http://xstarcd.github.io/wiki/shell/siege.html https://coder.tw/?p=7198 ========== 很像REST Client 1. var = 兩邊不能有空白 EX: @9020_login = http://192.168.99.100:9020/login 9020_login=http://192.168.99.100:9020/login 2. 當有空白行時 EX: @_csrf1 = Gxa6Hip4-J_A3L2kpRc72Iclw_Ql8eIcQiTc @login_challenge = 394bab045e2e4a25be83fe207440787e 如果login_chanllenge是最後一個參數，要補上& _csrf1=Gxa6Hip4-J_A3L2kpRc72Iclw_Ql8eIcQiTc login_challenge=394bab045e2e4a25be83fe207440787e& siege會把CR當成參數內容傳送 ========== siege –help SIEGE 3.0.6 Usage: siege [options] siege [options] URL siege -g URL Options: -V, –version VERSION, prints the version number. -h, –help HELP, prints this section. -C, –config CONFIGURATION, show the current config. #在屏幕上打印显示出当前的配置,配置是包括在他的配置文件$HOME/.siegerc中, #可以编辑里面的参数,这样每次siege 都会按照它运行. -v, –verbose VERBOSE, prints notification to screen. #运行时能看到详细的运行信息 -q, –quiet QUIET turns verbose off and suppresses output. -g, –get GET, pull down HTTP headers and display the transaction. Great for application debugging. -c, –concurrent=NUM CONCURRENT users, default is 10 #模拟有n个用户在同时访问,n不要设得太大,因为越大,siege 消耗本地机器的资源越多 -i, –internet INTERNET user simulation, hits URLs randomly. #随机访问urls.txt中的url列表项,以此模拟真实的访问情况(随机性) -b, –benchmark BENCHMARK: no delays between requests. -t, –time=NUMm TIMED testing where “m” is modifier S, M, or H ex: –time=1H, one hour test. #持续运行siege ‘n’秒(如10S),分钟(10M),小时(10H) -r, –reps=NUM REPS, number of times to run the test. #重复运行测试n次,不能与 -t同时存在 -f, –file=FILE FILE, select a specific URLS FILE. #指定用urls文件,默认为siege安装目录下的etc/urls.txt #urls.txt文件：是很多行待测试URL的列表以换行符断开,格式为: #[protocol://]host.domain.com[:port][path/to/file] -R, –rc=FILE RC, specify an siegerc file #指定用特定的siege配置文件来运行,默认的为$HOME/.siegerc -l, –log[=FILE] LOG to FILE. If FILE is not specified, the default is used: PREFIX/var/siege.log #运行结束,将统计数据保存到日志文件siege.log中,可在.siegerc中自定义日志文件 -m, –mark=“text” MARK, mark the log file with a string. -d, –delay=NUM Time DELAY, random delay before each requst between 1 and NUM. (NOT COUNTED IN STATS) #hit每个url之间的延迟,在0-n之间 -H, –header=“text” Add a header to request (can be many) -A, –user-agent=“text” Sets User-Agent in request -T, –content-type=“text” Sets Content-Type in request ...

Windows Update chrome v75 > mkdir t > cd t > midir tests > npm install nightwatch --save-dev > npm install chromedriver --save-dev > nano nightwatch.js require('nightwatch/bin/runner.js'); > nano nightwatch.conf.js const chrome = require('chromedriver') module.exports = { src_folders: ['tests'], webdriver: { start_process: true, server_path: chrome.path, port: 9515, }, test_settings: { default: { desiredCapabilities: { browserName: 'chrome', }, }, }, } > nano tests/test.js module.exports = { 'step one: navigate to google' : function (browser) { for (var i = 0; i < 10; i += 1) { browser .url('https://t.tt:9010') .waitForElementVisible('body', 1000) .click('a') .waitForElementVisible('input[type=email]') .setValue('input[type=email]', 'foo@bar.com') .setValue('input[type=password]', 'foobar') .click('input[type=submit]', function(result) { this.assert.strictEqual(result.status, 0); }) .waitForElementVisible('input[type=checkbox]') .click('input[id=openid]') .click('input[id=offline]') .click('input[id=accept]', function(result) { this.assert.strictEqual(result.status, 0); }) } }, }; > node nightwatch.js tests/test.js

If you use consent website(official login&consent) run all step, routes/consent.js session part need remove mark, surely you can get session data. @token= xLPcJ3tobDqGUDxIVTxWt2p7w_odZSV22IAlUf5QPZU.YD6R_xKQ2ldCLbEV7mmc01E6ZLzemzdEC5H4-otTMPg ### userinfo GET https://openid.hydra:9001/userinfo Authorization: Bearer {{token}} ### introspect POST https://openid.hydra:9002/oauth2/introspect Content-Type: application/x-www-form-urlencoded token={{token}} &scope=openid+photos.read PS：&scope=openid+photos.read can remove. But you use REST Client need fix. Put session data by yourself. ### accept conent scope PUT https://192.168.99.100:9002/oauth2/auth/requests/consent/accept?consent_challenge={{consent_challenge}} Content-Type: application/json { "grant_scope": ["openid", "photos.read"], "session": { "access_token": { "foo": "bar" }, "id_token": { "baz": "bar" } } } Try and watch many document. Can’t get real why. Official Website no any discuss. ...

https://www.ory.sh/docs/next/hydra/oauth2#oauth-20-scope A OAuth 2.0 Scope is not a permission: A permission allows an actor to perform a certain action in a system: Bob is allowed to delete his own photos. OAuth 2.0 Scope implies that an end-user granted certain privileges to a client: Bob allowed the OAuth 2.0 Client to delete all users. The OAuth 2.0 Scope can be granted without the end-user actually having the right permissions. In the examples above, Bob granted an OAuth 2.0 Client the permission (“scope”) to delete all users in his name. However, since Bob is not an administrator, that permission (“access control”) is not actually granted to Bob. Therefore any request by the OAuth 2.0 Client that tries to delete users on behalf of Bob should fail. ...

hydra login consent node https://github.com/ory/hydra-login-consent-node When login success, context data be saved . Can use GET https://openid.hydra:9002/oauth2/auth/sessions/consent?subject=foo@bar.com HTTP/1.1 check by subject. routes/login.js hydra.acceptLoginRequest(challenge, { context: { "test1": "test1", "test2": { "test2i": "test2i"} }, Database keep context Table name: hydra_oauth2_consent_request save context data. Here is Postgresql (pg). ===== Postgresql command ==== 1. Login Postgresql (pg) docker psql hydra -U hydra #login pg (already in db cmd) \dt; select * from hydra_oauth2_consent_request; =============== userinfo =============== ...