81 lines
2.5 KiB
Markdown
81 lines
2.5 KiB
Markdown
# Demo Auth Routing Validation
|
|
|
|
## Scope
|
|
|
|
Validate centralized auth routing and per-host API routing for demo stacks.
|
|
|
|
## Prerequisites
|
|
|
|
- Caddy is running on the VPS.
|
|
- Demo stacks are running in Portainer.
|
|
- DNS records point to the VPS for all demo hosts.
|
|
|
|
## Caddy Validation
|
|
|
|
```bash
|
|
caddy validate --config /etc/caddy/Caddyfile
|
|
```
|
|
|
|
```bash
|
|
sudo systemctl reload caddy
|
|
```
|
|
|
|
## Host Health Checks
|
|
|
|
Run from any machine that can resolve public demo hosts:
|
|
|
|
```bash
|
|
curl -i https://auth.dream-views.com/health
|
|
curl -i https://furniture-display-demo.dream-views.com/
|
|
curl -i https://furniture-admin-demo.dream-views.com/
|
|
curl -i https://kitchen-ops-demo.dream-views.com/
|
|
curl -i https://waiter-floor-demo.dream-views.com/
|
|
curl -i https://customer-orders-demo.dream-views.com/
|
|
curl -i https://pos-transactions-demo.dream-views.com/
|
|
curl -i https://restaurant-admin-demo.dream-views.com/
|
|
```
|
|
|
|
## Identity Route Checks
|
|
|
|
```bash
|
|
curl -i https://furniture-display-demo.dream-views.com/api/identity/session/me
|
|
curl -i https://kitchen-ops-demo.dream-views.com/api/identity/session/me
|
|
curl -i https://restaurant-admin-demo.dream-views.com/api/identity/session/me
|
|
```
|
|
|
|
Expected outcomes:
|
|
- `200` when an authenticated session cookie is present.
|
|
- `401` when no session cookie is present.
|
|
- No `404` on identity paths.
|
|
|
|
## Domain API Route Checks
|
|
|
|
```bash
|
|
curl -i "https://furniture-display-demo.dream-views.com/api/furniture/demo-context/availability"
|
|
curl -i "https://kitchen-ops-demo.dream-views.com/api/kitchen/ops/board?contextId=demo-context"
|
|
curl -i "https://waiter-floor-demo.dream-views.com/api/waiter/floor/assignments?contextId=demo-context"
|
|
curl -i "https://customer-orders-demo.dream-views.com/api/customer/orders/status?contextId=demo-context"
|
|
curl -i "https://pos-transactions-demo.dream-views.com/api/pos/transactions/summary?contextId=demo-context"
|
|
curl -i "https://restaurant-admin-demo.dream-views.com/api/restaurant/admin/config?contextId=demo-context"
|
|
```
|
|
|
|
Expected outcomes:
|
|
- Routed to the corresponding domain BFF.
|
|
- No cross-domain path leakage.
|
|
|
|
## Callback Journey Check
|
|
|
|
1. Open one demo web host.
|
|
2. Start Google login.
|
|
3. Complete callback on `auth.dream-views.com`.
|
|
4. Confirm return to same-origin route defined by `THALOS_DEFAULT_RETURN_URL`.
|
|
|
|
Expected outcomes:
|
|
- Callback does not redirect to external origins.
|
|
- Session-enabled API calls succeed after login.
|
|
|
|
## Regression Guard
|
|
|
|
- Re-run smoke scripts for `greenfield/demo/furniture` and `greenfield/demo/restaurant` after routing changes.
|
|
- Re-check all web containers can still load runtime config values.
|