11 KiB
11 KiB
UAM-ILS Drone Detection System - Comprehensive Test Suite
This directory contains an extensive test suite for the UAM-ILS (Unmanned Aircraft Management - Intrusion and Location System) drone detection platform. The tests provide comprehensive coverage of all system components including security, performance, integration, and business logic validation.
🎯 Test Coverage Overview
Test Categories
| Category | Coverage | Test Files | Description |
|---|---|---|---|
| Middleware | Authentication, Authorization, Validation | 5 files | JWT auth, RBAC, IP restrictions, multi-tenant isolation |
| Routes | API Endpoints | 3 files | Auth, detectors, detections API endpoints |
| Services | Business Logic | 2 files | Alert processing, drone tracking algorithms |
| Models | Database Operations | 7 files | All database models with validations |
| Utils | Helper Functions | 1 file | Drone type classification and threat assessment |
| Integration | End-to-End Workflows | 1 file | Complete system workflows and tenant isolation |
| Performance | Load Testing | 1 file | High-volume operations and scalability |
| Security | Vulnerability Testing | 1 file | Security controls and attack prevention |
Total Test Count: 200+ Individual Tests
🚀 Quick Start
Prerequisites
cd server/tests
npm install
Run All Tests
npm test
Run Specific Test Categories
# Unit tests only (fast)
npm run test:unit
# Integration tests
npm run test:integration
# Performance tests
npm run test:performance
# Security tests
npm run test:security
# With coverage report
npm run test:coverage
📋 Detailed Test Categories
🔒 Security Tests (tests/security/)
-
Authentication Security
- JWT token manipulation prevention
- Token expiration handling
- Brute force protection
- Cross-tenant token validation
-
Authorization Security
- Privilege escalation prevention
- Role-based access control (RBAC)
- IP address restrictions
- Data modification authorization
-
Input Validation Security
- SQL injection prevention
- XSS attack protection
- Path traversal prevention
- Buffer overflow protection
-
Data Protection Security
- Password hashing validation
- Sensitive data exposure prevention
- Data retention policies
- Export data anonymization
-
API Security
- Rate limiting enforcement
- Request size validation
- CSRF protection
- API abuse prevention
🌐 API Route Tests (tests/routes/)
-
Authentication Routes (
auth.test.js)- User registration with tenant validation
- Login with security controls
- Password reset workflows
- Profile management
- Multi-tenant registration policies
-
Detector Routes (
detectors.test.js)- Detection data submission
- Device approval validation
- Data format validation
- Tenant isolation
- Rate limiting
-
Detection Routes (
detections.test.js)- Detection data retrieval
- Filtering and pagination
- Real-time updates
- Tenant-scoped queries
- Statistics generation
📡 Middleware Tests (tests/middleware/)
-
Authentication Middleware (
auth.test.js)- JWT token validation
- Token extraction from headers
- Invalid token handling
- Missing token responses
-
Multi-Tenant Auth (
multi-tenant-auth.test.js)- Tenant determination from requests
- Subdomain tenant routing
- Tenant context injection
- Cross-tenant access prevention
-
RBAC Middleware (
rbac.test.js)- Role-based permission checking
- Permission matrix validation
- Dynamic permission assignment
- Role hierarchy enforcement
-
IP Restriction (
ip-restriction.test.js)- CIDR range validation
- IP whitelist enforcement
- Geographic restrictions
- VPN detection (if applicable)
-
Validation Middleware (
validation.test.js)- Request payload validation
- Data type checking
- Range validation
- Required field enforcement
⚙️ Service Tests (tests/services/)
-
Alert Service (
alertService.test.js)- Alert rule processing
- Notification triggering
- Escalation workflows
- Silence periods
- Multi-channel alerts (email, SMS, webhooks)
- Alert aggregation and deduplication
-
Drone Tracking Service (
droneTrackingService.test.js)- Real-time tracking algorithms
- Movement pattern analysis
- Threat level calculation
- Historical tracking data
- Prediction algorithms
- Performance optimization
📊 Database Model Tests (tests/models/)
-
User Model (
user.test.js)- User creation and validation
- Password hashing
- Tenant association
- Role management
- Account status handling
-
Tenant Model (
tenant.test.js)- Tenant creation
- Unique slug validation
- Configuration management
- IP restriction settings
- Registration policies
-
Device Model (
device.test.js)- Device registration
- Approval workflows
- Location validation
- Status tracking
- Tenant association
-
Drone Detection Model (
droneDetection.test.js)- Detection data validation
- Coordinate validation
- Signal strength processing
- Threat level assignment
- Temporal data handling
-
Alert Rule/Log Models (
alertRule.test.js,alertLog.test.js)- Rule definition and validation
- Trigger condition evaluation
- Alert logging and history
- Performance optimization
-
Heartbeat Model (
heartbeat.test.js)- Device health monitoring
- Status reporting
- Offline detection
- Performance metrics
🛠️ Utility Tests (tests/utils/)
- Drone Types (
droneTypes.test.js)- 19 different drone type classifications
- Threat level assessment (Critical/High/Medium/Low)
- Category assignment (Military/Commercial/Racing/etc.)
- Edge case handling
- Performance validation
🔄 Integration Tests (tests/integration/)
- Complete Workflows (
workflows.test.js)- End-to-end user registration → device setup → detection processing
- Multi-tenant data isolation validation
- Alert triggering and tracking workflows
- High-frequency detection streams
- Error recovery scenarios
- Concurrent operation handling
🚀 Performance Tests (tests/performance/)
- Load Testing (
load.test.js)- High-volume detection processing (1000+ detections)
- Concurrent user operations
- Database query optimization
- Memory usage efficiency
- API response time validation
- Multi-tenant scalability
- Bulk data operations
🎯 Test Execution Commands
By Category
# Authentication & Security
npm run test:auth
npm run test:security-full
# Multi-tenancy
npm run test:tenant
# Detection & Tracking
npm run test:detection
npm run test:tracking
# Alerts & Notifications
npm run test:alerts
# Device Management
npm run test:devices
# Access Control
npm run test:rbac
npm run test:validation
# Database Operations
npm run test:db
# API Endpoints
npm run test:api
# Business Logic
npm run test:business-logic
By Component
# Individual components
npm run test:middleware
npm run test:routes
npm run test:services
npm run test:models
npm run test:utils
# Specific test files
npm run test:workflows
npm run test:load
npm run test:vulnerabilities
Special Test Modes
# Quick tests (models + utils only)
npm run test:quick
# Critical path tests only
npm run test:critical
# Watch mode (re-run on file changes)
npm run test:watch
# Test summary and validation
npm run test:summary
📊 Coverage Reports
Generate detailed code coverage reports:
npm run test:coverage
Coverage reports include:
- Line Coverage: 80%+ target
- Function Coverage: 80%+ target
- Branch Coverage: 70%+ target
- Statement Coverage: 80%+ target
Reports are generated in:
coverage/lcov-report/index.html- HTML reportcoverage/coverage.json- JSON format- Console output - Summary view
🔍 Test Environment Setup
Database Configuration
- Uses SQLite in-memory database for fast, isolated tests
- Automatic setup and teardown for each test
- Transaction rollback for data isolation
- Mock data factories for consistent test data
Environment Variables
NODE_ENV=test
JWT_SECRET=test-secret-key
DATABASE_URL=sqlite::memory:
Dependencies
{
"mocha": "Test framework",
"chai": "Assertion library",
"sinon": "Mocking and stubbing",
"supertest": "HTTP testing",
"nyc": "Code coverage"
}
🎯 Critical Features Tested
✅ Security & Authentication
- Multi-tenant data isolation
- JWT token security
- Role-based access control
- Input validation & sanitization
- SQL injection prevention
- XSS protection
- CSRF protection
- Rate limiting
- IP restrictions
- Brute force protection
✅ Core Functionality
- Drone detection processing
- Real-time alert system
- Threat level assessment
- Device management
- User management
- Multi-tenant architecture
- API security
- Data validation
✅ Performance & Scalability
- High-volume detection processing
- Concurrent user operations
- Database optimization
- Memory efficiency
- API response times
- Multi-tenant scalability
✅ Integration & Workflows
- End-to-end user workflows
- Device lifecycle management
- Detection → Alert → Tracking workflows
- Error handling & recovery
- Cross-tenant isolation validation
🚀 Production Readiness
This comprehensive test suite validates that the UAM-ILS drone detection system is ready for production deployment with:
- 200+ individual tests covering all system components
- Security testing against common vulnerabilities
- Performance validation under load conditions
- Integration testing of complete workflows
- Multi-tenant isolation verification
- Error handling and recovery validation
- API security and rate limiting
- Data integrity and consistency checks
The system has been thoroughly tested and validated across all critical areas including security, performance, functionality, and reliability.
📞 Test Maintenance
Adding New Tests
- Place tests in appropriate category directory
- Follow existing naming patterns (
*.test.js) - Include setup/teardown in test files
- Add test command to
package.jsonif needed
Test Data Management
- Use
createTestUser(),createTestTenant(),createTestDevice()helpers - Clean database between tests with
cleanDatabase() - Generate consistent test tokens with
generateTestToken()
Performance Monitoring
- Tests include performance assertions
- Monitor test execution times
- Update timeout values as needed
- Profile slow tests and optimize
🎉 The UAM-ILS drone detection system is comprehensively tested and production-ready!