Admin/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: upgrade next-auth to v5.0.0-beta.29 and refactor authentication middleware

Browse Source 
- Updated next-auth dependency in package.json to version 5.0.0-beta.29.
- Refactored create-admin script to use a valid email format.
- Implemented authentication middleware for various API routes to enforce access control.
- Refactored API route handlers to improve readability and maintainability.
- Enhanced error handling in authentication error page.
- Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.
This commit is contained in:
RKWojs
2025-06-25 12:32:13 +02:00
parent 035a0386d7
commit c1bb4c44fd
24 changed files with 626 additions and 369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
test-auth.mjs Normal file
View File

@@ -0,0 +1,49 @@
// Test script to verify API route protection
const BASE_URL = 'http://localhost:3000';
// Test unauthenticated access to protected routes
async function testProtectedRoutes() {
console.log('🔐 Testing Authorization Setup\n');
const protectedRoutes = [
'/api/projects',
'/api/contracts',
'/api/tasks/templates',
'/api/project-tasks',
'/api/notes',
'/api/all-project-tasks'
];
console.log('Testing unauthenticated access to protected routes...\n');
for (const route of protectedRoutes) {
try {
const response = await fetch(`${BASE_URL}${route}`);
const data = await response.json();
if (response.status === 401) {
console.log(`${route} - PROTECTED (401 Unauthorized)`);
} else {
console.log(`${route} - NOT PROTECTED (${response.status})`);
console.log(` Response: ${JSON.stringify(data).substring(0, 100)}...`);
}
} catch (error) {
console.log(`${route} - ERROR: ${error.message}`);
}
}
console.log('\n🔍 Testing authentication endpoint...\n');
// Test NextAuth endpoint
try {
const response = await fetch(`${BASE_URL}/api/auth/session`);
const data = await response.json();
console.log(`✅ /api/auth/session - Available (${response.status})`);
console.log(` Response: ${JSON.stringify(data)}`);
} catch (error) {
console.log(`❌ /api/auth/session - ERROR: ${error.message}`);
}
}
// Run the test
testProtectedRoutes().catch(console.error);