Here, I am presenting the documentation with a detailed use guide for the custom Express.js server created as a source for Postman API testing, and all of that is integrated with Github Actions to run it automatically. You may check out the repository here: https://github.com/NoToolsNoCraft/Security-Test-with-Express-Postman
To set up an environment to run this Express.js application, follow these steps:
Setting up Express in Visual Studio Code
1. Install Node.js
Before running this application, make sure you have Node.js installed on your machine. If you don’t have it, download and install it from the official Node.js website.
2. Set Up a New Project
- Create a new directory for your project:
dir my-express-app cd my-express-app - Initialize a new Node.js project:
npm init -y
This will generate apackage.jsonfile with default values.
3. Install Required Dependencies
This code uses Express.js, express-rate-limit, helmet, and cors, which need to be installed as dependencies.
Run the following command to install them:
npm install express express-rate-limit helmet cors4. Create the Application File
Create a file named app.js (or another name of your choice) and paste your provided Express.js code into it.
touch app.jsAlternatively, just create the app.js file manually.
5. Run the Application
Once you have created the application file, you can run it by executing the following command in your terminal:
node app.jsThe terminal should output something like this, indicating that the server is running:
Server running on port 30016. Test the Application
Now that your server is running, you can test the routes in your application using a tool like Postman or Curl.
- GET request: Test with an admin role header to retrieve all users:
- URL:
http://localhost:3001/ - Headers:
- Key:
role - Value:
admin
- Key:
- Method:
GET
- URL:
- POST request: Send data to update or add users.
- URL:
http://localhost:3001/update - Method:
POST - Body: (JSON, for example)
[ { "id": 4, "username": "newUser", "email": "[email protected]", "role": "user", "active": true } ]
- URL:
- PUT request: Update a user by ID.
- URL:
http://localhost:3001/update/4 - Method:
PUT - Body: (JSON)
{ "username": "updatedUser", "email": "[email protected]" }
- URL:
- DELETE request: Delete a user by ID.
- URL:
http://localhost:3001/delete/4 - Method:
DELETE
- URL:
7. Accessing the Application
Your application should be accessible at:
http://localhost:3001/Postman Test Documentation: Security Test
Overview
This documentation provides an overview of the Postman test collection titled “Security Test.” The collection consists of several test cases designed to validate the functionality of an API by checking responses, testing user data integrity, and verifying updates to user data. Each test case is described in detail below.
1. Initial Request / Admin
Request Details
- Method: GET
- URL:
http://localhost:3001/ - Headers:
- Key:
role - Value:
admin
- Key:
Tests
- Status Code: Validates that the response status code is
200. - Role Validation: Checks if the
roleheader is set toadmin. - Initial Users Validation: Confirms the presence of exactly three initial users:
adminUserregularUserguestUser
2. Add a New Item
Request Details
- Method: POST
- URL:
http://localhost:3001/update - Headers: None
- Body (JSON):
[ { "id": 4, "username": "newUser", "email": "[email protected]", "role": "user", "active": true } ]
Tests
- Status Code: Validates that the response status code is
200. - Success Message: Ensures the response contains the message:
"Users processed successfully". - User Addition: Verifies that the new user is added with the correct details:
username:newUseremail:[email protected]role:user
3. Check if the New Item Has Been Added
Request Details
- Method: GET
- URL:
http://localhost:3001/ - Headers:
- Key:
role - Value:
admin
- Key:
Tests
- New User Verification: Confirms that the new user (
id: 4) exists in the list of users with the following details:username:newUseremail:[email protected]role:useractive:true
4. Change Data Inside a Single Item
Request Details
- Method: PUT
- URL:
http://localhost:3001/update/4 - Headers: None
- Body (JSON):
{ "username": "Newly Updated Username", "email": "[email protected]" }
Tests
- Status Code: Validates that the response status code is
200. - Success Message: Ensures the response contains the message:
"User updated successfully". - User Update: Verifies that the user’s details are updated correctly:
username:Newly Updated Usernameemail:[email protected]
5. Check if the PUT Request Changes Applied
Request Details
- Method: GET
- URL:
http://localhost:3001/ - Headers:
- Key:
role - Value:
admin
- Key:
Tests
- Status Code: Validates that the response status code is
200. - User Update Verification: Confirms that the user with
id: 4has the updated details:username:Newly Updated Usernameemail:[email protected]
6. Delete the previously created item
Request Details
- Method: DELETE
- URL:
http://localhost:3001/delete/4
Tests
- Status Code: Validates that the response status code is
200. - Success Message: Ensures the response contains the message:
"User deleted successfully".
7. Check if the item was successfully deleted
Request Details
- Method: GET
- URL:
http://localhost:3001/ - Headers:
- Key:
role - Value:
admin
- Key:
Tests
- Status Code: Validates that the response status code is
200. - Ensure that the item with id = 4 no longer exists in the array.
Summary
The “Security Test” collection ensures the following:
- Initial users and roles are validated.
- New users can be added successfully.
- Data integrity is maintained after adding or updating users.
- Updates to user data are applied and verified.
This collection provides a robust framework for testing the security and functionality of an API handling user data.
Documentation for Express App Test GitHub Actions Workflow
This YAML file defines a GitHub Actions workflow designed to automate the testing process for an Express application and its Postman test suite using the Newman CLI. The workflow is triggered on every push to the main branch and on a daily schedule.
Workflow Overview
1. Workflow Name
name: Express App Test Workflow
The name of this workflow is “Express App Test Workflow”, which will appear in the GitHub Actions interface.
Trigger Conditions
on:
push:
schedule:
# Runs daily at 9:00 AM CET
- cron: "0 8 * * *"
branches:
- main
- Trigger Events:
- The workflow runs:
- On every push to the
mainbranch. - Daily at 9:00 AM CET (Central European Time) using a cron schedule.
- On every push to the
- The workflow runs:
- Cron Expression:
"0 8 * * *": Runs the workflow every day at 8:00 UTC, which corresponds to 9:00 AM CET.
Workflow Jobs
Job: build
The workflow consists of a single job named build, which performs the following tasks:
jobs:
build:
runs-on: ubuntu-latest
- Runs on: An Ubuntu-based virtual machine (
ubuntu-latest).
Job Steps
1. Checkout Repository
- name: Checkout repository
uses: actions/checkout@v2
- Purpose: Checks out the code from the GitHub repository so the workflow can access files and run commands.
- Action Used: actions/checkout.
2. Set Up Node.js
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '16'
- Purpose: Installs and configures Node.js version 16, which is required for running the Express app.
- Action Used: actions/setup-node.
- Parameters:
node-version: '16': Specifies the version of Node.js to use.
3. Install Dependencies
- name: Install dependencies
run: npm install
- Purpose: Installs all the necessary dependencies defined in the
package.jsonfile. - Command Used:
npm install— Installs project dependencies for the Express application.
4. Start the Express App
- name: Start Express app
run: |
nohup npm start & # Start the Express server in the background
sleep 10 # Wait for the server to start
- Purpose: Starts the Express application server.
- Command Details:
nohup npm start &: Starts the application in the background, allowing the workflow to continue without waiting for the server to stop.sleep 10: Waits for 10 seconds to ensure the server is fully started and ready to accept requests.
5. Install Newman
- name: Install Newman
run: npm install -g newman
- Purpose: Installs the Newman CLI globally, which is used to run Postman collections from the command line.
- Command Used:
npm install -g newman. - Why Newman?: It allows you to automate the execution of Postman API tests in CI/CD pipelines.
6. Run Postman Tests
- name: Run Postman tests
run: |
newman run Postman/Security\ Test.postman_collection.json \
- Purpose: Executes the Postman test collection using Newman.
- Command Details:
newman run: The command to execute a Postman collection file.Postman/Security Test.postman_collection.json: Path to the Postman collection file containing the API test cases.
Key Benefits of This Workflow
- Automation:
- Eliminates manual testing by automating Express app testing and API validation.
- Scheduled Testing:
- Ensures daily testing even when there are no new code changes, maintaining consistent application health.
- Continuous Integration:
- Automatically runs on every push to the
mainbranch, catching bugs early in the development lifecycle.
- Automatically runs on every push to the
- Node.js Compatibility:
- Configures the Node.js environment to match the app’s requirements.
- Postman Integration:
- Leverages Postman’s testing capabilities for robust API validation.
Extending the Workflow
- Add Success Checks: To validate the success of POST, PUT, and DELETE requests, update the Postman collection to include assertions or add a step to send GET requests after each operation and verify the expected results.
- Include Test Reports: Add a step to generate and upload test reports (e.g., JUnit or HTML reports) for easier result analysis.
- Environment Variables: If your app requires environment variables (e.g., API keys or database URLs), use GitHub Secrets to securely inject them.
