multiberry-backend/test_multiberry.sh

#!/bin/bash
# Save as test_multiberry_secure.sh
# Tests secure API - user_id extracted from JWT token automatically

BASE_URL="http://localhost:3000/api"

echo "=========================================="
echo "1️⃣  REGISTER USER"
echo "=========================================="
REGISTER=$(curl -s -X POST $BASE_URL/auth/register \
  -H 'Content-Type: application/json' \
  -d '{"bank_user_number": 2, "password": "testpass123"}')

echo "$REGISTER" | jq .
TOKEN=$(echo "$REGISTER" | jq -r '.token')
BANK_USER_ID=$(echo "$REGISTER" | jq -r '.bank_user_id')

echo "✅ Token: ${TOKEN:0:50}..."
echo "✅ Bank User ID: $BANK_USER_ID"
echo ""

echo "=========================================="
echo "2️⃣  LOGIN (verify token works)"
echo "=========================================="
curl -s -X POST $BASE_URL/auth/login \
  -H 'Content-Type: application/json' \
  -d "{\"bank_user_id\": \"$BANK_USER_ID\", \"password\": \"testpass123\"}" | jq .
echo ""

echo "=========================================="
echo "3️⃣  GET ME (verify auth middleware)"
echo "=========================================="
curl -s $BASE_URL/auth/me \
  -H "Authorization: Bearer $TOKEN" | jq .
echo ""

echo "=========================================="
echo "4️⃣  REQUEST CONSENT from VBank (user from JWT)"
echo "=========================================="
CONSENT=$(curl -s -X POST $BASE_URL/consent/vbank \
  -H "Authorization: Bearer $TOKEN")

echo "$CONSENT" | jq .
CONSENT_ID=$(echo "$CONSENT" | jq -r '.consent_id')
echo "✅ Consent ID: $CONSENT_ID"
echo ""

echo "=========================================="
echo "5️⃣  GET ACCOUNTS (user from JWT, auto-saved to DB)"
echo "=========================================="
ACCOUNTS=$(curl -s $BASE_URL/accounts/vbank \
  -H "Authorization: Bearer $TOKEN")

echo "$ACCOUNTS" | jq .
ACCOUNT_ID=$(echo "$ACCOUNTS" | jq -r '.data.account[0].accountId')
echo "✅ Account ID: $ACCOUNT_ID"
echo ""

echo "=========================================="
echo "6️⃣  GET BALANCES (auto-saved to DB)"
echo "=========================================="
BALANCES=$(curl -s $BASE_URL/balances/vbank/$ACCOUNT_ID \
  -H "Authorization: Bearer $TOKEN")

echo "$BALANCES" | jq .
BALANCE_AMOUNT=$(echo "$BALANCES" | jq -r '.data.balance[0].amount.amount')
echo "✅ Current Balance: $BALANCE_AMOUNT RUB"
echo ""

echo "=========================================="
echo "7️⃣  GET TRANSACTIONS (user from JWT, page 1, limit 6)"
echo "=========================================="
TRANS_PAGE1=$(curl -s "$BASE_URL/transactions/vbank/$ACCOUNT_ID?page=1&limit=6" \
  -H "Authorization: Bearer $TOKEN")

echo "$TRANS_PAGE1" | jq .
TOTAL_RECORDS=$(echo "$TRANS_PAGE1" | jq -r '.meta.totalRecords')
echo "✅ Total Records: $TOTAL_RECORDS"
echo ""

echo "=========================================="
echo "8️⃣  GET TRANSACTIONS (page 2, limit 6)"
echo "=========================================="
curl -s "$BASE_URL/transactions/vbank/$ACCOUNT_ID?page=2&limit=6" \
  -H "Authorization: Bearer $TOKEN" | jq .
echo ""

echo "=========================================="
echo "9️⃣  GET ALL TRANSACTIONS (unified view from all banks)"
echo "=========================================="
curl -s "$BASE_URL/transactions?page=1&limit=10" \
  -H "Authorization: Bearer $TOKEN" | jq .
echo ""

echo "=========================================="
echo "🔟  DELETE CONSENT (user from JWT)"
echo "=========================================="
curl -s -X DELETE $BASE_URL/consent/vbank \
  -H "Authorization: Bearer $TOKEN" | jq .
echo ""

echo "=========================================="
echo "✅ FULL SECURE TEST COMPLETE!"
echo "=========================================="
echo ""
echo "🔒 Security Benefits:"
echo "  ✅ User cannot manipulate user_id in URL"
echo "  ✅ All user identification comes from JWT"
echo "  ✅ Frontend only needs to send token"
echo "  ✅ Backend automatically knows WHO is making request"
echo ""
echo "📊 Data Aggregation:"
echo "  ✅ Accounts cached from bank"
echo "  ✅ Balances cached"
echo "  ✅ Transactions cached"
echo "  ✅ Multi-bank support ready"
echo ""