fahricansecer/digicraft-be
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80dcf4d04a490b01e5483f46ecfe4e1f1bc46f26
digicraft-be/verify_auth.ts
Fahri Can Seçer 80dcf4d04a
Some checks failed
Deploy Backend / deploy (push) Has been cancelled
Details
main
2026-02-05 01:29:22 +03:00

107 lines
4.0 KiB
TypeScript
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import dotenv from "dotenv";
dotenv.config();
const API_URL = 'http://localhost:3001/api';
async function testAuth() {
console.log("🚀 Starting Authentication Verification...");
// Helper to sleep
const sleep = (ms: number) => new Promise(r => setTimeout(r, ms));
// GENERATE RANDOM USERS
const userA = { email: `userA_${Date.now()}@test.com`, password: 'password123' };
const userB = { email: `userB_${Date.now()}@test.com`, password: 'password123' };
let tokenA = '';
let tokenB = '';
try {
// 1. REGISTER USER A
console.log(`\n👤 Registering User A: ${userA.email}`);
const regA = await fetch(`${API_URL}/auth/register`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ...userA, apiKey: process.env.GEMINI_API_KEY, termsAccepted: true })
});
const dataA = await regA.json() as any;
if (!regA.ok) throw new Error(`User A Register Failed: ${JSON.stringify(dataA)}`);
tokenA = dataA.token;
console.log("✅ User A Registered & Token Received");
// 2. REGISTER USER B
console.log(`\n👤 Registering User B: ${userB.email}`);
const regB = await fetch(`${API_URL}/auth/register`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ...userB, apiKey: process.env.GEMINI_API_KEY, termsAccepted: true })
});
const dataB = await regB.json() as any;
if (!regB.ok) throw new Error(`User B Register Failed: ${JSON.stringify(dataB)}`);
tokenB = dataB.token;
console.log("✅ User B Registered & Token Received");
// 3. CREATE PROJECT AS USER A
console.log("\n🎨 User A creating project 'My Private Art'");
const projA = await fetch(`${API_URL}/projects`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${tokenA}`
},
body: JSON.stringify({
niche: "Abstract Blue Shapes",
productType: "Wall Art",
creativity: "Balanced",
aspectRatio: "3:4",
referenceImages: []
})
});
const projDataA = await projA.json() as any;
if (!projA.ok) throw new Error(`Project Creation Failed: ${JSON.stringify(projDataA)}`);
console.log("✅ User A Project Created");
// 4. VERIFY USER B CANNOT SEE USER A's PROJECT
console.log("\n🕵 User B attempting to view projects...");
const getB = await fetch(`${API_URL}/projects`, {
method: 'GET',
headers: { 'Authorization': `Bearer ${tokenB}` }
});
const getDataB = await getB.json() as any;
const projectsB = getDataB.projects || [];
console.log(` User B sees ${projectsB.length} projects.`);
if (projectsB.length === 0) {
console.log("✅ SUCCESS: User B sees 0 projects.");
} else {
console.error("❌ FAILURE: User B sees projects they shouldn't!");
console.error(projectsB);
}
// 5. VERIFY USER A CAN SEE THEIR PROJECT
console.log("\n🕵 User A attempting to view projects...");
const getA = await fetch(`${API_URL}/projects`, {
method: 'GET',
headers: { 'Authorization': `Bearer ${tokenA}` }
});
const getDataA = await getA.json() as any;
const projectsA = getDataA.projects || [];
console.log(` User A sees ${projectsA.length} projects.`);
if (projectsA.length >= 1) {
console.log("✅ SUCCESS: User A sees their project.");
} else {
console.error("❌ FAILURE: User A cannot see their project!");
}
console.log("\n🎉 AUTHENTICATION & RBAC VERIFICATION COMPLETE!");
} catch (error) {
console.error("\n❌ VERIFICATION FAILED:", error);
}
}
testAuth();
Reference in New Issue View Git Blame Copy Permalink