generated from OPCODE-Open-Spring-Fest/template
-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathtest-api.js
More file actions
152 lines (131 loc) · 5.61 KB
/
test-api.js
File metadata and controls
152 lines (131 loc) · 5.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
/**
* Simple API Test Script for RBAC Project
* Run this script to test all functionality
*/
const BASE_URL = 'http://localhost:5000/api';
async function testAPI() {
console.log('🧪 Starting RBAC API Tests...\n');
try {
// Test 1: Health Check
console.log('1️⃣ Testing server health...');
const health = await fetch('http://localhost:5000/');
const healthText = await health.text();
console.log('✅ Server response:', healthText);
// Test 2: Register User
console.log('\n2️⃣ Testing user registration...');
const registerResponse = await fetch(`${BASE_URL}/auth/register`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
username: 'testuser',
email: 'test@example.com',
fullname: 'Test User',
password: 'password123'
})
});
const registerData = await registerResponse.json();
if (registerData.success) {
console.log('✅ User registration successful');
} else {
console.log('⚠️ Registration response:', registerData.message);
}
// Test 3: Login
console.log('\n3️⃣ Testing user login...');
const loginResponse = await fetch(`${BASE_URL}/auth/login`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
email: 'test@example.com',
password: 'password123'
})
});
const loginData = await loginResponse.json();
if (loginData.success) {
console.log('✅ Login successful');
console.log('📝 Access Token:', loginData.accessToken.substring(0, 30) + '...');
console.log('🔄 Refresh Token:', loginData.refreshToken.substring(0, 30) + '...');
// Test 4: Protected Route
console.log('\n4️⃣ Testing protected route...');
const protectedResponse = await fetch(`${BASE_URL}/rbac-test/user-only`, {
headers: { 'Authorization': `Bearer ${loginData.accessToken}` }
});
if (protectedResponse.ok) {
const protectedData = await protectedResponse.json();
console.log('✅ Protected route accessed:', protectedData.message);
} else {
console.log('❌ Protected route failed:', protectedResponse.statusText);
}
// Test 5: Token Refresh
console.log('\n5️⃣ Testing token refresh...');
const refreshResponse = await fetch(`${BASE_URL}/auth/refresh`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ refreshToken: loginData.refreshToken })
});
const refreshData = await refreshResponse.json();
if (refreshData.success) {
console.log('✅ Token refresh successful');
console.log('📝 New Access Token:', refreshData.accessToken.substring(0, 30) + '...');
// Test 6: Use new token
console.log('\n6️⃣ Testing with new access token...');
const newProtectedResponse = await fetch(`${BASE_URL}/rbac-test/user-only`, {
headers: { 'Authorization': `Bearer ${refreshData.accessToken}` }
});
if (newProtectedResponse.ok) {
const newProtectedData = await newProtectedResponse.json();
console.log('✅ New token works:', newProtectedData.message);
}
} else {
console.log('❌ Token refresh failed:', refreshData.message);
}
// Test 7: Logout
console.log('\n7️⃣ Testing logout...');
const logoutResponse = await fetch(`${BASE_URL}/auth/logout`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ refreshToken: loginData.refreshToken })
});
const logoutData = await logoutResponse.json();
if (logoutData.success) {
console.log('✅ Logout successful:', logoutData.message);
} else {
console.log('❌ Logout failed:', logoutData.message);
}
// Test 8: Try refresh after logout (should fail)
console.log('\n8️⃣ Testing refresh after logout (should fail)...');
const invalidRefreshResponse = await fetch(`${BASE_URL}/auth/refresh`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ refreshToken: loginData.refreshToken })
});
const invalidRefreshData = await invalidRefreshResponse.json();
if (!invalidRefreshData.success) {
console.log('✅ Refresh correctly blocked after logout');
} else {
console.log('❌ Refresh should have been blocked');
}
console.log('\n🎉 All tests completed successfully!');
console.log('\n📋 Test Summary:');
console.log('✅ Server health check');
console.log('✅ User registration');
console.log('✅ User login with tokens');
console.log('✅ Protected route access');
console.log('✅ Token refresh mechanism');
console.log('✅ New token usage');
console.log('✅ Logout functionality');
console.log('✅ Token invalidation');
} else {
console.log('❌ Login failed:', loginData.message);
console.log('💡 Make sure the server is running and database is seeded');
}
} catch (error) {
console.error('❌ Test failed with error:', error.message);
console.log('\n🔧 Troubleshooting:');
console.log('1. Make sure the server is running: npm run dev');
console.log('2. Check if MongoDB is running');
console.log('3. Verify .env file has correct values');
console.log('4. Run database seeding: node src/seed/seedRoles.js');
}
}
// Run the test
testAPI();