Fix auth hook so it returns forbidden if the user is authenticated but not allowed to hit an endpoint.

2025-01-29 14:49:53 -08:00
parent 5487a23c86
commit 53214644b4
23 changed files with 835 additions and 187 deletions
--- a/src/tests/requests.http
+++ b/src/tests/requests.http
@ -0,0 +1,65 @@
+@token=token
+
+GET https://localhost:5173/api
+Accept: application/json
+
+###
+
+GET https://localhost:5173/api/games
+Accept: application/json
+Authorization: Bearer {{token}}
+
+###
+
+POST https://localhost:5173/api/games
+Accept: application/json
+Authorization: Bearer {{token}}
+
+###
+
+GET https://localhost:5173/api/games/de4cdb8c-0346-4ac6-a7a8-b4135b2d79e3
+Accept: application/json
+
+###
+
+PUT https://localhost:5173/api/games/de4cdb8c-0346-4ac6-a7a8-b4135b2d79e3
+Accept: application/json
+Content-Type: application/json
+
+{
+    "state": {},
+    "isStarted": true,
+    "players": ["2", "45", "10"]
+}
+
+###
+    
+POST https://localhost:5173/api/games/de4cdb8c-0346-4ac6-a7a8-b4135b2d79e3/turns
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer {{token}}
+
+{
+    "kind": "Roll",
+    "player": 2,
+    "value": 4
+}
+
+###
+
+POST https://localhost:5173/api/users
+Accept: application/json
+Content-Type: application/json
+
+{
+    "username": "worf",
+    "password": "klingon",
+    "role": "player"
+}
+
+###
+
+POST https://localhost:5173/api/token
+Accept: application/json
+Content-Type: application/json
+Authorization: Basic worf:klingon