// Test script to verify API route protection with better error handling
const BASE_URL = 'http://localhost:3000';

// Test unauthenticated access to protected routes
async function testProtectedRoutes() {
  console.log('🔐 Testing Authorization Setup\n');
  
  const protectedRoutes = [
    '/api/projects',
    '/api/contracts'
  ];
  
  console.log('Testing unauthenticated access to protected routes...\n');
  
  for (const route of protectedRoutes) {
    try {
      const response = await fetch(`${BASE_URL}${route}`);
      const contentType = response.headers.get('content-type');
      
      console.log(`Route: ${route}`);
      console.log(`Status: ${response.status}`);
      console.log(`Content-Type: ${contentType}`);
      
      if (contentType && contentType.includes('application/json')) {
        const data = await response.json();
        console.log(`Response: ${JSON.stringify(data)}`);
      } else {
        const text = await response.text();
        console.log(`Response (first 200 chars): ${text.substring(0, 200)}...`);
      }
      
      console.log('---\n');
    } catch (error) {
      console.log(`❌ ${route} - ERROR: ${error.message}\n`);
    }
  }
}

// Run the test
testProtectedRoutes().catch(console.error);