ShopTRAINING/test/测试API路径CORS.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
专门测试/api路径的CORS配置
"""

import requests
import json

def test_api_cors():
    """测试/api路径的CORS配置"""
    
    api_base = "http://127.0.0.1:5000"
    frontend_origin = "http://localhost:5174"  # 实际的前端地址
    
    print("🔍 测试/api路径CORS配置")
    print(f"📍 API地址: {api_base}")
    print(f"🌐 前端来源: {frontend_origin}")
    print("=" * 60)
    
    # 测试端点列表
    test_endpoints = [
        "/api/health",
        "/api/stores", 
        "/api/products",
        "/api/training",
        "/api/cors-test"
    ]
    
    for endpoint in test_endpoints:
        print(f"\n📋 测试端点: {endpoint}")
        print("-" * 40)
        
        # 模拟前端请求的头部
        headers = {
            "Origin": frontend_origin,
            "Referer": f"{frontend_origin}/",
            "Accept": "application/json",
            "Content-Type": "application/json",
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
        }
        
        try:
            # 1. OPTIONS预检请求
            print("  1️⃣ OPTIONS预检请求...")
            options_resp = requests.options(
                f"{api_base}{endpoint}",
                headers=headers,
                timeout=5
            )
            
            print(f"     状态码: {options_resp.status_code}")
            cors_headers = {
                "Allow-Origin": options_resp.headers.get("Access-Control-Allow-Origin", "❌ 缺失"),
                "Allow-Methods": options_resp.headers.get("Access-Control-Allow-Methods", "❌ 缺失"),
                "Allow-Headers": options_resp.headers.get("Access-Control-Allow-Headers", "❌ 缺失")
            }
            
            for header, value in cors_headers.items():
                print(f"     {header}: {value}")
            
            # 2. 实际GET请求
            print("  2️⃣ GET请求...")
            get_resp = requests.get(
                f"{api_base}{endpoint}",
                headers=headers,
                timeout=5
            )
            
            print(f"     状态码: {get_resp.status_code}")
            print(f"     Allow-Origin: {get_resp.headers.get('Access-Control-Allow-Origin', '❌ 缺失')}")
            
            # 检查是否成功
            has_cors = get_resp.headers.get('Access-Control-Allow-Origin') == '*'
            if get_resp.status_code == 200 and has_cors:
                print(f"  ✅ {endpoint} CORS配置正确")
            else:
                print(f"  ❌ {endpoint} CORS配置有问题")
                
        except requests.exceptions.ConnectionError:
            print(f"  ❌ 连接失败 - API服务器未启动")
            break
        except Exception as e:
            print(f"  ❌ 测试失败: {e}")
    
    # 特别测试一个有问题的端点
    print(f"\n🔥 深度测试 /api/stores")
    print("=" * 60)
    
    try:
        # 完整模拟浏览器行为
        session = requests.Session()
        session.headers.update({
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
            "Accept": "application/json, text/plain, */*",
            "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8",
            "Accept-Encoding": "gzip, deflate, br",
            "Origin": frontend_origin,
            "Referer": f"{frontend_origin}/"
        })
        
        # 发送请求
        response = session.get(f"{api_base}/api/stores")
        
        print(f"状态码: {response.status_code}")
        print(f"响应头:")
        for header, value in response.headers.items():
            if 'cors' in header.lower() or 'access-control' in header.lower():
                print(f"  {header}: {value}")
        
        if response.status_code == 200:
            print(f"响应数据: {response.text[:100]}...")
            
    except Exception as e:
        print(f"深度测试失败: {e}")
    
    print("\n" + "=" * 60)
    print("💡 测试总结:")
    print("   - 如果看到所有端点都有 'Access-Control-Allow-Origin: *'，CORS配置正确")
    print("   - 如果仍有错误，请重启API服务器")
    print(f"   - 确保前端在 {frontend_origin} 运行")

if __name__ == "__main__":
    test_api_cors()