RKWojs
c1bb4c44fd
- Updated next-auth dependency in package.json to version 5.0.0-beta.29. - Refactored create-admin script to use a valid email format. - Implemented authentication middleware for various API routes to enforce access control. - Refactored API route handlers to improve readability and maintainability. - Enhanced error handling in authentication error page. - Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.
41 lines
1.2 KiB
JavaScript
41 lines
1.2 KiB
JavaScript
// Test script to verify API route protection with better error handling
|
|
const BASE_URL = 'http://localhost:3000';
|
|
|
|
// Test unauthenticated access to protected routes
|
|
async function testProtectedRoutes() {
|
|
console.log('🔐 Testing Authorization Setup\n');
|
|
|
|
const protectedRoutes = [
|
|
'/api/projects',
|
|
'/api/contracts'
|
|
];
|
|
|
|
console.log('Testing unauthenticated access to protected routes...\n');
|
|
|
|
for (const route of protectedRoutes) {
|
|
try {
|
|
const response = await fetch(`${BASE_URL}${route}`);
|
|
const contentType = response.headers.get('content-type');
|
|
|
|
console.log(`Route: ${route}`);
|
|
console.log(`Status: ${response.status}`);
|
|
console.log(`Content-Type: ${contentType}`);
|
|
|
|
if (contentType && contentType.includes('application/json')) {
|
|
const data = await response.json();
|
|
console.log(`Response: ${JSON.stringify(data)}`);
|
|
} else {
|
|
const text = await response.text();
|
|
console.log(`Response (first 200 chars): ${text.substring(0, 200)}...`);
|
|
}
|
|
|
|
console.log('---\n');
|
|
} catch (error) {
|
|
console.log(`❌ ${route} - ERROR: ${error.message}\n`);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Run the test
|
|
testProtectedRoutes().catch(console.error);
|