This document describes how to enable test authentication bypass for the dashboard API, allowing automated testing without requiring Discord OAuth.
The dashboard API supports a test authentication bypass that can be enabled via environment variables. When enabled, you can authenticate API requests using a secret key header instead of Discord OAuth tokens.
| Variable | Description | Example |
|---|---|---|
TEST_AUTH_SECRET |
Secret key that enables test auth bypass | my_test_secret_12345 |
TEST_GUILD_ID |
Guild ID the test user has access to | 1234567890123456789 |
- Set the environment variables before starting the API:
export TEST_AUTH_SECRET="your_secret_key_here"
export TEST_GUILD_ID="your_test_guild_id"-
Start the API server as normal.
-
Make requests using the
X-Test-Auth-Keyheader:
curl -H "X-Test-Auth-Key: your_secret_key_here" \
http://localhost:8000/api/guilds/your_test_guild_id/stored-summariescurl -H "X-Test-Auth-Key: $TEST_AUTH_SECRET" \
"http://localhost:8000/api/guilds/$TEST_GUILD_ID/stored-summaries"curl -H "X-Test-Auth-Key: $TEST_AUTH_SECRET" \
"http://localhost:8000/api/guilds/$TEST_GUILD_ID/stored-summaries/SUMMARY_ID"curl -X POST \
-H "X-Test-Auth-Key: $TEST_AUTH_SECRET" \
-H "Content-Type: application/json" \
-d '{"perspective": "developer", "summary_length": "detailed"}' \
"http://localhost:8000/api/guilds/$TEST_GUILD_ID/stored-summaries/SUMMARY_ID/regenerate"The regenerate endpoint accepts an optional JSON body with these fields:
| Field | Values | Description |
|---|---|---|
model |
claude-sonnet-4-20250514, claude-3-5-sonnet-20241022, claude-3-5-haiku-20241022 |
Model to use |
summary_length |
brief, detailed, comprehensive |
Summary length |
perspective |
general, developer, marketing, executive, support |
Summary perspective |
If no options are provided, the original settings are used.
A Python test script is provided at tests/test_regeneration_e2e.py:
# Full test suite
TEST_AUTH_SECRET=your_secret TEST_GUILD_ID=your_guild_id \
python tests/test_regeneration_e2e.py
# Test specific summary
TEST_AUTH_SECRET=your_secret TEST_GUILD_ID=your_guild_id \
python tests/test_regeneration_e2e.py --summary-id YOUR_SUMMARY_ID
# Just health check
TEST_AUTH_SECRET=your_secret TEST_GUILD_ID=your_guild_id \
python tests/test_regeneration_e2e.py --healthFrontend E2E tests are in src/frontend/tests/:
cd src/frontend
# Run unit tests (no server needed)
npx playwright test tests/unit-metadata.spec.ts
# Run full E2E tests (requires dev server)
npm run dev & # Start dev server first
npx playwright test tests/regeneration.spec.tsThe bypass is implemented in src/dashboard/auth.py in the get_current_user() function:
- Checks if
TEST_AUTH_SECRETenvironment variable is set - If set, looks for
X-Test-Auth-Keyheader in the request - If the header value matches
TEST_AUTH_SECRET, returns a mock user object - The mock user has access to the guild specified by
TEST_GUILD_ID
# Mock user returned when bypass is active
{
"sub": "test_user_id",
"username": "test_user",
"avatar": None,
"guilds": [TEST_GUILD_ID],
"iat": <current_time>,
"exp": <current_time + 24h>,
}- Verify
TEST_AUTH_SECRETenvironment variable is set on the server - Verify the
X-Test-Auth-Keyheader value matches exactly - Check that the API server was restarted after setting env vars
- Verify
TEST_GUILD_IDmatches the guild ID in your request URL - The test user only has access to the guild specified by
TEST_GUILD_ID
- Ensure the env var is set before starting the server
- Check server logs for any auth-related errors
- Verify you're hitting the correct API endpoint