cannaiq/backend/scripts/test-treez-capture-auth.ts

import puppeteer from 'puppeteer';

async function sleep(ms: number): Promise<void> {
  return new Promise(resolve => setTimeout(resolve, ms));
}

async function main() {
  const browser = await puppeteer.launch({
    headless: true,
    args: ['--no-sandbox', '--disable-setuid-sandbox'],
  });

  const page = await browser.newPage();
  await page.setViewport({ width: 1920, height: 1080 });

  // Capture request headers for API calls
  const apiRequests: any[] = [];

  page.on('request', (req) => {
    const url = req.url();
    if (url.includes('treez.io') || url.includes('gapcommerce')) {
      apiRequests.push({
        url: url,
        method: req.method(),
        headers: req.headers(),
        postData: req.postData(),
      });
    }
  });

  console.log('Loading page to capture API auth headers...\n');

  await page.goto('https://shop.bestdispensary.com/shop', {
    waitUntil: 'networkidle2',
    timeout: 60000
  });
  await sleep(3000);

  // Bypass age gate
  const ageGate = await page.$('[data-testid="age-gate-modal"]');
  if (ageGate) {
    const btn = await page.$('[data-testid="age-gate-submit-button"]');
    if (btn) await btn.click();
    await sleep(2000);
  }

  console.log('=== API REQUESTS WITH HEADERS ===\n');

  apiRequests.forEach((req, i) => {
    console.log((i+1) + '. ' + req.method + ' ' + req.url.slice(0, 100));
    console.log('   Headers:');
    Object.entries(req.headers).forEach(([k, v]) => {
      if (k.toLowerCase().includes('auth') || 
          k.toLowerCase().includes('token') ||
          k.toLowerCase().includes('key') ||
          k.toLowerCase().includes('api') ||
          k.toLowerCase() === 'authorization' ||
          k.toLowerCase() === 'x-api-key') {
        console.log('   >>> ' + k + ': ' + v);
      }
    });
    // Show all headers for treez.io requests
    if (req.url.includes('headless.treez.io')) {
      console.log('   ALL HEADERS:');
      Object.entries(req.headers).forEach(([k, v]) => {
        console.log('     ' + k + ': ' + String(v).slice(0, 80));
      });
    }
    console.log('');
  });

  // Also check for API keys in page scripts
  console.log('=== CHECKING FOR API KEYS IN PAGE ===\n');

  const pageData = await page.evaluate(() => {
    const data: any = {};
    
    // Check window object for API keys
    const win = window as any;
    if (win.__NEXT_DATA__) {
      data.nextData = win.__NEXT_DATA__;
    }
    
    // Check for any global config
    if (win.config || win.CONFIG) {
      data.config = win.config || win.CONFIG;
    }
    
    // Look for treez-related globals
    Object.keys(win).forEach(key => {
      if (key.toLowerCase().includes('treez') || 
          key.toLowerCase().includes('api') ||
          key.toLowerCase().includes('config')) {
        try {
          data[key] = JSON.stringify(win[key]).slice(0, 500);
        } catch {}
      }
    });

    return data;
  });

  if (pageData.nextData?.props?.pageProps) {
    console.log('Next.js pageProps keys: ' + Object.keys(pageData.nextData.props.pageProps).join(', '));
  }
  if (pageData.nextData?.runtimeConfig) {
    console.log('Runtime config: ' + JSON.stringify(pageData.nextData.runtimeConfig).slice(0, 500));
  }

  await browser.close();
}

main();