// Test authenticated API access using NextAuth.js client-side approach const BASE_URL = 'http://localhost:3000'; async function testAuthenticatedAPI() { console.log('šŸ” Testing Authenticated API Access\n'); try { // Test 1: Check if server is running console.log('1ļøāƒ£ Checking server status...'); const healthResponse = await fetch(`${BASE_URL}/api/auth/session`); console.log(`Server status: ${healthResponse.status}`); if (!healthResponse.ok) { console.log('āŒ Server not responding properly'); return; } // Test 2: Test unauthenticated access to protected endpoints console.log('\n2ļøāƒ£ Testing unauthenticated access...'); const protectedEndpoints = [ '/api/projects', '/api/contracts', '/api/tasks', '/api/project-tasks' ]; for (const endpoint of protectedEndpoints) { const response = await fetch(`${BASE_URL}${endpoint}`); console.log(`${endpoint}: ${response.status} ${response.status === 401 ? 'āœ… (properly protected)' : 'āŒ (not protected)'}`); } // Test 3: Check protected pages console.log('\n3ļøāƒ£ Testing protected pages...'); const protectedPages = ['/projects', '/contracts', '/tasks']; for (const page of protectedPages) { const response = await fetch(`${BASE_URL}${page}`, { redirect: 'manual' }); if (response.status === 302) { const location = response.headers.get('location'); if (location && location.includes('/auth/signin')) { console.log(`${page}: āœ… Properly redirects to sign-in`); } else { console.log(`${page}: āš ļø Redirects to: ${location}`); } } else if (response.status === 200) { console.log(`${page}: āŒ Accessible without authentication`); } else { console.log(`${page}: ā“ Status ${response.status}`); } } // Test 4: Test sign-in page accessibility console.log('\n4ļøāƒ£ Testing sign-in page...'); const signinResponse = await fetch(`${BASE_URL}/auth/signin`); if (signinResponse.ok) { console.log('āœ… Sign-in page accessible'); const content = await signinResponse.text(); const hasEmailField = content.includes('name="email"') || content.includes('id="email"'); const hasPasswordField = content.includes('name="password"') || content.includes('id="password"'); console.log(` Email field: ${hasEmailField ? 'āœ…' : 'āŒ'}`); console.log(` Password field: ${hasPasswordField ? 'āœ…' : 'āŒ'}`); } else { console.log('āŒ Sign-in page not accessible'); } // Test 5: Check NextAuth.js providers endpoint console.log('\n5ļøāƒ£ Testing NextAuth.js configuration...'); const providersResponse = await fetch(`${BASE_URL}/api/auth/providers`); if (providersResponse.ok) { const providers = await providersResponse.json(); console.log('āœ… NextAuth.js providers endpoint accessible'); console.log('Available providers:', Object.keys(providers)); } else { console.log('āŒ NextAuth.js providers endpoint failed'); } // Test 6: Check CSRF token endpoint console.log('\n6ļøāƒ£ Testing CSRF token...'); const csrfResponse = await fetch(`${BASE_URL}/api/auth/csrf`); if (csrfResponse.ok) { const csrf = await csrfResponse.json(); console.log('āœ… CSRF token endpoint accessible'); console.log('CSRF token available:', !!csrf.csrfToken); } else { console.log('āŒ CSRF token endpoint failed'); } console.log('\nšŸŽÆ Manual Testing Instructions:'); console.log('1. Open browser to: http://localhost:3000/auth/signin'); console.log('2. Use credentials:'); console.log(' Email: admin@localhost.com'); console.log(' Password: admin123456'); console.log('3. After login, test these pages:'); protectedPages.forEach(page => { console.log(` - http://localhost:3000${page}`); }); console.log('4. Test API endpoints with browser dev tools or Postman'); } catch (error) { console.error('āŒ Test failed with error:', error.message); } } // Run the test testAuthenticatedAPI();