#!/bin/bash # Save as test_multiberry_secure.sh # Tests secure API - user_id extracted from JWT token automatically BASE_URL="http://localhost:3000/api" echo "==========================================" echo "1️⃣ REGISTER USER" echo "==========================================" REGISTER=$(curl -s -X POST $BASE_URL/auth/register \ -H 'Content-Type: application/json' \ -d '{"bank_user_number": 2, "password": "testpass123"}') echo "$REGISTER" | jq . TOKEN=$(echo "$REGISTER" | jq -r '.token') BANK_USER_ID=$(echo "$REGISTER" | jq -r '.bank_user_id') echo "✅ Token: ${TOKEN:0:50}..." echo "✅ Bank User ID: $BANK_USER_ID" echo "" echo "==========================================" echo "2️⃣ LOGIN (verify token works)" echo "==========================================" curl -s -X POST $BASE_URL/auth/login \ -H 'Content-Type: application/json' \ -d "{\"bank_user_id\": \"$BANK_USER_ID\", \"password\": \"testpass123\"}" | jq . echo "" echo "==========================================" echo "3️⃣ GET ME (verify auth middleware)" echo "==========================================" curl -s $BASE_URL/auth/me \ -H "Authorization: Bearer $TOKEN" | jq . echo "" echo "==========================================" echo "4️⃣ REQUEST CONSENT from VBank (user from JWT)" echo "==========================================" CONSENT=$(curl -s -X POST $BASE_URL/consent/vbank \ -H "Authorization: Bearer $TOKEN") echo "$CONSENT" | jq . CONSENT_ID=$(echo "$CONSENT" | jq -r '.consent_id') echo "✅ Consent ID: $CONSENT_ID" echo "" echo "==========================================" echo "5️⃣ GET ACCOUNTS (user from JWT, auto-saved to DB)" echo "==========================================" ACCOUNTS=$(curl -s $BASE_URL/accounts/vbank \ -H "Authorization: Bearer $TOKEN") echo "$ACCOUNTS" | jq . ACCOUNT_ID=$(echo "$ACCOUNTS" | jq -r '.data.account[0].accountId') echo "✅ Account ID: $ACCOUNT_ID" echo "" echo "==========================================" echo "6️⃣ GET BALANCES (auto-saved to DB)" echo "==========================================" BALANCES=$(curl -s $BASE_URL/balances/vbank/$ACCOUNT_ID \ -H "Authorization: Bearer $TOKEN") echo "$BALANCES" | jq . BALANCE_AMOUNT=$(echo "$BALANCES" | jq -r '.data.balance[0].amount.amount') echo "✅ Current Balance: $BALANCE_AMOUNT RUB" echo "" echo "==========================================" echo "7️⃣ GET TRANSACTIONS (user from JWT, page 1, limit 6)" echo "==========================================" TRANS_PAGE1=$(curl -s "$BASE_URL/transactions/vbank/$ACCOUNT_ID?page=1&limit=6" \ -H "Authorization: Bearer $TOKEN") echo "$TRANS_PAGE1" | jq . TOTAL_RECORDS=$(echo "$TRANS_PAGE1" | jq -r '.meta.totalRecords') echo "✅ Total Records: $TOTAL_RECORDS" echo "" echo "==========================================" echo "8️⃣ GET TRANSACTIONS (page 2, limit 6)" echo "==========================================" curl -s "$BASE_URL/transactions/vbank/$ACCOUNT_ID?page=2&limit=6" \ -H "Authorization: Bearer $TOKEN" | jq . echo "" echo "==========================================" echo "9️⃣ GET ALL TRANSACTIONS (unified view from all banks)" echo "==========================================" curl -s "$BASE_URL/transactions?page=1&limit=10" \ -H "Authorization: Bearer $TOKEN" | jq . echo "" echo "==========================================" echo "🔟 DELETE CONSENT (user from JWT)" echo "==========================================" curl -s -X DELETE $BASE_URL/consent/vbank \ -H "Authorization: Bearer $TOKEN" | jq . echo "" echo "==========================================" echo "✅ FULL SECURE TEST COMPLETE!" echo "==========================================" echo "" echo "🔒 Security Benefits:" echo " ✅ User cannot manipulate user_id in URL" echo " ✅ All user identification comes from JWT" echo " ✅ Frontend only needs to send token" echo " ✅ Backend automatically knows WHO is making request" echo "" echo "📊 Data Aggregation:" echo " ✅ Accounts cached from bank" echo " ✅ Balances cached" echo " ✅ Transactions cached" echo " ✅ Multi-bank support ready" echo ""