route-tester
your project Route Tester Skill
Purpose
This skill provides patterns for testing authenticated routes in the your project using cookie-based JWT authentication.
When to Use This Skill
- Testing new API endpoints
- Validating route functionality after changes
- Debugging authentication issues
- Testing POST/PUT/DELETE operations
- Verifying request/response data
your project Authentication Overview
The your project uses:
- Keycloak for SSO (realm: yourRealm)
- Cookie-based JWT tokens (not Bearer headers)
- Cookie name:
refresh_token - JWT signing: Using secret from
config.ini
Testing Methods
Method 1: test-auth-route.js (RECOMMENDED)
The test-auth-route.js script handles all authentication complexity automatically.
Location: /root/git/your project_pre/scripts/test-auth-route.js
Basic GET Request
node scripts/test-auth-route.js http://localhost:3000/blog-api/api/endpoint
POST Request with JSON Data
node scripts/test-auth-route.js \
http://localhost:3000/blog-api/777/submit \
POST \
'{"responses":{"4577":"13295"},"submissionID":5,"stepInstanceId":"11"}'
What the Script Does
- Gets a refresh token from Keycloak
- Username:
testuser - Password:
testpassword
- Username:
- Signs the token with JWT secret from
config.ini - Creates cookie header:
refresh_token=<signed-token> - Makes the authenticated request
- Shows the exact curl command to reproduce manually
Script Output
The script outputs:
- The request details
- The response status and body
- A curl command for manual reproduction
Note: The script is verbose - look for the actual response in the output.
Method 2: Manual curl with Token
Use the curl command from the test-auth-route.js output:
# The script outputs something like:
# 💡 To test manually with curl:
# curl -b "refresh_token=eyJhbGci..." http://localhost:3000/blog-api/api/endpoint
# Copy and modify that curl command:
curl -X POST http://localhost:3000/blog-api/777/submit \
-H "Content-Type: application/json" \
-b "refresh_token=<COPY_TOKEN_FROM_SCRIPT_OUTPUT>" \
-d '{"your": "data"}'
Method 3: Mock Authentication (Development Only - EASIEST)
For development, bypass Keycloak entirely using mock auth.
Setup
# Add to service .env file (e.g., blog-api/.env)
MOCK_AUTH=true
MOCK_USER_ID=test-user
MOCK_USER_ROLES=admin,operations
Usage
curl -H "X-Mock-Auth: true" \
-H "X-Mock-User: test-user" \
-H "X-Mock-Roles: admin,operations" \
http://localhost:3002/api/protected
Mock Auth Requirements
Mock auth ONLY works when:
NODE_ENVisdevelopmentortest- The
mockAuthmiddleware is added to the route - Will NEVER work in production (security feature)
Common Testing Patterns
Test Form Submission
node scripts/test-auth-route.js \
http://localhost:3000/blog-api/777/submit \
POST \
'{"responses":{"4577":"13295"},"submissionID":5,"stepInstanceId":"11"}'
Test Workflow Start
node scripts/test-auth-route.js \
http://localhost:3002/api/workflow/start \
POST \
'{"workflowCode":"DHS_CLOSEOUT","entityType":"Submission","entityID":123}'
Test Workflow Step Completion
node scripts/test-auth-route.js \
http://localhost:3002/api/workflow/step/complete \
POST \
'{"stepInstanceID":789,"answers":{"decision":"approved","comments":"Looks good"}}'
Test GET with Query Parameters
node scripts/test-auth-route.js \
"http://localhost:3002/api/workflows?status=active&limit=10"
Test File Upload
# Get token from test-auth-route.js first, then:
curl -X POST http://localhost:5000/upload \
-H "Content-Type: multipart/form-data" \
-b "refresh_token=<TOKEN>" \
-F "file=@/path/to/file.pdf" \
-F "metadata={\"description\":\"Test file\"}"
Hardcoded Test Credentials
The test-auth-route.js script uses these credentials:
- Username:
testuser - Password:
testpassword - Keycloak URL: From
config.ini(usuallyhttp://localhost:8081) - Realm:
yourRealm - Client ID: From
config.ini
Service Ports
| Service | Port | Base URL |
|---|---|---|
| Users | 3000 | http://localhost:3000 |
| Projects | 3001 | http://localhost:3001 |
| Form | 3002 | http://localhost:3002 |
| 3003 | http://localhost:3003 | |
| Uploads | 5000 | http://localhost:5000 |
Route Prefixes
Check /src/app.ts in each service for route prefixes:
// Example from blog-api/src/app.ts
app.use('/blog-api/api', formRoutes); // Prefix: /blog-api/api
app.use('/api/workflow', workflowRoutes); // Prefix: /api/workflow
Full Route = Base URL + Prefix + Route Path
Example:
- Base:
http://localhost:3002 - Prefix:
/form - Route:
/777/submit - Full URL:
http://localhost:3000/blog-api/777/submit
Testing Checklist
Before testing a route:
- Identify the service (form, email, users, etc.)
- Find the correct port
- Check route prefixes in
app.ts - Construct the full URL
- Prepare request body (if POST/PUT)
- Determine authentication method
- Run the test
- Verify response status and data
- Check database changes if applicable
Verifying Database Changes
After testing routes that modify data:
# Connect to MySQL
docker exec -i local-mysql mysql -u root -ppassword1 blog_dev
# Check specific table
mysql> SELECT * FROM WorkflowInstance WHERE id = 123;
mysql> SELECT * FROM WorkflowStepInstance WHERE instanceId = 123;
mysql> SELECT * FROM WorkflowNotification WHERE recipientUserId = 'user-123';
Debugging Failed Tests
401 Unauthorized
Possible causes:
- Token expired (regenerate with test-auth-route.js)
- Incorrect cookie format
- JWT secret mismatch
- Keycloak not running
Solutions:
# Check Keycloak is running
docker ps | grep keycloak
# Regenerate token
node scripts/test-auth-route.js http://localhost:3002/api/health
# Verify config.ini has correct jwtSecret
403 Forbidden
Possible causes:
- User lacks required role
- Resource permissions incorrect
- Route requires specific permissions
Solutions:
# Use mock auth with admin role
curl -H "X-Mock-Auth: true" \
-H "X-Mock-User: test-admin" \
-H "X-Mock-Roles: admin" \
http://localhost:3002/api/protected
404 Not Found
Possible causes:
- Incorrect URL
- Missing route prefix
- Route not registered
Solutions:
- Check
app.tsfor route prefixes - Verify route registration
- Check service is running (
pm2 list)
500 Internal Server Error
Possible causes:
- Database connection issue
- Missing required fields
- Validation error
- Application error
Solutions:
- Check service logs (
pm2 logs <service>) - Check Sentry for error details
- Verify request body matches expected schema
- Check database connectivity
Using auth-route-tester Agent
For comprehensive route testing after making changes:
- Identify affected routes
- Gather route information:
- Full route path (with prefix)
- Expected POST data
- Tables to verify
- Invoke auth-route-tester agent
The agent will:
- Test the route with proper authentication
- Verify database changes
- Check response format
- Report any issues
Example Test Scenarios
After Creating a New Route
# 1. Test with valid data
node scripts/test-auth-route.js \
http://localhost:3002/api/my-new-route \
POST \
'{"field1":"value1","field2":"value2"}'
# 2. Verify database
docker exec -i local-mysql mysql -u root -ppassword1 blog_dev \
-e "SELECT * FROM MyTable ORDER BY createdAt DESC LIMIT 1;"
# 3. Test with invalid data
node scripts/test-auth-route.js \
http://localhost:3002/api/my-new-route \
POST \
'{"field1":"invalid"}'
# 4. Test without authentication
curl http://localhost:3002/api/my-new-route
# Should return 401
After Modifying a Route
# 1. Test existing functionality still works
node scripts/test-auth-route.js \
http://localhost:3002/api/existing-route \
POST \
'{"existing":"data"}'
# 2. Test new functionality
node scripts/test-auth-route.js \
http://localhost:3002/api/existing-route \
POST \
'{"new":"field","existing":"data"}'
# 3. Verify backward compatibility
# Test with old request format (if applicable)
Configuration Files
config.ini (each service)
[keycloak]
url = http://localhost:8081
realm = yourRealm
clientId = app-client
[jwt]
jwtSecret = your-jwt-secret-here
.env (each service)
NODE_ENV=development
MOCK_AUTH=true # Optional: Enable mock auth
MOCK_USER_ID=test-user # Optional: Default mock user
MOCK_USER_ROLES=admin # Optional: Default mock roles
Key Files
/root/git/your project_pre/scripts/test-auth-route.js- Main testing script/blog-api/src/app.ts- Form service routes/notifications/src/app.ts- Email service routes/auth/src/app.ts- Users service routes/config.ini- Service configuration/.env- Environment variables
Related Skills
- Use database-verification to verify database changes
- Use error-tracking to check for captured errors
- Use workflow-builder for workflow route testing
- Use notification-sender to verify notifications sent
More from mamba-mental/agent-skill-manager
serena-mcp-agent
Expert integration for the Serena MCP Server - a powerful coding agent toolkit providing IDE-like semantic code understanding to LLMs. This skill should be used when working with codebases through Serena tools, setting up Serena projects, performing semantic code navigation and editing, managing project memories, debugging complex automation workflows, or integrating Serena with Claude Desktop, Claude Code, Codex, ChatGPT, or custom agents. Triggers on Serena tool usage, project activation/onboarding, symbolic code operations (find_symbol, replace_symbol_body, etc.), memory management (write_memory, read_memory), and MCP server configuration. Use for large/complex codebases requiring structural understanding, refactoring tasks, and token-efficient code operations.
41personal-assistant
This skill should be used whenever users request personal assistance tasks such as schedule management, task tracking, reminder setting, habit monitoring, productivity advice, time management, or any query requiring personalized responses based on user preferences and context. On first use, collects comprehensive user information including schedule, working habits, preferences, goals, and routines. Maintains an intelligent database that automatically organizes and prioritizes information, keeping relevant data and discarding outdated context.
22finance-manager
Comprehensive personal finance management system for analyzing transaction data, generating insights, creating visualizations, and providing actionable financial recommendations. Use when users need to analyze spending patterns, track budgets, visualize financial data, extract transactions from PDFs, calculate savings rates, identify spending trends, generate financial reports, or receive personalized budget recommendations. Triggers include requests like "analyze my finances", "track my spending", "create a financial report", "extract transactions from PDF", "visualize my budget", "where is my money going", "financial insights", "spending breakdown", or any finance-related analysis tasks.
14research-paper-writer
Creates formal academic research papers following IEEE/ACM formatting standards with proper structure, citations, and scholarly writing style. Use when the user asks to write a research paper, academic paper, or conference paper on any topic.
13business-analytics-reporter
This skill should be used when analyzing business sales and revenue data from CSV files to identify weak areas, generate statistical insights, and provide strategic improvement recommendations. Use when the user requests a business performance report, asks to analyze sales data, wants to identify areas of weakness, or needs recommendations on business improvement strategies.
11social-media-generator
This skill should be used when the user requests social media content creation for Twitter, Instagram, LinkedIn, or Facebook. It generates platform-optimized posts and saves them in an organized folder structure with meaningful filenames based on event details.
9