rorikstr/multiberry-backend
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(fix) user_id now retrieving from JWT not from URL

Browse source
This commit is contained in:
Rorik Star Platinum 2025-11-08 20:18:59 +03:00
parent 80ed37647b
commit 4d0ad0226f
3 changed files with 86 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

74
test_multiberry.sh
View file

@ -1,6 +1,6 @@
#!/bin/bash
# Save as test_multiberry.sh
# Extended comprehensive test with DB verification
# Save as test_multiberry_secure.sh
# Tests secure API - user_id extracted from JWT token automatically
BASE_URL="http://localhost:3000/api"
@ -9,7 +9,7 @@ echo "1⃣ REGISTER USER"
echo "=========================================="
REGISTER=$(curl -s -X POST $BASE_URL/auth/register \
-H 'Content-Type: application/json' \
-d '{"bank_user_number": 1, "password": "testpass123"}')
-d '{"bank_user_number": 2, "password": "testpass123"}')
echo "$REGISTER" | jq .
TOKEN=$(echo "$REGISTER" | jq -r '.token')
@ -30,14 +30,14 @@ echo ""
echo "=========================================="
echo "3⃣ GET ME (verify auth middleware)"
echo "=========================================="
curl -s http://localhost:3000/api/auth/me \
curl -s $BASE_URL/auth/me \
-H "Authorization: Bearer $TOKEN" | jq .
echo ""
echo "=========================================="
echo "4⃣ REQUEST CONSENT from VBank"
echo "4⃣ REQUEST CONSENT from VBank (user from JWT)"
echo "=========================================="
CONSENT=$(curl -s -X POST $BASE_URL/consent/vbank/$BANK_USER_ID \
CONSENT=$(curl -s -X POST $BASE_URL/consent/vbank \
-H "Authorization: Bearer $TOKEN")
echo "$CONSENT" | jq .
@ -46,9 +46,9 @@ echo "✅ Consent ID: $CONSENT_ID"
echo ""
echo "=========================================="
echo "5⃣ GET ACCOUNTS (auto-saved to DB)"
echo "5⃣ GET ACCOUNTS (user from JWT, auto-saved to DB)"
echo "=========================================="
ACCOUNTS=$(curl -s $BASE_URL/accounts/vbank/$BANK_USER_ID \
ACCOUNTS=$(curl -s $BASE_URL/accounts/vbank \
-H "Authorization: Bearer $TOKEN")
echo "$ACCOUNTS" | jq .
@ -68,9 +68,9 @@ echo "✅ Current Balance: $BALANCE_AMOUNT RUB"
echo ""
echo "=========================================="
echo "7⃣ GET TRANSACTIONS (page 1, limit 6 - auto-saved)"
echo "7⃣ GET TRANSACTIONS (user from JWT, page 1, limit 6)"
echo "=========================================="
TRANS_PAGE1=$(curl -s "$BASE_URL/transactions/vbank/$BANK_USER_ID/$ACCOUNT_ID?page=1&limit=6" \
TRANS_PAGE1=$(curl -s "$BASE_URL/transactions/vbank/$ACCOUNT_ID?page=1&limit=6" \
-H "Authorization: Bearer $TOKEN")
echo "$TRANS_PAGE1" | jq .
@ -81,54 +81,38 @@ echo ""
echo "=========================================="
echo "8⃣ GET TRANSACTIONS (page 2, limit 6)"
echo "=========================================="
curl -s "$BASE_URL/transactions/vbank/$BANK_USER_ID/$ACCOUNT_ID?page=2&limit=6" \
curl -s "$BASE_URL/transactions/vbank/$ACCOUNT_ID?page=2&limit=6" \
-H "Authorization: Bearer $TOKEN" | jq .
echo ""
echo "=========================================="
echo "9DELETE CONSENT"
echo "9GET ALL TRANSACTIONS (unified view from all banks)"
echo "=========================================="
curl -s -X DELETE $BASE_URL/consent/vbank/$BANK_USER_ID \
curl -s "$BASE_URL/transactions?page=1&limit=10" \
-H "Authorization: Bearer $TOKEN" | jq .
echo ""
echo "=========================================="
echo "🔟 VERIFY DATABASE CACHE"
echo "🔟 DELETE CONSENT (user from JWT)"
echo "=========================================="
echo ""
echo "Run in another terminal:"
echo "just psql-exec"
echo ""
echo "Then execute these queries:"
echo ""
echo "-- Check users registered:"
echo "SELECT bank_user_id, created_at FROM users ORDER BY created_at DESC LIMIT 5;"
echo ""
echo "-- Check consents granted:"
echo "SELECT user_id, bank_code, consent_id, status, expires_at FROM user_consents;"
echo ""
echo "-- Check accounts cached:"
echo "SELECT account_id, user_id, bank_code, nickname, currency FROM accounts;"
echo ""
echo "-- Check balances cached:"
echo "SELECT account_id, balance_type, amount, currency, date_time FROM balances;"
echo ""
echo "-- Check transactions cached (show count by account):"
echo "SELECT account_id, COUNT(*) as tx_count, MIN(booking_date_time) as oldest, MAX(booking_date_time) as newest FROM transactions GROUP BY account_id;"
echo ""
echo "-- Show recent transactions:"
echo "SELECT transaction_id, account_id, amount, currency, credit_debit_indicator, transaction_information, booking_date_time FROM transactions ORDER BY booking_date_time DESC LIMIT 10;"
curl -s -X DELETE $BASE_URL/consent/vbank \
-H "Authorization: Bearer $TOKEN" | jq .
echo ""
echo "=========================================="
echo "✅ FULL TEST COMPLETE!"
echo "✅ FULL SECURE TEST COMPLETE!"
echo "=========================================="
echo ""
echo "Summary:"
echo "✅ Authentication (register/login/auth middleware)"
echo "✅ Consent Management (request consent)"
echo "✅ Account Aggregation (fetch & cache accounts)"
echo "✅ Balance Retrieval (fetch & cache balances)"
echo "✅ Transaction History (fetch & cache transactions)"
echo "✅ Data Persistence (all cached in PostgreSQL)"
echo "🔒 Security Benefits:"
echo " ✅ User cannot manipulate user_id in URL"
echo " ✅ All user identification comes from JWT"
echo " ✅ Frontend only needs to send token"
echo " ✅ Backend automatically knows WHO is making request"
echo ""
echo "📊 Data Aggregation:"
echo " ✅ Accounts cached from bank"
echo " ✅ Balances cached"
echo " ✅ Transactions cached"
echo " ✅ Multi-bank support ready"
echo ""