import dotenv from "dotenv"; dotenv.config(); const API_URL = 'http://localhost:3001/api'; async function testAuth() { console.log("šŸš€ Starting Authentication Verification..."); // Helper to sleep const sleep = (ms: number) => new Promise(r => setTimeout(r, ms)); // GENERATE RANDOM USERS const userA = { email: `userA_${Date.now()}@test.com`, password: 'password123' }; const userB = { email: `userB_${Date.now()}@test.com`, password: 'password123' }; let tokenA = ''; let tokenB = ''; try { // 1. REGISTER USER A console.log(`\nšŸ‘¤ Registering User A: ${userA.email}`); const regA = await fetch(`${API_URL}/auth/register`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...userA, apiKey: process.env.GEMINI_API_KEY, termsAccepted: true }) }); const dataA = await regA.json() as any; if (!regA.ok) throw new Error(`User A Register Failed: ${JSON.stringify(dataA)}`); tokenA = dataA.token; console.log("āœ… User A Registered & Token Received"); // 2. REGISTER USER B console.log(`\nšŸ‘¤ Registering User B: ${userB.email}`); const regB = await fetch(`${API_URL}/auth/register`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ ...userB, apiKey: process.env.GEMINI_API_KEY, termsAccepted: true }) }); const dataB = await regB.json() as any; if (!regB.ok) throw new Error(`User B Register Failed: ${JSON.stringify(dataB)}`); tokenB = dataB.token; console.log("āœ… User B Registered & Token Received"); // 3. CREATE PROJECT AS USER A console.log("\nšŸŽØ User A creating project 'My Private Art'"); const projA = await fetch(`${API_URL}/projects`, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${tokenA}` }, body: JSON.stringify({ niche: "Abstract Blue Shapes", productType: "Wall Art", creativity: "Balanced", aspectRatio: "3:4", referenceImages: [] }) }); const projDataA = await projA.json() as any; if (!projA.ok) throw new Error(`Project Creation Failed: ${JSON.stringify(projDataA)}`); console.log("āœ… User A Project Created"); // 4. VERIFY USER B CANNOT SEE USER A's PROJECT console.log("\nšŸ•µļø User B attempting to view projects..."); const getB = await fetch(`${API_URL}/projects`, { method: 'GET', headers: { 'Authorization': `Bearer ${tokenB}` } }); const getDataB = await getB.json() as any; const projectsB = getDataB.projects || []; console.log(` User B sees ${projectsB.length} projects.`); if (projectsB.length === 0) { console.log("āœ… SUCCESS: User B sees 0 projects."); } else { console.error("āŒ FAILURE: User B sees projects they shouldn't!"); console.error(projectsB); } // 5. VERIFY USER A CAN SEE THEIR PROJECT console.log("\nšŸ•µļø User A attempting to view projects..."); const getA = await fetch(`${API_URL}/projects`, { method: 'GET', headers: { 'Authorization': `Bearer ${tokenA}` } }); const getDataA = await getA.json() as any; const projectsA = getDataA.projects || []; console.log(` User A sees ${projectsA.length} projects.`); if (projectsA.length >= 1) { console.log("āœ… SUCCESS: User A sees their project."); } else { console.error("āŒ FAILURE: User A cannot see their project!"); } console.log("\nšŸŽ‰ AUTHENTICATION & RBAC VERIFICATION COMPLETE!"); } catch (error) { console.error("\nāŒ VERIFICATION FAILED:", error); } } testAuth();