// Test script to verify API route protection
const BASE_URL = 'http://localhost:3000';

// Test unauthenticated access to protected routes
async function testProtectedRoutes() {
  console.log('🔐 Testing Authorization Setup\n');
  
  const protectedRoutes = [
    '/api/projects',
    '/api/contracts', 
    '/api/tasks/templates',
    '/api/project-tasks',
    '/api/notes',
    '/api/all-project-tasks'
  ];
  
  console.log('Testing unauthenticated access to protected routes...\n');
  
  for (const route of protectedRoutes) {
    try {
      const response = await fetch(`${BASE_URL}${route}`);
      const data = await response.json();
      
      if (response.status === 401) {
        console.log(`✅ ${route} - PROTECTED (401 Unauthorized)`);
      } else {
        console.log(`❌ ${route} - NOT PROTECTED (${response.status})`);
        console.log(`   Response: ${JSON.stringify(data).substring(0, 100)}...`);
      }
    } catch (error) {
      console.log(`❌ ${route} - ERROR: ${error.message}`);
    }
  }
  
  console.log('\n🔍 Testing authentication endpoint...\n');
  
  // Test NextAuth endpoint
  try {
    const response = await fetch(`${BASE_URL}/api/auth/session`);
    const data = await response.json();
    console.log(`✅ /api/auth/session - Available (${response.status})`);
    console.log(`   Response: ${JSON.stringify(data)}`);
  } catch (error) {
    console.log(`❌ /api/auth/session - ERROR: ${error.message}`);
  }
}

// Run the test
testProtectedRoutes().catch(console.error);