKEN2}"
+export TEST_TOKEN3="${TOKEN3}"
+
+echo "Generated test configuration with random tokens:"
+echo "  Token 1: ${TOKEN1:0:8}..." # Show only first 8 chars for security
+echo "  Token 2: ${TOKEN2:0:8}..."
+echo "  Token 3: ${TOKEN3:0:8}..."
+echo "Configuration written to: ${CONFIG_FILE}"

testing/sos_config.json

@@ -1,8 +1,8 @@
 {
     "write_tokens": [
-        "fizzle1",
+        "9GRlhm5ec41NpvBG9L20XwsgCUa2GK25",
-        "fizzle2",
+        "bOlKl2eSDDtxXdCBlW7HX9fvBHi2VhMU",
-        "fizzle3"
+        "n9EgiBWLKmWKTAQyG85VgNYqvF0uRPzR"
     ],
     "rate_limiting": {
         "auth_rate_limit": 5,

testing/sos_config.json.example

@@ -0,0 +1,19 @@
+{
+    "write_tokens": [
+        "REPLACE_WITH_SECURE_TOKEN_1",
+        "REPLACE_WITH_SECURE_TOKEN_2",
+        "REPLACE_WITH_SECURE_TOKEN_3"
+    ],
+    "rate_limiting": {
+        "auth_rate_limit": 5,
+        "auth_window_seconds": 300
+    },
+    "port": 7703,
+    "host": "127.0.0.1",
+    "cors": {
+        "allowed_origins": ["https://yourdomain.com"],
+        "allowed_methods": ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+        "allowed_headers": ["Content-Type", "Authorization"],
+        "allow_credentials": false
+    }
+}

testing/test-docker.sh

@@ -49,6 +49,11 @@ title "Building"
 ${SCRIPT_DIR}/../build.sh
 
 
+#------------------------------------------------------------------------------------------------
+# Generate test configuration with random tokens
+title "Generating test configuration"
+${SCRIPT_DIR}/generate_test_config.sh
+
 #------------------------------------------------------------------------------------------------
 # run the docker container
 title "Running docker container"

testing/test.sh

@@ -62,8 +62,11 @@ function test0() {
     fi
     CONFIG=$(cat "${CONFIG_PATH}")
 
-    # extract the first write token from the config
+    # randomly select one of the available write tokens from the config
-    WRITE_TOKEN=$(echo "$CONFIG" | jq -r '.write_tokens[0]')
+    TOKEN_COUNT=$(echo "$CONFIG" | jq -r '.write_tokens | length')
+    RANDOM_INDEX=$((RANDOM % TOKEN_COUNT))
+    WRITE_TOKEN=$(echo "$CONFIG" | jq -r ".write_tokens[$RANDOM_INDEX]")
+    echo "Using token index $RANDOM_INDEX out of $TOKEN_COUNT available tokens"
 
     BASE_TAG="autotest"
 

testing/test_1GB_file_upload.sh

@@ -22,8 +22,11 @@ echo "Original hash: $ORIGINAL_HASH"
 HOST=$(echo "$CONFIG" | jq -r '.host')
 PORT=$(echo "$CONFIG" | jq -r '.port')
 
-# extract the first write token from the config
+# randomly select one of the available write tokens from the config
-WRITE_TOKEN=$(echo "$CONFIG" | jq -r '.write_tokens[0]')
+TOKEN_COUNT=$(echo "$CONFIG" | jq -r '.write_tokens | length')
+RANDOM_INDEX=$((RANDOM % TOKEN_COUNT))
+WRITE_TOKEN=$(echo "$CONFIG" | jq -r ".write_tokens[$RANDOM_INDEX]")
+echo "Using token index $RANDOM_INDEX out of $TOKEN_COUNT available tokens"
 
 # Upload the file
 echo "Uploading file..."