#!/bin/bash
# =====================================================================
# csp-hash-test.sh - Test the CSP hash update process
# =====================================================================
# This script checks if the CSP hash update process is working properly
# =====================================================================

# Check if base URL is provided
if [ -z "$1" ]; then
  BASE_URL="http://localhost:8080"
else
  BASE_URL="$1"
fi

echo "=== Testing CSP Hash Update Process ==="
echo "Using base URL: $BASE_URL"

# Array to track failures
FAILURES=0

# Check if the CSP headers are present
echo "Checking if CSP headers are present..."
RESPONSE=$(curl -s -I "$BASE_URL/")
if echo "$RESPONSE" | grep -q "Content-Security-Policy"; then
    echo "✅ CSP header found in response"
else
    echo "❌ CSP header not found in response"
    FAILURES=$((FAILURES+1))
fi

# Check if the CSP header contains the required directives
echo "Checking if CSP header contains required directives..."
CSP_HEADER=$(curl -s -I "$BASE_URL/" | grep -i "Content-Security-Policy" | sed 's/.*: //')

for directive in "default-src" "script-src" "style-src" "img-src" "font-src" "connect-src" "object-src" "frame-ancestors" "base-uri" "form-action"; do
    if echo "$CSP_HEADER" | grep -q "$directive"; then
        echo "✅ CSP header contains $directive directive"
    else
        echo "❌ CSP header does not contain $directive directive"
        FAILURES=$((FAILURES+1))
    fi
done

# Check if JavaScript files have integrity attributes
echo "Checking if JavaScript files have integrity attributes..."
for js_file in "theme.js" "includes.js"; do
    HTML=$(curl -s "$BASE_URL/")
    if echo "$HTML" | grep -q "$js_file.*integrity"; then
        echo "✅ $js_file has integrity attribute"
    else
        echo "❌ $js_file does not have integrity attribute"
        FAILURES=$((FAILURES+1))
    fi
done

# Check if CSS files have integrity attributes
echo "Checking if CSS files have integrity attributes..."
HTML=$(curl -s "$BASE_URL/")
if echo "$HTML" | grep -q "styles.css.*integrity"; then
    echo "✅ styles.css has integrity attribute"
else
    echo "❌ styles.css does not have integrity attribute"
    FAILURES=$((FAILURES+1))
fi

# Check if HTML files have CSP meta tags
echo "Checking if HTML files have CSP meta tags..."
HTML=$(curl -s "$BASE_URL/")
if echo "$HTML" | grep -q '<meta http-equiv="Content-Security-Policy"'; then
    echo "✅ HTML file has CSP meta tag"
else
    echo "❌ HTML file does not have CSP meta tag"
    FAILURES=$((FAILURES+1))
fi

# Check if the update-csp-hashes.sh script exists
echo "Checking if update-csp-hashes.sh script exists..."
if [ -f "$(pwd)/docker/resume/update-csp-hashes.sh" ]; then
    echo "✅ update-csp-hashes.sh script exists"
else
    echo "❌ update-csp-hashes.sh script does not exist"
    FAILURES=$((FAILURES+1))
fi

# Check if any failures occurred
if [ "$FAILURES" -eq 0 ]; then
    echo "=== All CSP Hash Tests Passed ==="
    exit 0
else
    echo "=== CSP Hash Tests Failed: $FAILURES failures ==="
    exit 1
fi