[Feature]: Add Integration Tests for Authentication Endpoints

[matthewhou19]

Problem

The application currently has only a basic context load test. We need comprehensive integration tests for all authentication endpoints to ensure reliability and prevent regressions.

Proposed solution

1. Registration Tests (/auth/register)

• Valid registration with all required fields
• Duplicate username handling
• Duplicate email handling
• Invalid email format
• Password validation (minimum requirements)
• Missing required fields

2. Login Tests (/auth/login)

• Valid login with email
• Valid login with username
• Invalid credentials
• Non-existent user
• Missing fields

3. Token Refresh Tests (/auth/refresh/{token})

• Valid refresh token
• Expired refresh token
• Invalid/malformed token
• Non-existent token

4. Protected Endpoint Tests (/auth/me, /auth/logout)

• Valid JWT token
• Missing Authorization header
• Invalid JWT token
• Expired JWT token

Acceptance criteria

• All public endpoints have happy path tests
• All public endpoints have error case tests
• All protected endpoints tested with valid JWT
• All protected endpoints tested without JWT

[matthewhou19]

Hey! 👋 I noticed we only have the basic context load test right now, so I put together this test plan covering all the auth endpoints - registration, login, tokens, the works! Would be super helpful for catching bugs early. Let me know what you think, totally open to tweaking this! @DenizAltunkapan

[DenizAltunkapan]

Hey @matthewhou19 ,
Since this is the API Gateway, I’d like to hold off on implementing these endpoints for now. I’m currently rethinking parts of the architecture and responsibility split between the gateway and the downstream services (especially around auth, user data, and email flows). I want to make sure we’re aligned there before any concrete work starts, so we don’t risk doing work that later needs to be redone.

Once the architecture decisions are clearer, I’ll definitely give you a heads-up and we can kick this off properly. Your plan will be very helpful at that point 👍

[matthewhou19]

Hey @DenizAltunkapan — totally makes sense.

I agree with holding off on implementing the endpoints until the gateway vs downstream responsibility split is clearer (especially auth, user data, and email flows). I actually ran into similar questions while thinking about the README and when I was about to raise a few issues — it’s easy to accidentally lock in assumptions too early.

If you end up doing a quick architecture write-up or discussion, I’d love to join or follow along. No pressure at all — I just think seeing your reasoning would help me understand the direction and contribute more effectively when we start building.

Thanks for the heads-up, and ping me whenever you feel the architecture is ready to move forward 👍