@roomi-fields/notebooklm-mcp 1.5.0 → 1.5.1

package/deployment/scripts/test-cors.ps1

@@ -0,0 +1,398 @@
+#!/usr/bin/env pwsh
+#Requires -Version 5.1
+
+<#
+.SYNOPSIS
+    CORS configuration testing script for NotebookLM MCP HTTP Server API
+
+.DESCRIPTION
+    Tests CORS (Cross-Origin Resource Sharing) configuration:
+    - Default allowed origins (localhost ports)
+    - CORS headers in responses
+    - Preflight OPTIONS requests
+    - Origin header handling
+
+.PARAMETER BaseUrl
+    Base URL of the server (default: http://localhost:3000)
+
+.EXAMPLE
+    .\test-cors.ps1
+    Runs all CORS tests
+
+.NOTES
+    Prerequisite: The server must be started
+#>
+
+param(
+    [string]$BaseUrl = "http://localhost:3000"
+)
+
+# Colors for logs
+function Write-TestHeader {
+    param([string]$Message, [int]$Number, [int]$Total)
+    Write-Host "`n" -NoNewline
+    Write-Host "═══════════════════════════════════════════════════════" -ForegroundColor Magenta
+    Write-Host " [$Number/$Total] $Message" -ForegroundColor Cyan
+    Write-Host "═══════════════════════════════════════════════════════" -ForegroundColor Magenta
+}
+
+function Write-Success {
+    param([string]$Message)
+    Write-Host "✓ $Message" -ForegroundColor Green
+}
+
+function Write-Info {
+    param([string]$Message)
+    Write-Host "ℹ $Message" -ForegroundColor Yellow
+}
+
+function Write-ErrorUnexpected {
+    param([string]$Message)
+    Write-Host "✗ $Message" -ForegroundColor Red
+}
+
+# Banner
+Clear-Host
+Write-Host "`n" -NoNewline
+Write-Host "╔════════════════════════════════════════════════════════╗" -ForegroundColor Magenta
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "║         CORS CONFIGURATION TESTS - HTTP API            ║" -ForegroundColor Cyan
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "╚════════════════════════════════════════════════════════╝" -ForegroundColor Magenta
+Write-Host ""
+
+# Check that the server is accessible
+Write-Host "Checking connection to server..." -ForegroundColor Yellow
+try {
+    $null = Invoke-RestMethod -Uri "$BaseUrl/health" -TimeoutSec 5
+    Write-Success "Server accessible at $BaseUrl"
+} catch {
+    Write-ErrorUnexpected "Unable to connect to server at $BaseUrl"
+    Write-Host "Make sure the server is started" -ForegroundColor Yellow
+    exit 1
+}
+
+$TotalTests = 10
+$PassedTests = 0
+$FailedTests = 0
+
+# =============================================================================
+# TEST 1: Request without Origin header (should work)
+# =============================================================================
+Write-TestHeader "Request without Origin header (same-origin)" 1 $TotalTests
+
+try {
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -TimeoutSec 10
+
+    if ($response.StatusCode -eq 200) {
+        Write-Success "Request without Origin header accepted"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Unexpected status code: $($response.StatusCode)"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 2: Request with allowed Origin (localhost:3000)
+# =============================================================================
+Write-TestHeader "Request with allowed Origin: localhost:3000" 2 $TotalTests
+
+try {
+    $headers = @{ "Origin" = "http://localhost:3000" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader -eq "http://localhost:3000" -or $corsHeader -eq "*") {
+        Write-Success "CORS header returned for allowed origin"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Missing or incorrect CORS header: $corsHeader"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 3: Request with allowed Origin (localhost:5678 - n8n)
+# =============================================================================
+Write-TestHeader "Request with allowed Origin: localhost:5678 (n8n)" 3 $TotalTests
+
+try {
+    $headers = @{ "Origin" = "http://localhost:5678" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader -eq "http://localhost:5678" -or $corsHeader -eq "*") {
+        Write-Success "CORS header returned for n8n origin"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Missing or incorrect CORS header: $corsHeader"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 4: Request with allowed Origin (127.0.0.1:3000)
+# =============================================================================
+Write-TestHeader "Request with allowed Origin: 127.0.0.1:3000" 4 $TotalTests
+
+try {
+    $headers = @{ "Origin" = "http://127.0.0.1:3000" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader -eq "http://127.0.0.1:3000" -or $corsHeader -eq "*") {
+        Write-Success "CORS header returned for 127.0.0.1 origin"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Missing or incorrect CORS header: $corsHeader"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 5: Request with blocked Origin (external domain)
+# =============================================================================
+Write-TestHeader "Request with external Origin (should be blocked)" 5 $TotalTests
+
+try {
+    $headers = @{ "Origin" = "https://malicious-site.com" }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Get -Headers $headers -TimeoutSec 10
+
+    # Request should still succeed (CORS is browser-enforced), but check header
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+
+    if ($null -eq $corsHeader -or $corsHeader -eq "") {
+        Write-Success "External origin correctly blocked (no CORS header)"
+        $PassedTests++
+    } elseif ($corsHeader -eq "https://malicious-site.com") {
+        Write-ErrorUnexpected "External origin was allowed! Security issue."
+        $FailedTests++
+    } else {
+        Write-Info "Response received, CORS header: $corsHeader"
+        # If wildcard is configured, this is expected
+        if ($corsHeader -eq "*") {
+            Write-Info "Wildcard CORS configured (intentional?)"
+        }
+        $PassedTests++
+    }
+} catch {
+    # If blocked at server level, that's also acceptable
+    Write-Success "External origin request handled"
+    $PassedTests++
+}
+
+# =============================================================================
+# TEST 6: OPTIONS preflight request
+# =============================================================================
+Write-TestHeader "OPTIONS preflight request" 6 $TotalTests
+
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Method" = "POST"
+        "Access-Control-Request-Headers" = "Content-Type"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+
+    if ($response.StatusCode -eq 200 -or $response.StatusCode -eq 204) {
+        $allowMethods = $response.Headers["Access-Control-Allow-Methods"]
+        $allowHeaders = $response.Headers["Access-Control-Allow-Headers"]
+
+        Write-Success "Preflight request successful (status: $($response.StatusCode))"
+        if ($allowMethods) { Write-Info "Allow-Methods: $allowMethods" }
+        if ($allowHeaders) { Write-Info "Allow-Headers: $allowHeaders" }
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Unexpected status code: $($response.StatusCode)"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Preflight request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 7: CORS headers include required methods
+# =============================================================================
+Write-TestHeader "CORS allows required HTTP methods" 7 $TotalTests
+
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Method" = "DELETE"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+
+    $allowMethods = $response.Headers["Access-Control-Allow-Methods"]
+
+    if ($allowMethods) {
+        $requiredMethods = @("GET", "POST", "PUT", "DELETE")
+        $allPresent = $true
+
+        foreach ($method in $requiredMethods) {
+            if ($allowMethods -notlike "*$method*") {
+                Write-Info "Missing method: $method"
+                $allPresent = $false
+            }
+        }
+
+        if ($allPresent) {
+            Write-Success "All required HTTP methods allowed"
+            Write-Info "Methods: $allowMethods"
+            $PassedTests++
+        } else {
+            Write-ErrorUnexpected "Some required methods missing"
+            $FailedTests++
+        }
+    } else {
+        Write-ErrorUnexpected "No Access-Control-Allow-Methods header"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 8: CORS allows Content-Type header
+# =============================================================================
+Write-TestHeader "CORS allows Content-Type header" 8 $TotalTests
+
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Headers" = "Content-Type"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+
+    $allowHeaders = $response.Headers["Access-Control-Allow-Headers"]
+
+    if ($allowHeaders -and $allowHeaders -like "*Content-Type*") {
+        Write-Success "Content-Type header allowed"
+        Write-Info "Allowed headers: $allowHeaders"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Content-Type not in allowed headers: $allowHeaders"
+        $FailedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# TEST 9: POST request with Origin header
+# =============================================================================
+Write-TestHeader "POST /ask with Origin header" 9 $TotalTests
+
+try {
+    $headers = @{ "Origin" = "http://localhost:5678" }
+    $body = @{ question = "test" } | ConvertTo-Json
+
+    # This will likely fail due to auth, but we're testing CORS
+    $response = Invoke-WebRequest -Uri "$BaseUrl/ask" -Method Post -Headers $headers -Body $body -ContentType "application/json" -TimeoutSec 10
+
+    $corsHeader = $response.Headers["Access-Control-Allow-Origin"]
+    if ($corsHeader) {
+        Write-Success "CORS header present on POST response"
+        Write-Info "Access-Control-Allow-Origin: $corsHeader"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "No CORS header on POST response"
+        $FailedTests++
+    }
+} catch {
+    # Check if CORS headers are present even on error responses
+    $errorResponse = $_.Exception.Response
+    if ($errorResponse) {
+        # PowerShell doesn't easily expose headers on error responses
+        # Consider this passed if we got a proper HTTP response
+        Write-Success "POST request handled (CORS checked at browser level)"
+        $PassedTests++
+    } else {
+        Write-ErrorUnexpected "Request failed completely: $($_.Exception.Message)"
+        $FailedTests++
+    }
+}
+
+# =============================================================================
+# TEST 10: CORS allows Authorization header
+# =============================================================================
+Write-TestHeader "CORS allows Authorization header" 10 $TotalTests
+
+try {
+    $headers = @{
+        "Origin" = "http://localhost:3000"
+        "Access-Control-Request-Headers" = "Authorization"
+    }
+    $response = Invoke-WebRequest -Uri "$BaseUrl/health" -Method Options -Headers $headers -TimeoutSec 10
+
+    $allowHeaders = $response.Headers["Access-Control-Allow-Headers"]
+
+    if ($allowHeaders -and $allowHeaders -like "*Authorization*") {
+        Write-Success "Authorization header allowed"
+        Write-Info "Allowed headers: $allowHeaders"
+        $PassedTests++
+    } else {
+        Write-Info "Authorization not explicitly listed (may still work)"
+        # Not critical - some setups don't need Authorization header
+        $PassedTests++
+    }
+} catch {
+    Write-ErrorUnexpected "Request failed: $($_.Exception.Message)"
+    $FailedTests++
+}
+
+# =============================================================================
+# FINAL SUMMARY
+# =============================================================================
+Write-Host "`n" -NoNewline
+Write-Host "╔════════════════════════════════════════════════════════╗" -ForegroundColor Magenta
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "║              CORS TEST SUMMARY                         ║" -ForegroundColor Cyan
+Write-Host "║                                                        ║" -ForegroundColor Magenta
+Write-Host "╚════════════════════════════════════════════════════════╝" -ForegroundColor Magenta
+Write-Host ""
+
+$TotalExecuted = $PassedTests + $FailedTests
+$SuccessRate = if ($TotalExecuted -gt 0) { [math]::Round(($PassedTests / $TotalExecuted) * 100, 1) } else { 0 }
+
+Write-Host "Total tests: $TotalTests" -ForegroundColor White
+Write-Host "Tests passed: " -NoNewline -ForegroundColor White
+Write-Host "$PassedTests" -ForegroundColor Green
+Write-Host "Tests failed: " -NoNewline -ForegroundColor White
+Write-Host "$FailedTests" -ForegroundColor $(if($FailedTests -gt 0){"Red"}else{"Green"})
+Write-Host "Success rate: " -NoNewline -ForegroundColor White
+Write-Host "$SuccessRate%" -ForegroundColor $(if($SuccessRate -eq 100){"Green"}elseif($SuccessRate -ge 80){"Yellow"}else{"Red"})
+
+Write-Host ""
+
+if ($FailedTests -eq 0) {
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Green
+    Write-Host "  ✓ ALL CORS CONFIGURATION TESTS PASSED!" -ForegroundColor Green
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Green
+    exit 0
+} else {
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Yellow
+    Write-Host "  ⚠ SOME CORS TESTS FAILED" -ForegroundColor Yellow
+    Write-Host "════════════════════════════════════════════════════════" -ForegroundColor Yellow
+    Write-Host ""
+    Write-Host "See details above to identify the issues." -ForegroundColor Yellow
+    exit 1
+}