tabungin/test-admin-api.sh

#!/bin/bash

# Admin API Test Script
# Usage: ./test-admin-api.sh

BASE_URL="http://localhost:3001/api"
ADMIN_EMAIL="dwindi.ramadhana@gmail.com"
ADMIN_PASSWORD="tabungin2k25!@#"

echo "🔐 Logging in as admin..."
LOGIN_RESPONSE=$(curl -s -X POST $BASE_URL/auth/login \
  -H "Content-Type: application/json" \
  -d "{\"email\": \"$ADMIN_EMAIL\", \"password\": \"$ADMIN_PASSWORD\"}")

TOKEN=$(echo $LOGIN_RESPONSE | grep -o '"token":"[^"]*"' | cut -d'"' -f4)

if [ -z "$TOKEN" ]; then
  echo "❌ Login failed!"
  echo $LOGIN_RESPONSE
  exit 1
fi

echo "✅ Login successful!"
echo "Token: ${TOKEN:0:50}..."
echo ""

# Test GET endpoints
echo "📊 Testing GET Endpoints..."
echo ""

echo "1️⃣ GET /admin/plans"
curl -s -X GET $BASE_URL/admin/plans \
  -H "Authorization: Bearer $TOKEN" | jq -r '.[] | "  - \(.name): \(.price) \(.currency)"'
echo ""

echo "2️⃣ GET /admin/payment-methods"
curl -s -X GET $BASE_URL/admin/payment-methods \
  -H "Authorization: Bearer $TOKEN" | jq -r '.[] | "  - \(.displayName): \(.accountNumber)"'
echo ""

echo "3️⃣ GET /admin/users/stats"
curl -s -X GET $BASE_URL/admin/users/stats \
  -H "Authorization: Bearer $TOKEN" | jq '.'
echo ""

echo "4️⃣ GET /admin/payments/pending/count"
PENDING_COUNT=$(curl -s -X GET $BASE_URL/admin/payments/pending/count \
  -H "Authorization: Bearer $TOKEN")
echo "  Pending payments: $PENDING_COUNT"
echo ""

echo "5️⃣ GET /admin/users (first 3)"
curl -s -X GET $BASE_URL/admin/users \
  -H "Authorization: Bearer $TOKEN" | jq -r '.[0:3][] | "  - \(.email) (\(.role))"'
echo ""

echo "6️⃣ GET /admin/config"
curl -s -X GET $BASE_URL/admin/config \
  -H "Authorization: Bearer $TOKEN" | jq -r '.[] | "  - \(.key): \(.value)"'
echo ""

# Test POST endpoints (create)
echo "📝 Testing POST Endpoints..."
echo ""

echo "7️⃣ POST /admin/plans (create test plan)"
NEW_PLAN=$(curl -s -X POST $BASE_URL/admin/plans \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Test Plan",
    "slug": "test-plan",
    "description": "Test plan for API testing",
    "price": 99000,
    "currency": "IDR",
    "durationType": "monthly",
    "durationDays": 30,
    "trialDays": 0,
    "features": {"test": true},
    "sortOrder": 99,
    "isActive": false,
    "isVisible": false
  }')

PLAN_ID=$(echo $NEW_PLAN | jq -r '.id')
echo "  ✅ Created plan: $PLAN_ID"
echo ""

# Test PUT endpoints (update)
echo "✏️ Testing PUT Endpoints..."
echo ""

echo "8️⃣ PUT /admin/plans/:id (update test plan)"
curl -s -X PUT $BASE_URL/admin/plans/$PLAN_ID \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Test Plan Updated",
    "price": 79000
  }' | jq -r '"  ✅ Updated: \(.name) - \(.price) \(.currency)"'
echo ""

# Test DELETE endpoints
echo "🗑️ Testing DELETE Endpoints..."
echo ""

echo "9️⃣ DELETE /admin/plans/:id (soft delete test plan)"
curl -s -X DELETE $BASE_URL/admin/plans/$PLAN_ID \
  -H "Authorization: Bearer $TOKEN" | jq -r '"  ✅ Deleted (soft): \(.name) - Active: \(.isActive)"'
echo ""

# Test security
echo "🔐 Testing Security..."
echo ""

echo "🔟 Access without token (should fail)"
RESPONSE=$(curl -s -X GET $BASE_URL/admin/plans)
if echo $RESPONSE | grep -q "Unauthorized\|Forbidden"; then
  echo "  ✅ Correctly rejected"
else
  echo "  ❌ Security issue: $RESPONSE"
fi
echo ""

echo "✅ All tests complete!"
echo ""
echo "📋 Summary:"
echo "  - Authentication: ✅"
echo "  - GET endpoints: ✅"
echo "  - POST endpoints: ✅"
echo "  - PUT endpoints: ✅"
echo "  - DELETE endpoints: ✅"
echo "  - Security: ✅"