your project Route Tester Skill

your project Route Tester Skill

What Is This

The your project Route Tester Skill is a productivity tool designed for the Happycapy Skills platform. It enables automated testing of authenticated routes within web applications that use cookie-based authentication, specifically tailored for the "your project" architecture. By providing patterns and scripts for testing endpoints protected by JWT tokens stored in cookies, it simplifies the process of validating API functionality and troubleshooting authentication issues.

This skill leverages both utility scripts (such as test-auth-route.js) and mock authentication techniques. It is particularly valuable for development and QA teams working with the "your project" codebase, where authentication is handled via Keycloak SSO and JWT tokens are delivered through cookies instead of traditional Bearer headers.

Why Use It

Testing authenticated routes in modern web applications is a critical but sometimes challenging task. Many back-end systems rely on JWT tokens delivered via cookies, which can complicate automated and manual testing workflows. The your project Route Tester Skill addresses several key needs:

• Reduces Complexity: It abstracts away the intricacies of manual cookie handling and JWT token management, streamlining the process for developers and testers.
• Consistency and Repeatability: By using standardized scripts and authentication patterns, you ensure that route testing is consistent across environments and team members.
• Debugging Efficiency: The skill provides direct methods for testing, allowing rapid diagnosis of authentication and route issues.
• Supports Multiple HTTP Methods: It is not limited to simple GET requests. POST, PUT, and DELETE operations can be tested with payloads.
• Integration with your project Stack: It is designed specifically for the "your project" authentication flow, including Keycloak SSO and cookie-based JWTs.

How to Use It

The core utility provided by this skill is the test-auth-route.js script, which manages authentication automatically and issues requests to your endpoints as an authenticated user.

Prerequisites

• Access to the "your project" source repository, specifically the /scripts/test-auth-route.js utility.
• Node.js installed on your local machine or CI/CD environment.
• Network access to the target API endpoints (e.g., localhost, staging, or production).

Using the Script

1. GET Request Example

To test a basic authenticated GET endpoint, run:

node scripts/test-auth-route.js http://localhost:3000/blog-api/api/endpoint

This command will:

• Perform authentication using your project’s Keycloak SSO.
• Obtain a JWT token and set it in the refresh_token cookie.
• Send a GET request to the specified endpoint with the authentication cookie attached.
• Output the response for review.

2. POST Request with JSON Payload

To test an authenticated POST endpoint with a JSON body, use:

node scripts/test-auth-route.js \
    http://localhost:3000/blog-api/777/submit \
    POST \
    '{"responses":{"4577":"13295"},"submissionID":5,"stepInstanceId":"11"}'

This command will:

• Authenticate the request as above.
• Send a POST request with the provided JSON as the body.
• Include the JWT cookie.
• Print the API’s response.

3. Other HTTP Methods

The script can be similarly used for PUT and DELETE requests by specifying the HTTP method and payload.

What the Script Does Internally

• Handles authentication against Keycloak (realm: yourRealm) automatically.
• Retrieves a signed JWT using credentials and secret from config.ini.
• Sets the refresh_token cookie as required by your project’s authentication middleware.
• Issues the HTTP request with the correct cookies and headers.
• Outputs API responses for validation or debugging.

When to Use It

Use the your project Route Tester Skill in any of the following scenarios:

• Testing New API Endpoints: Whenever a new authenticated route is introduced, validate its access and response using this skill.
• Validating Route Functionality After Changes: After making changes to authentication logic, middleware, or route handlers, re-test with the script to catch regressions.
• Debugging Authentication Issues: If users report problems with login or route access, use the skill to isolate whether the issue is with authentication, cookies, or the route handler.
• Testing POST/PUT/DELETE Operations: Confirm that routes which modify data function as expected when accessed by an authenticated user.
• Verifying Request/Response Data: Quickly compare expected and actual responses during development or QA.

Important Notes

• Cookie-Based Authentication: Unlike many APIs that rely on Bearer tokens in headers, your project uses JWT tokens stored in a cookie named refresh_token. The scripts in this skill are designed to handle this detail.
• Keycloak Integration: Authentication is performed through Keycloak using the yourRealm realm. Ensure your Keycloak instance and realm are configured correctly.
• Secrets Management: JWT tokens are signed using secrets defined in config.ini. Keep this file secure and never commit secrets to version control.
• Location of Utility Script: The recommended test-auth-route.js script is located at /root/git/your project_pre/scripts/test-auth-route.js. Update paths as needed for your environment.
• Not for Production Automation: While invaluable for development and staging, avoid using test scripts directly against production endpoints unless explicitly permitted, as they may bypass some user-facing checks.
• Mock Authentication Patterns: In addition to the script, the skill includes patterns for mocking authentication. Refer to the source repository for advanced usage.

This skill is an essential tool for any team working with the "your project" codebase, enabling robust, repeatable, and secure testing of authenticated API routes. For advanced scenarios and up-to-date usage patterns, consult the source code and documentation.