anyclip-video-manager/scripts/test-auth-final.ts

#!/usr/bin/env bun
/**
 * Final auth test with both cookies
 */

import { encryptString } from "./crypto-subtle";

// Load .env
const envFile = Bun.file(".env");
if (await envFile.exists()) {
  const envContent = await envFile.text();
  for (const line of envContent.split("\n")) {
    const [key, ...valueParts] = line.split("=");
    if (key && valueParts.length) {
      process.env[key.trim()] = valueParts.join("=").trim();
    }
  }
}

const EXTERNAL_API = "https://videomanager-api.anyclip.com";
const MAIN_API = "https://videomanager.anyclip.com";
const PASS_CRYPTO_SALT = "$2b$04$wwky7rvtr6BFNaCqntwyie";

async function test() {
  const email = process.env.ANYCLIP_USER || process.env.ANYCLIP_EMAIL;
  const password = process.env.ANYCLIP_PASSWORD;

  console.log("=== Full Auth Test with SubtleCrypto ===\n");

  // Step 1: External login
  console.log("1. External API login...");
  const encryptedPassword = await encryptString(password!, PASS_CRYPTO_SALT);

  const externalResponse = await fetch(`${EXTERNAL_API}/public/auth/login`, {
    method: "POST",
    headers: { Accept: "application/json", "Content-Type": "application/json" },
    body: JSON.stringify({ email, password: encryptedPassword }),
  });

  if (!externalResponse.ok) {
    console.error("   ❌ Failed:", await externalResponse.text());
    process.exit(1);
  }

  const loginData = await externalResponse.json();
  const anyclipCookie = `${loginData.cookieName}=${loginData.cookieValue}`;
  console.log("   ✅ Got anyclip_2020 cookie");

  // Step 2: Main login - capture session cookie
  console.log("\n2. Main API login...");
  const mainLoginResponse = await fetch(`${MAIN_API}/api/auth/login`, {
    method: "POST",
    headers: {
      Accept: "application/json",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      token: loginData.token,
      tcname: loginData.cookieName,
      tcvalue: loginData.cookieValue,
    }),
  });

  // Extract session cookie from Set-Cookie header
  const setCookies = mainLoginResponse.headers.getSetCookie?.() || [];
  const sessionCookie = setCookies
    .find(c => c.startsWith("session="))
    ?.split(";")[0];

  if (!sessionCookie) {
    console.error("   ❌ No session cookie returned");
    process.exit(1);
  }
  console.log("   ✅ Got session cookie");

  // Both cookies needed
  const fullCookie = `${anyclipCookie}; ${sessionCookie}`;
  console.log("\n3. Combined cookies:");
  console.log("   anyclip_2020:", anyclipCookie.substring(0, 40) + "...");
  console.log("   session:", sessionCookie.substring(0, 40) + "...");

  // Test WITHOUT auth
  console.log("\n4. Test /studio WITHOUT cookies...");
  const noAuthResponse = await fetch(`${MAIN_API}/studio`, {
    redirect: "manual",
  });
  console.log("   Status:", noAuthResponse.status);
  console.log("   Redirects?", noAuthResponse.status === 307);

  // Test WITH auth
  console.log("\n5. Test /studio WITH cookies...");
  const authResponse = await fetch(`${MAIN_API}/studio`, {
    redirect: "manual",
    headers: { Cookie: fullCookie },
  });
  console.log("   Status:", authResponse.status);
  console.log("   Got 200?", authResponse.status === 200);

  // Summary
  console.log("\n========================================");
  if (noAuthResponse.status === 307 && authResponse.status === 200) {
    console.log("✅ SubtleCrypto auth VERIFIED");
    console.log("   - Without cookies: redirected (307)");
    console.log("   - With cookies: authenticated (200)");
  } else {
    console.log("❌ Auth verification failed");
    console.log("   - Without: " + noAuthResponse.status);
    console.log("   - With: " + authResponse.status);
  }
}

test().catch(console.error);