marcel/familienarchiv
1
0
Fork 0
Code Issues 119 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
9a9e1c4c407f4d4c36fddd306a70d4586f3e5330
familienarchiv/backend/api_tests/Admin-Auth.http
Marcel cf457cb96f
Some checks failed
CI / Unit & Component Tests (pull_request) Failing after 2m32s
Details
CI / OCR Service Tests (pull_request) Successful in 26s
Details
CI / Backend Unit Tests (pull_request) Successful in 3m35s
Details
CI / fail2ban Regex (pull_request) Successful in 44s
Details
CI / Semgrep Security Scan (pull_request) Successful in 22s
Details
CI / Compose Bucket Idempotency (pull_request) Successful in 1m6s
Details
docs(document): ADR-031 + glossary/c4/api_tests for auto-title sync (#726) 
ADR-031 records the shared document-package title factory, the exact-match save-time
regeneration, and the grammar-heuristic one-time backfill (with the ReDoS / no-version-spam
/ file-replace-is-manual decisions). Adds an "auto-generated title" glossary entry, extends
the document-management c4 diagram with DocumentTitleFactory / DocumentTitleBackfillMatcher
and the backfill flows, and documents POST /api/admin/backfill-titles in Admin-Auth.http as
a one-shot ADMIN call hitting port 8080 directly.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-04 16:44:56 +02:00

45 lines
1.9 KiB
HTTP
Raw Blame History

### 1. Einen "Gast" User erstellen (Muss vom Admin gemacht werden)
# Wir lassen groupIds leer -> Der User hat KEINE Rechte
POST http://localhost:8080/api/admin/users
Authorization: Basic admin admin123
Content-Type: application/json
{
"username": "Gast_User",
"email": "gast@test.de",
"initialPassword": "gast",
"groupIds": []
}
### 2. POSITIV-TEST: Admin darf Admin-Endpunkt aufrufen -> Sollte 200 OK sein
GET http://localhost:8080/api/admin/users
Authorization: Basic admin admin123
### 3. NEGATIV-TEST: Gast darf KEINEN Admin-Endpunkt aufrufen -> Sollte 403 Forbidden sein
GET http://localhost:8080/api/admin/users
Authorization: Basic Gast_User gast
### 4. ABER: Gast darf normale Dokumenten-API nutzen (sofern er eingeloggt ist) -> 200 OK
GET http://localhost:8080/api/documents/upload
Authorization: Basic Gast_User gast
# (Gibt 405 Method Not Allowed zurück, weil es ein POST Endpunkt ist,
# aber das beweist, dass Auth geklappt hat. Bei Auth-Fehler käme 401/403)
###Groups
#GET
GET http://localhost:8080/api/admin/tags
Authorization: Basic admin admin123
### One-time backfill: re-sync already-stale auto-titles (#726)
# RUNBOOK: a one-shot ADMIN maintenance call, NOT part of normal operation. Run it ONCE
# after deploying #726 to clean the existing backlog of stale titles (e.g. a title still
# showing "2028" after the date was corrected to "1928"). It is synchronous and idempotent
# a second run returns {"count": 0} and writes nothing. Hit the backend DIRECTLY on
# port 8080 (NOT through the SvelteKit proxy) so the sweep can't trip the proxy timeout.
# Returns {"count": <documents rewritten>}.
POST http://localhost:8080/api/admin/backfill-titles
Authorization: Basic admin admin123
### NEGATIV-TEST: ein Nicht-Admin darf den Backfill NICHT auslösen -> 403 Forbidden
POST http://localhost:8080/api/admin/backfill-titles
Authorization: Basic Gast_User gast
Reference in New Issue View Git Blame Copy Permalink