mongosh --eval "
use('test_database');
var userId = 'test-user-' + Date.now();
var sessionToken = 'test_session_' + Date.now();
db.users.insertOne({
user_id: userId, // Custom UUID field (MongoDB's _id is separate/internal)
email: 'test.user.' + Date.now() + '@example.com',
name: 'Test User',
picture: 'https://via.placeholder.com/150',
created_at: new Date()
});
db.user_sessions.insertOne({
user_id: userId, // Must match user.user_id exactly
session_token: sessionToken,
expires_at: new Date(Date.now() + 7*24*60*60*1000),
created_at: new Date()
});
print('Session token: ' + sessionToken);
print('User ID: ' + userId);
"# Test auth endpoint
curl -X GET "https://your-app.com/api/auth/me" \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
# Test protected endpoints
curl -X GET "https://your-app.com/api/streams" \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"// Set cookie and navigate
await page.context.add_cookies([{
"name": "session_token",
"value": "YOUR_SESSION_TOKEN",
"domain": "your-app.com",
"path": "/",
"httpOnly": true,
"secure": true,
"sameSite": "None"
}]);
await page.goto("https://your-app.com");# Check data format
mongosh --eval "
use('test_database');
db.users.find().limit(2).pretty();
db.user_sessions.find().limit(2).pretty();
"
# Clean test data
mongosh --eval "
use('test_database');
db.users.deleteMany({email: /test\.user\./});
db.user_sessions.deleteMany({session_token: /test_session/});
"- User document has user_id field (custom UUID, MongoDB's _id is separate)
- Session user_id matches user's user_id exactly
- All queries use
{"_id": 0}projection to exclude MongoDB's _id - Backend queries use user_id (not _id or id)
- API returns user data with user_id field (not 401/404)
- Browser loads dashboard (not login page)
✅ /api/auth/me returns user data ✅ Dashboard loads without redirect ✅ CRUD operations work
❌ "User not found" errors ❌ 401 Unauthorized responses ❌ Redirect to login page