#!/bin/bash

# Test script for rate limiting
# Tests authentication endpoint rate limit (5 requests per 15 minutes)

echo "Testing authentication rate limiting..."
echo "Endpoint: POST /api/auth/login"
echo "Limit: 5 requests per 15 minutes"
echo ""

BASE_URL="http://localhost:3030"

# Make 7 requests to trigger rate limit
for i in {1..7}; do
  echo "Request #$i:"
  RESPONSE=$(curl -s -w "\nHTTP Status: %{http_code}\n" \
    -X POST "$BASE_URL/api/auth/login" \
    -H "Content-Type: application/json" \
    -d '{"email":"test@example.com","password":"test123"}')

  echo "$RESPONSE"
  echo "---"

  # Small delay between requests
  sleep 0.5
done

echo ""
echo "Expected: First 5 requests should go through (may fail on backend)"
echo "Expected: Requests 6-7 should return 429 Too Many Requests"