Admin/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
92f458e59b3da7ecf57d13c4f376ca3781dd4373
panel/test-auth-api.mjs

110 lines
4.1 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Test authenticated API access using NextAuth.js client-side approach
const BASE_URL = 'http://localhost:3000';
async function testAuthenticatedAPI() {
console.log('🔐 Testing Authenticated API Access\n');
try {
// Test 1: Check if server is running
console.log('1⃣ Checking server status...');
const healthResponse = await fetch(`${BASE_URL}/api/auth/session`);
console.log(`Server status: ${healthResponse.status}`);
if (!healthResponse.ok) {
console.log('❌ Server not responding properly');
return;
}
// Test 2: Test unauthenticated access to protected endpoints
console.log('\n2⃣ Testing unauthenticated access...');
const protectedEndpoints = [
'/api/projects',
'/api/contracts',
'/api/tasks',
'/api/project-tasks'
];
for (const endpoint of protectedEndpoints) {
const response = await fetch(`${BASE_URL}${endpoint}`);
console.log(`${endpoint}: ${response.status} ${response.status === 401 ? '✅ (properly protected)' : '❌ (not protected)'}`);
}
// Test 3: Check protected pages
console.log('\n3⃣ Testing protected pages...');
const protectedPages = ['/projects', '/contracts', '/tasks'];
for (const page of protectedPages) {
const response = await fetch(`${BASE_URL}${page}`, {
redirect: 'manual'
});
if (response.status === 302) {
const location = response.headers.get('location');
if (location && location.includes('/auth/signin')) {
console.log(`${page}: ✅ Properly redirects to sign-in`);
} else {
console.log(`${page}: ⚠️ Redirects to: ${location}`);
}
} else if (response.status === 200) {
console.log(`${page}: ❌ Accessible without authentication`);
} else {
console.log(`${page}: ❓ Status ${response.status}`);
}
}
// Test 4: Test sign-in page accessibility
console.log('\n4⃣ Testing sign-in page...');
const signinResponse = await fetch(`${BASE_URL}/auth/signin`);
if (signinResponse.ok) {
console.log('✅ Sign-in page accessible');
const content = await signinResponse.text();
const hasEmailField = content.includes('name="email"') || content.includes('id="email"');
const hasPasswordField = content.includes('name="password"') || content.includes('id="password"');
console.log(` Email field: ${hasEmailField ? '✅' : '❌'}`);
console.log(` Password field: ${hasPasswordField ? '✅' : '❌'}`);
} else {
console.log('❌ Sign-in page not accessible');
}
// Test 5: Check NextAuth.js providers endpoint
console.log('\n5⃣ Testing NextAuth.js configuration...');
const providersResponse = await fetch(`${BASE_URL}/api/auth/providers`);
if (providersResponse.ok) {
const providers = await providersResponse.json();
console.log('✅ NextAuth.js providers endpoint accessible');
console.log('Available providers:', Object.keys(providers));
} else {
console.log('❌ NextAuth.js providers endpoint failed');
}
// Test 6: Check CSRF token endpoint
console.log('\n6⃣ Testing CSRF token...');
const csrfResponse = await fetch(`${BASE_URL}/api/auth/csrf`);
if (csrfResponse.ok) {
const csrf = await csrfResponse.json();
console.log('✅ CSRF token endpoint accessible');
console.log('CSRF token available:', !!csrf.csrfToken);
} else {
console.log('❌ CSRF token endpoint failed');
}
console.log('\n🎯 Manual Testing Instructions:');
console.log('1. Open browser to: http://localhost:3000/auth/signin');
console.log('2. Use credentials:');
console.log(' Email: admin@localhost.com');
console.log(' Password: admin123456');
console.log('3. After login, test these pages:');
protectedPages.forEach(page => {
console.log(` - http://localhost:3000${page}`);
});
console.log('4. Test API endpoints with browser dev tools or Postman');
} catch (error) {
console.error('❌ Test failed with error:', error.message);
}
}
// Run the test
testAuthenticatedAPI();
Reference in New Issue View Git Blame Copy Permalink