// Test authenticated access to pages and API endpoints const BASE_URL = 'http://localhost:3000'; // Helper to extract cookies from response headers function extractCookies(response) { const cookies = []; const setCookieHeaders = response.headers.get('set-cookie'); if (setCookieHeaders) { cookies.push(setCookieHeaders); } return cookies.join('; '); } // Test authenticated access async function testAuthenticatedAccess() { console.log('šŸ” Testing Authenticated Access\n'); // Step 1: Get the sign-in page to check if it loads console.log('1ļøāƒ£ Testing sign-in page access...'); try { const signInResponse = await fetch(`${BASE_URL}/auth/signin`); console.log(`āœ… Sign-in page: ${signInResponse.status} ${signInResponse.statusText}`); if (signInResponse.status === 200) { const pageContent = await signInResponse.text(); const hasForm = pageContent.includes('Sign in to your account'); console.log(` Form present: ${hasForm ? 'āœ… Yes' : 'āŒ No'}`); } } catch (error) { console.log(`āŒ Sign-in page error: ${error.message}`); } console.log('\n2ļøāƒ£ Testing authentication endpoint...'); // Step 2: Test the authentication API endpoint try { const sessionResponse = await fetch(`${BASE_URL}/api/auth/session`); console.log(`āœ… Session endpoint: ${sessionResponse.status} ${sessionResponse.statusText}`); if (sessionResponse.status === 200) { const sessionData = await sessionResponse.json(); console.log(` Session data: ${JSON.stringify(sessionData)}`); } } catch (error) { console.log(`āŒ Session endpoint error: ${error.message}`); } console.log('\n3ļøāƒ£ Testing CSRF token endpoint...'); // Step 3: Get CSRF token try { const csrfResponse = await fetch(`${BASE_URL}/api/auth/csrf`); console.log(`āœ… CSRF endpoint: ${csrfResponse.status} ${csrfResponse.statusText}`); if (csrfResponse.status === 200) { const csrfData = await csrfResponse.json(); console.log(` CSRF token: ${csrfData.csrfToken ? 'āœ… Present' : 'āŒ Missing'}`); } } catch (error) { console.log(`āŒ CSRF endpoint error: ${error.message}`); } console.log('\n4ļøāƒ£ Testing main dashboard page (unauthenticated)...'); // Step 4: Test main page redirect try { const mainPageResponse = await fetch(`${BASE_URL}/`, { redirect: 'manual' // Don't follow redirects automatically }); console.log(`āœ… Main page: ${mainPageResponse.status} ${mainPageResponse.statusText}`); if (mainPageResponse.status === 307 || mainPageResponse.status === 302) { const location = mainPageResponse.headers.get('location'); console.log(` Redirects to: ${location}`); console.log(` Correct redirect: ${location && location.includes('/auth/signin') ? 'āœ… Yes' : 'āŒ No'}`); } } catch (error) { console.log(`āŒ Main page error: ${error.message}`); } console.log('\n5ļøāƒ£ Testing projects page (unauthenticated)...'); // Step 5: Test projects page redirect try { const projectsPageResponse = await fetch(`${BASE_URL}/projects`, { redirect: 'manual' }); console.log(`āœ… Projects page: ${projectsPageResponse.status} ${projectsPageResponse.statusText}`); if (projectsPageResponse.status === 307 || projectsPageResponse.status === 302) { const location = projectsPageResponse.headers.get('location'); console.log(` Redirects to: ${location}`); console.log(` Correct redirect: ${location && location.includes('/auth/signin') ? 'āœ… Yes' : 'āŒ No'}`); } } catch (error) { console.log(`āŒ Projects page error: ${error.message}`); } console.log('\n6ļøāƒ£ Testing API endpoints (unauthenticated)...'); // Step 6: Test API endpoints const apiEndpoints = ['/api/projects', '/api/contracts', '/api/tasks/templates']; for (const endpoint of apiEndpoints) { try { const response = await fetch(`${BASE_URL}${endpoint}`); const data = await response.json(); if (response.status === 401) { console.log(`āœ… ${endpoint}: Protected (401) - ${data.error}`); } else { console.log(`āŒ ${endpoint}: Not protected (${response.status})`); } } catch (error) { console.log(`āŒ ${endpoint}: Error - ${error.message}`); } } console.log('\nšŸ“‹ Summary:'); console.log('- Sign-in page should be accessible'); console.log('- Protected pages should redirect to /auth/signin'); console.log('- Protected API endpoints should return 401 with JSON error'); console.log('- Auth endpoints (/api/auth/*) should be accessible'); } // Run the test testAuthenticatedAccess().catch(console.error);