mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2025-12-18 02:23:06 +08:00
06bf79b19b
- Add API key authentication middleware with multiple auth methods (Bearer, X-API-Key, query param) - Add /health endpoint with server status, queue info, device info, and VRAM stats - Add CLI arguments --api-key and --api-key-file for authentication configuration - Static files and WebSocket connections exempt from authentication - Fully backward compatible - no authentication required by default - Add comprehensive documentation, examples, and test scripts
129 lines
4.1 KiB
Bash
129 lines
4.1 KiB
Bash
#!/bin/bash
|
|
|
|
# Quick Test Script for ComfyUI API Authentication
|
|
# This script tests that authentication is working correctly
|
|
|
|
set -e
|
|
|
|
API_KEY="test-key-123"
|
|
BASE_URL="http://localhost:8188"
|
|
|
|
echo "================================================"
|
|
echo "ComfyUI API Authentication Test"
|
|
echo "================================================"
|
|
echo ""
|
|
echo "IMPORTANT: Make sure ComfyUI is running with:"
|
|
echo " python main.py --api-key \"$API_KEY\""
|
|
echo ""
|
|
echo "Press Enter to continue or Ctrl+C to cancel..."
|
|
read
|
|
|
|
echo ""
|
|
echo "================================================"
|
|
echo "Test 1: Health endpoint (should work without auth)"
|
|
echo "================================================"
|
|
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" "$BASE_URL/health")
|
|
status=$(echo "$response" | grep HTTP_STATUS | cut -d: -f2)
|
|
body=$(echo "$response" | sed '/HTTP_STATUS/d')
|
|
|
|
echo "Status: $status"
|
|
if [ "$status" = "200" ]; then
|
|
echo "✓ PASS - Health endpoint accessible without auth"
|
|
else
|
|
echo "✗ FAIL - Health endpoint should return 200"
|
|
fi
|
|
echo ""
|
|
|
|
echo "================================================"
|
|
echo "Test 2: Protected endpoint without auth (should fail)"
|
|
echo "================================================"
|
|
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" "$BASE_URL/object_info")
|
|
status=$(echo "$response" | grep HTTP_STATUS | cut -d: -f2)
|
|
body=$(echo "$response" | sed '/HTTP_STATUS/d')
|
|
|
|
echo "Status: $status"
|
|
if [ "$status" = "401" ]; then
|
|
echo "✓ PASS - Correctly rejected without auth"
|
|
echo "Response: $body"
|
|
else
|
|
echo "✗ FAIL - Should return 401 Unauthorized"
|
|
echo "Response: $body"
|
|
fi
|
|
echo ""
|
|
|
|
echo "================================================"
|
|
echo "Test 3: Protected endpoint with wrong key (should fail)"
|
|
echo "================================================"
|
|
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" \
|
|
-H "Authorization: Bearer wrong-key-456" \
|
|
"$BASE_URL/object_info")
|
|
status=$(echo "$response" | grep HTTP_STATUS | cut -d: -f2)
|
|
body=$(echo "$response" | sed '/HTTP_STATUS/d')
|
|
|
|
echo "Status: $status"
|
|
if [ "$status" = "401" ]; then
|
|
echo "✓ PASS - Correctly rejected wrong key"
|
|
echo "Response: $body"
|
|
else
|
|
echo "✗ FAIL - Should return 401 Unauthorized"
|
|
echo "Response: $body"
|
|
fi
|
|
echo ""
|
|
|
|
echo "================================================"
|
|
echo "Test 4: Protected endpoint with correct key (should work)"
|
|
echo "================================================"
|
|
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" \
|
|
-H "Authorization: Bearer $API_KEY" \
|
|
"$BASE_URL/object_info")
|
|
status=$(echo "$response" | grep HTTP_STATUS | cut -d: -f2)
|
|
body=$(echo "$response" | sed '/HTTP_STATUS/d')
|
|
|
|
echo "Status: $status"
|
|
if [ "$status" = "200" ]; then
|
|
echo "✓ PASS - Successfully authenticated"
|
|
else
|
|
echo "✗ FAIL - Should return 200 OK"
|
|
echo "Response: $body"
|
|
fi
|
|
echo ""
|
|
|
|
echo "================================================"
|
|
echo "Test 5: X-API-Key header method (should work)"
|
|
echo "================================================"
|
|
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" \
|
|
-H "X-API-Key: $API_KEY" \
|
|
"$BASE_URL/embeddings")
|
|
status=$(echo "$response" | grep HTTP_STATUS | cut -d: -f2)
|
|
body=$(echo "$response" | sed '/HTTP_STATUS/d')
|
|
|
|
echo "Status: $status"
|
|
if [ "$status" = "200" ]; then
|
|
echo "✓ PASS - X-API-Key header works"
|
|
else
|
|
echo "✗ FAIL - Should return 200 OK"
|
|
echo "Response: $body"
|
|
fi
|
|
echo ""
|
|
|
|
echo "================================================"
|
|
echo "Test 6: Query parameter method (should work)"
|
|
echo "================================================"
|
|
response=$(curl -s -w "\nHTTP_STATUS:%{http_code}" \
|
|
"$BASE_URL/embeddings?api_key=$API_KEY")
|
|
status=$(echo "$response" | grep HTTP_STATUS | cut -d: -f2)
|
|
body=$(echo "$response" | sed '/HTTP_STATUS/d')
|
|
|
|
echo "Status: $status"
|
|
if [ "$status" = "200" ]; then
|
|
echo "✓ PASS - Query parameter works"
|
|
else
|
|
echo "✗ FAIL - Should return 200 OK"
|
|
echo "Response: $body"
|
|
fi
|
|
echo ""
|
|
|
|
echo "================================================"
|
|
echo "All tests completed!"
|
|
echo "================================================"
|