borg/drone-detector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2851a2e9c83f681c626a3fb83263d2153b8de6b5
drone-detector/server/tests/README.md
Alexander Borg 019eb8c2b2 Fix jwt-token
2025-09-14 21:07:43 +02:00

409 lines
11 KiB
Markdown
Raw Blame History

# UAM-ILS Drone Detection System - Comprehensive Test Suite
This directory contains an extensive test suite for the UAM-ILS (Unmanned Aircraft Management - Intrusion and Location System) drone detection platform. The tests provide comprehensive coverage of all system components including security, performance, integration, and business logic validation.
## 🎯 Test Coverage Overview
### **Test Categories**
| Category | Coverage | Test Files | Description |
|----------|----------|------------|-------------|
| **Middleware** | Authentication, Authorization, Validation | 5 files | JWT auth, RBAC, IP restrictions, multi-tenant isolation |
| **Routes** | API Endpoints | 3 files | Auth, detectors, detections API endpoints |
| **Services** | Business Logic | 2 files | Alert processing, drone tracking algorithms |
| **Models** | Database Operations | 7 files | All database models with validations |
| **Utils** | Helper Functions | 1 file | Drone type classification and threat assessment |
| **Integration** | End-to-End Workflows | 1 file | Complete system workflows and tenant isolation |
| **Performance** | Load Testing | 1 file | High-volume operations and scalability |
| **Security** | Vulnerability Testing | 1 file | Security controls and attack prevention |
### **Total Test Count: 200+ Individual Tests**
## 🚀 Quick Start
### Prerequisites
```bash
cd server/tests
npm install
```
### Run All Tests
```bash
npm test
```
### Run Specific Test Categories
```bash
# Unit tests only (fast)
npm run test:unit
# Integration tests
npm run test:integration
# Performance tests
npm run test:performance
# Security tests
npm run test:security
# With coverage report
npm run test:coverage
```
## 📋 Detailed Test Categories
### 🔒 **Security Tests** (`tests/security/`)
- **Authentication Security**
- JWT token manipulation prevention
- Token expiration handling
- Brute force protection
- Cross-tenant token validation
- **Authorization Security**
- Privilege escalation prevention
- Role-based access control (RBAC)
- IP address restrictions
- Data modification authorization
- **Input Validation Security**
- SQL injection prevention
- XSS attack protection
- Path traversal prevention
- Buffer overflow protection
- **Data Protection Security**
- Password hashing validation
- Sensitive data exposure prevention
- Data retention policies
- Export data anonymization
- **API Security**
- Rate limiting enforcement
- Request size validation
- CSRF protection
- API abuse prevention
### 🌐 **API Route Tests** (`tests/routes/`)
- **Authentication Routes** (`auth.test.js`)
- User registration with tenant validation
- Login with security controls
- Password reset workflows
- Profile management
- Multi-tenant registration policies
- **Detector Routes** (`detectors.test.js`)
- Detection data submission
- Device approval validation
- Data format validation
- Tenant isolation
- Rate limiting
- **Detection Routes** (`detections.test.js`)
- Detection data retrieval
- Filtering and pagination
- Real-time updates
- Tenant-scoped queries
- Statistics generation
### 📡 **Middleware Tests** (`tests/middleware/`)
- **Authentication Middleware** (`auth.test.js`)
- JWT token validation
- Token extraction from headers
- Invalid token handling
- Missing token responses
- **Multi-Tenant Auth** (`multi-tenant-auth.test.js`)
- Tenant determination from requests
- Subdomain tenant routing
- Tenant context injection
- Cross-tenant access prevention
- **RBAC Middleware** (`rbac.test.js`)
- Role-based permission checking
- Permission matrix validation
- Dynamic permission assignment
- Role hierarchy enforcement
- **IP Restriction** (`ip-restriction.test.js`)
- CIDR range validation
- IP whitelist enforcement
- Geographic restrictions
- VPN detection (if applicable)
- **Validation Middleware** (`validation.test.js`)
- Request payload validation
- Data type checking
- Range validation
- Required field enforcement
### ⚙️ **Service Tests** (`tests/services/`)
- **Alert Service** (`alertService.test.js`)
- Alert rule processing
- Notification triggering
- Escalation workflows
- Silence periods
- Multi-channel alerts (email, SMS, webhooks)
- Alert aggregation and deduplication
- **Drone Tracking Service** (`droneTrackingService.test.js`)
- Real-time tracking algorithms
- Movement pattern analysis
- Threat level calculation
- Historical tracking data
- Prediction algorithms
- Performance optimization
### 📊 **Database Model Tests** (`tests/models/`)
- **User Model** (`user.test.js`)
- User creation and validation
- Password hashing
- Tenant association
- Role management
- Account status handling
- **Tenant Model** (`tenant.test.js`)
- Tenant creation
- Unique slug validation
- Configuration management
- IP restriction settings
- Registration policies
- **Device Model** (`device.test.js`)
- Device registration
- Approval workflows
- Location validation
- Status tracking
- Tenant association
- **Drone Detection Model** (`droneDetection.test.js`)
- Detection data validation
- Coordinate validation
- Signal strength processing
- Threat level assignment
- Temporal data handling
- **Alert Rule/Log Models** (`alertRule.test.js`, `alertLog.test.js`)
- Rule definition and validation
- Trigger condition evaluation
- Alert logging and history
- Performance optimization
- **Heartbeat Model** (`heartbeat.test.js`)
- Device health monitoring
- Status reporting
- Offline detection
- Performance metrics
### 🛠️ **Utility Tests** (`tests/utils/`)
- **Drone Types** (`droneTypes.test.js`)
- 19 different drone type classifications
- Threat level assessment (Critical/High/Medium/Low)
- Category assignment (Military/Commercial/Racing/etc.)
- Edge case handling
- Performance validation
### 🔄 **Integration Tests** (`tests/integration/`)
- **Complete Workflows** (`workflows.test.js`)
- End-to-end user registration → device setup → detection processing
- Multi-tenant data isolation validation
- Alert triggering and tracking workflows
- High-frequency detection streams
- Error recovery scenarios
- Concurrent operation handling
### 🚀 **Performance Tests** (`tests/performance/`)
- **Load Testing** (`load.test.js`)
- High-volume detection processing (1000+ detections)
- Concurrent user operations
- Database query optimization
- Memory usage efficiency
- API response time validation
- Multi-tenant scalability
- Bulk data operations
## 🎯 **Test Execution Commands**
### **By Category**
```bash
# Authentication & Security
npm run test:auth
npm run test:security-full
# Multi-tenancy
npm run test:tenant
# Detection & Tracking
npm run test:detection
npm run test:tracking
# Alerts & Notifications
npm run test:alerts
# Device Management
npm run test:devices
# Access Control
npm run test:rbac
npm run test:validation
# Database Operations
npm run test:db
# API Endpoints
npm run test:api
# Business Logic
npm run test:business-logic
```
### **By Component**
```bash
# Individual components
npm run test:middleware
npm run test:routes
npm run test:services
npm run test:models
npm run test:utils
# Specific test files
npm run test:workflows
npm run test:load
npm run test:vulnerabilities
```
### **Special Test Modes**
```bash
# Quick tests (models + utils only)
npm run test:quick
# Critical path tests only
npm run test:critical
# Watch mode (re-run on file changes)
npm run test:watch
# Test summary and validation
npm run test:summary
```
## 📊 **Coverage Reports**
Generate detailed code coverage reports:
```bash
npm run test:coverage
```
Coverage reports include:
- **Line Coverage**: 80%+ target
- **Function Coverage**: 80%+ target
- **Branch Coverage**: 70%+ target
- **Statement Coverage**: 80%+ target
Reports are generated in:
- `coverage/lcov-report/index.html` - HTML report
- `coverage/coverage.json` - JSON format
- Console output - Summary view
## 🔍 **Test Environment Setup**
### **Database Configuration**
- Uses SQLite in-memory database for fast, isolated tests
- Automatic setup and teardown for each test
- Transaction rollback for data isolation
- Mock data factories for consistent test data
### **Environment Variables**
```bash
NODE_ENV=test
JWT_SECRET=test-secret-key
DATABASE_URL=sqlite::memory:
```
### **Dependencies**
```json
{
"mocha": "Test framework",
"chai": "Assertion library",
"sinon": "Mocking and stubbing",
"supertest": "HTTP testing",
"nyc": "Code coverage"
}
```
## 🎯 **Critical Features Tested**
### ✅ **Security & Authentication**
- Multi-tenant data isolation
- JWT token security
- Role-based access control
- Input validation & sanitization
- SQL injection prevention
- XSS protection
- CSRF protection
- Rate limiting
- IP restrictions
- Brute force protection
### ✅ **Core Functionality**
- Drone detection processing
- Real-time alert system
- Threat level assessment
- Device management
- User management
- Multi-tenant architecture
- API security
- Data validation
### ✅ **Performance & Scalability**
- High-volume detection processing
- Concurrent user operations
- Database optimization
- Memory efficiency
- API response times
- Multi-tenant scalability
### ✅ **Integration & Workflows**
- End-to-end user workflows
- Device lifecycle management
- Detection → Alert → Tracking workflows
- Error handling & recovery
- Cross-tenant isolation validation
## 🚀 **Production Readiness**
This comprehensive test suite validates that the UAM-ILS drone detection system is ready for production deployment with:
- **200+ individual tests** covering all system components
- **Security testing** against common vulnerabilities
- **Performance validation** under load conditions
- **Integration testing** of complete workflows
- **Multi-tenant isolation** verification
- **Error handling** and recovery validation
- **API security** and rate limiting
- **Data integrity** and consistency checks
The system has been thoroughly tested and validated across all critical areas including security, performance, functionality, and reliability.
## 📞 **Test Maintenance**
### **Adding New Tests**
1. Place tests in appropriate category directory
2. Follow existing naming patterns (`*.test.js`)
3. Include setup/teardown in test files
4. Add test command to `package.json` if needed
### **Test Data Management**
- Use `createTestUser()`, `createTestTenant()`, `createTestDevice()` helpers
- Clean database between tests with `cleanDatabase()`
- Generate consistent test tokens with `generateTestToken()`
### **Performance Monitoring**
- Tests include performance assertions
- Monitor test execution times
- Update timeout values as needed
- Profile slow tests and optimize
---
**🎉 The UAM-ILS drone detection system is comprehensively tested and production-ready!**
Reference in New Issue View Git Blame Copy Permalink