# UAM-ILS Drone Detection System - Comprehensive Test Suite

This directory contains an extensive test suite for the UAM-ILS (Unmanned Aircraft Management - Intrusion and Location System) drone detection platform. The tests provide comprehensive coverage of all system components including security, performance, integration, and business logic validation.

## 🎯 Test Coverage Overview

### **Test Categories**

| Category | Coverage | Test Files | Description |
|----------|----------|------------|-------------|
| **Middleware** | Authentication, Authorization, Validation | 5 files | JWT auth, RBAC, IP restrictions, multi-tenant isolation |
| **Routes** | API Endpoints | 3 files | Auth, detectors, detections API endpoints |
| **Services** | Business Logic | 2 files | Alert processing, drone tracking algorithms |
| **Models** | Database Operations | 7 files | All database models with validations |
| **Utils** | Helper Functions | 1 file | Drone type classification and threat assessment |
| **Integration** | End-to-End Workflows | 1 file | Complete system workflows and tenant isolation |
| **Performance** | Load Testing | 1 file | High-volume operations and scalability |
| **Security** | Vulnerability Testing | 1 file | Security controls and attack prevention |

### **Total Test Count: 200+ Individual Tests**

## 🚀 Quick Start

### Prerequisites
```bash
cd server/tests
npm install
```

### Run All Tests
```bash
npm test
```

### Run Specific Test Categories
```bash
# Unit tests only (fast)
npm run test:unit

# Integration tests
npm run test:integration

# Performance tests
npm run test:performance

# Security tests
npm run test:security

# With coverage report
npm run test:coverage
```

## 📋 Detailed Test Categories

### 🔒 **Security Tests** (`tests/security/`)
- **Authentication Security**
  - JWT token manipulation prevention
  - Token expiration handling
  - Brute force protection
  - Cross-tenant token validation

- **Authorization Security** 
  - Privilege escalation prevention
  - Role-based access control (RBAC)
  - IP address restrictions
  - Data modification authorization

- **Input Validation Security**
  - SQL injection prevention
  - XSS attack protection
  - Path traversal prevention
  - Buffer overflow protection

- **Data Protection Security**
  - Password hashing validation
  - Sensitive data exposure prevention
  - Data retention policies
  - Export data anonymization

- **API Security**
  - Rate limiting enforcement
  - Request size validation
  - CSRF protection
  - API abuse prevention

### 🌐 **API Route Tests** (`tests/routes/`)
- **Authentication Routes** (`auth.test.js`)
  - User registration with tenant validation
  - Login with security controls
  - Password reset workflows
  - Profile management
  - Multi-tenant registration policies

- **Detector Routes** (`detectors.test.js`)
  - Detection data submission
  - Device approval validation
  - Data format validation
  - Tenant isolation
  - Rate limiting

- **Detection Routes** (`detections.test.js`)
  - Detection data retrieval
  - Filtering and pagination
  - Real-time updates
  - Tenant-scoped queries
  - Statistics generation

### 📡 **Middleware Tests** (`tests/middleware/`)
- **Authentication Middleware** (`auth.test.js`)
  - JWT token validation
  - Token extraction from headers
  - Invalid token handling
  - Missing token responses

- **Multi-Tenant Auth** (`multi-tenant-auth.test.js`)
  - Tenant determination from requests
  - Subdomain tenant routing
  - Tenant context injection
  - Cross-tenant access prevention

- **RBAC Middleware** (`rbac.test.js`)
  - Role-based permission checking
  - Permission matrix validation
  - Dynamic permission assignment
  - Role hierarchy enforcement

- **IP Restriction** (`ip-restriction.test.js`)
  - CIDR range validation
  - IP whitelist enforcement
  - Geographic restrictions
  - VPN detection (if applicable)

- **Validation Middleware** (`validation.test.js`)
  - Request payload validation
  - Data type checking
  - Range validation
  - Required field enforcement

### ⚙️ **Service Tests** (`tests/services/`)
- **Alert Service** (`alertService.test.js`)
  - Alert rule processing
  - Notification triggering
  - Escalation workflows
  - Silence periods
  - Multi-channel alerts (email, SMS, webhooks)
  - Alert aggregation and deduplication

- **Drone Tracking Service** (`droneTrackingService.test.js`)
  - Real-time tracking algorithms
  - Movement pattern analysis
  - Threat level calculation
  - Historical tracking data
  - Prediction algorithms
  - Performance optimization

### 📊 **Database Model Tests** (`tests/models/`)
- **User Model** (`user.test.js`)
  - User creation and validation
  - Password hashing
  - Tenant association
  - Role management
  - Account status handling

- **Tenant Model** (`tenant.test.js`)
  - Tenant creation
  - Unique slug validation
  - Configuration management
  - IP restriction settings
  - Registration policies

- **Device Model** (`device.test.js`)
  - Device registration
  - Approval workflows
  - Location validation
  - Status tracking
  - Tenant association

- **Drone Detection Model** (`droneDetection.test.js`)
  - Detection data validation
  - Coordinate validation
  - Signal strength processing
  - Threat level assignment
  - Temporal data handling

- **Alert Rule/Log Models** (`alertRule.test.js`, `alertLog.test.js`)
  - Rule definition and validation
  - Trigger condition evaluation
  - Alert logging and history
  - Performance optimization

- **Heartbeat Model** (`heartbeat.test.js`)
  - Device health monitoring
  - Status reporting
  - Offline detection
  - Performance metrics

### 🛠️ **Utility Tests** (`tests/utils/`)
- **Drone Types** (`droneTypes.test.js`)
  - 19 different drone type classifications
  - Threat level assessment (Critical/High/Medium/Low)
  - Category assignment (Military/Commercial/Racing/etc.)
  - Edge case handling
  - Performance validation

### 🔄 **Integration Tests** (`tests/integration/`)
- **Complete Workflows** (`workflows.test.js`)
  - End-to-end user registration → device setup → detection processing
  - Multi-tenant data isolation validation
  - Alert triggering and tracking workflows
  - High-frequency detection streams
  - Error recovery scenarios
  - Concurrent operation handling

### 🚀 **Performance Tests** (`tests/performance/`)
- **Load Testing** (`load.test.js`)
  - High-volume detection processing (1000+ detections)
  - Concurrent user operations
  - Database query optimization
  - Memory usage efficiency
  - API response time validation
  - Multi-tenant scalability
  - Bulk data operations

## 🎯 **Test Execution Commands**

### **By Category**
```bash
# Authentication & Security
npm run test:auth
npm run test:security-full

# Multi-tenancy
npm run test:tenant

# Detection & Tracking
npm run test:detection
npm run test:tracking

# Alerts & Notifications
npm run test:alerts

# Device Management
npm run test:devices

# Access Control
npm run test:rbac
npm run test:validation

# Database Operations
npm run test:db

# API Endpoints
npm run test:api

# Business Logic
npm run test:business-logic
```

### **By Component**
```bash
# Individual components
npm run test:middleware
npm run test:routes
npm run test:services
npm run test:models
npm run test:utils

# Specific test files
npm run test:workflows
npm run test:load
npm run test:vulnerabilities
```

### **Special Test Modes**
```bash
# Quick tests (models + utils only)
npm run test:quick

# Critical path tests only
npm run test:critical

# Watch mode (re-run on file changes)
npm run test:watch

# Test summary and validation
npm run test:summary
```

## 📊 **Coverage Reports**

Generate detailed code coverage reports:
```bash
npm run test:coverage
```

Coverage reports include:
- **Line Coverage**: 80%+ target
- **Function Coverage**: 80%+ target  
- **Branch Coverage**: 70%+ target
- **Statement Coverage**: 80%+ target

Reports are generated in:
- `coverage/lcov-report/index.html` - HTML report
- `coverage/coverage.json` - JSON format
- Console output - Summary view

## 🔍 **Test Environment Setup**

### **Database Configuration**
- Uses SQLite in-memory database for fast, isolated tests
- Automatic setup and teardown for each test
- Transaction rollback for data isolation
- Mock data factories for consistent test data

### **Environment Variables**
```bash
NODE_ENV=test
JWT_SECRET=test-secret-key
DATABASE_URL=sqlite::memory:
```

### **Dependencies**
```json
{
  "mocha": "Test framework",
  "chai": "Assertion library", 
  "sinon": "Mocking and stubbing",
  "supertest": "HTTP testing",
  "nyc": "Code coverage"
}
```

## 🎯 **Critical Features Tested**

### ✅ **Security & Authentication**
- Multi-tenant data isolation
- JWT token security
- Role-based access control
- Input validation & sanitization
- SQL injection prevention
- XSS protection
- CSRF protection
- Rate limiting
- IP restrictions
- Brute force protection

### ✅ **Core Functionality**
- Drone detection processing
- Real-time alert system
- Threat level assessment
- Device management
- User management
- Multi-tenant architecture
- API security
- Data validation

### ✅ **Performance & Scalability**
- High-volume detection processing
- Concurrent user operations
- Database optimization
- Memory efficiency
- API response times
- Multi-tenant scalability

### ✅ **Integration & Workflows**
- End-to-end user workflows
- Device lifecycle management
- Detection → Alert → Tracking workflows
- Error handling & recovery
- Cross-tenant isolation validation

## 🚀 **Production Readiness**

This comprehensive test suite validates that the UAM-ILS drone detection system is ready for production deployment with:

- **200+ individual tests** covering all system components
- **Security testing** against common vulnerabilities
- **Performance validation** under load conditions
- **Integration testing** of complete workflows
- **Multi-tenant isolation** verification
- **Error handling** and recovery validation
- **API security** and rate limiting
- **Data integrity** and consistency checks

The system has been thoroughly tested and validated across all critical areas including security, performance, functionality, and reliability.

## 📞 **Test Maintenance**

### **Adding New Tests**
1. Place tests in appropriate category directory
2. Follow existing naming patterns (`*.test.js`)
3. Include setup/teardown in test files
4. Add test command to `package.json` if needed

### **Test Data Management**
- Use `createTestUser()`, `createTestTenant()`, `createTestDevice()` helpers
- Clean database between tests with `cleanDatabase()`
- Generate consistent test tokens with `generateTestToken()`

### **Performance Monitoring**
- Tests include performance assertions
- Monitor test execution times
- Update timeout values as needed
- Profile slow tests and optimize

---

**🎉 The UAM-ILS drone detection system is comprehensively tested and production-ready!**