This directory contains an extensive test suite for the UAM-ILS (Unmanned Aircraft Management - Intrusion and Location System) drone detection platform. The tests provide comprehensive coverage of all system components including security, performance, integration, and business logic validation.

🎯 Test Coverage Overview

Test Categories

Category	Coverage	Test Files	Description
Middleware	Authentication, Authorization, Validation	5 files	JWT auth, RBAC, IP restrictions, multi-tenant isolation
Routes	API Endpoints	3 files	Auth, detectors, detections API endpoints
Services	Business Logic	2 files	Alert processing, drone tracking algorithms
Models	Database Operations	7 files	All database models with validations
Utils	Helper Functions	1 file	Drone type classification and threat assessment
Integration	End-to-End Workflows	1 file	Complete system workflows and tenant isolation
Performance	Load Testing	1 file	High-volume operations and scalability
Security	Vulnerability Testing	1 file	Security controls and attack prevention

Total Test Count: 200+ Individual Tests

🚀 Quick Start

Prerequisites

cd server/tests
npm install

Run All Tests

npm test

Run Specific Test Categories

# Unit tests only (fast)
npm run test:unit

# Integration tests
npm run test:integration

# Performance tests
npm run test:performance

# Security tests
npm run test:security

# With coverage report
npm run test:coverage

📋 Detailed Test Categories

🔒 Security Tests (`tests/security/`)

Authentication Security
- JWT token manipulation prevention
- Token expiration handling
- Brute force protection
- Cross-tenant token validation
Authorization Security
- Privilege escalation prevention
- Role-based access control (RBAC)
- IP address restrictions
- Data modification authorization
Input Validation Security
- SQL injection prevention
- XSS attack protection
- Path traversal prevention
- Buffer overflow protection
Data Protection Security
- Password hashing validation
- Sensitive data exposure prevention
- Data retention policies
- Export data anonymization
API Security
- Rate limiting enforcement
- Request size validation
- CSRF protection
- API abuse prevention

🌐 API Route Tests (`tests/routes/`)

Authentication Routes (auth.test.js)
- User registration with tenant validation
- Login with security controls
- Password reset workflows
- Profile management
- Multi-tenant registration policies
Detector Routes (detectors.test.js)
- Detection data submission
- Device approval validation
- Data format validation
- Tenant isolation
- Rate limiting
Detection Routes (detections.test.js)
- Detection data retrieval
- Filtering and pagination
- Real-time updates
- Tenant-scoped queries
- Statistics generation

📡 Middleware Tests (`tests/middleware/`)

Authentication Middleware (auth.test.js)
- JWT token validation
- Token extraction from headers
- Invalid token handling
- Missing token responses
Multi-Tenant Auth (multi-tenant-auth.test.js)
- Tenant determination from requests
- Subdomain tenant routing
- Tenant context injection
- Cross-tenant access prevention
RBAC Middleware (rbac.test.js)
- Role-based permission checking
- Permission matrix validation
- Dynamic permission assignment
- Role hierarchy enforcement
IP Restriction (ip-restriction.test.js)
- CIDR range validation
- IP whitelist enforcement
- Geographic restrictions
- VPN detection (if applicable)
Validation Middleware (validation.test.js)
- Request payload validation
- Data type checking
- Range validation
- Required field enforcement

⚙️ Service Tests (`tests/services/`)

Alert Service (alertService.test.js)
- Alert rule processing
- Notification triggering
- Escalation workflows
- Silence periods
- Multi-channel alerts (email, SMS, webhooks)
- Alert aggregation and deduplication
Drone Tracking Service (droneTrackingService.test.js)
- Real-time tracking algorithms
- Movement pattern analysis
- Threat level calculation
- Historical tracking data
- Prediction algorithms
- Performance optimization

📊 Database Model Tests (`tests/models/`)

User Model (user.test.js)
- User creation and validation
- Password hashing
- Tenant association
- Role management
- Account status handling
Tenant Model (tenant.test.js)
- Tenant creation
- Unique slug validation
- Configuration management
- IP restriction settings
- Registration policies
Device Model (device.test.js)
- Device registration
- Approval workflows
- Location validation
- Status tracking
- Tenant association
Drone Detection Model (droneDetection.test.js)
- Detection data validation
- Coordinate validation
- Signal strength processing
- Threat level assignment
- Temporal data handling
Alert Rule/Log Models (alertRule.test.js, alertLog.test.js)
- Rule definition and validation
- Trigger condition evaluation
- Alert logging and history
- Performance optimization
Heartbeat Model (heartbeat.test.js)
- Device health monitoring
- Status reporting
- Offline detection
- Performance metrics

🛠️ Utility Tests (`tests/utils/`)

Drone Types (droneTypes.test.js)
- 19 different drone type classifications
- Threat level assessment (Critical/High/Medium/Low)
- Category assignment (Military/Commercial/Racing/etc.)
- Edge case handling
- Performance validation

🔄 Integration Tests (`tests/integration/`)

Complete Workflows (workflows.test.js)
- End-to-end user registration → device setup → detection processing
- Multi-tenant data isolation validation
- Alert triggering and tracking workflows
- High-frequency detection streams
- Error recovery scenarios
- Concurrent operation handling

🚀 Performance Tests (`tests/performance/`)

Load Testing (load.test.js)
- High-volume detection processing (1000+ detections)
- Concurrent user operations
- Database query optimization
- Memory usage efficiency
- API response time validation
- Multi-tenant scalability
- Bulk data operations

🎯 Test Execution Commands

By Category

# Authentication & Security
npm run test:auth
npm run test:security-full

# Multi-tenancy
npm run test:tenant

# Detection & Tracking
npm run test:detection
npm run test:tracking

# Alerts & Notifications
npm run test:alerts

# Device Management
npm run test:devices

# Access Control
npm run test:rbac
npm run test:validation

# Database Operations
npm run test:db

# API Endpoints
npm run test:api

# Business Logic
npm run test:business-logic

By Component

# Individual components
npm run test:middleware
npm run test:routes
npm run test:services
npm run test:models
npm run test:utils

# Specific test files
npm run test:workflows
npm run test:load
npm run test:vulnerabilities

Special Test Modes

# Quick tests (models + utils only)
npm run test:quick

# Critical path tests only
npm run test:critical

# Watch mode (re-run on file changes)
npm run test:watch

# Test summary and validation
npm run test:summary

📊 Coverage Reports

Generate detailed code coverage reports:

npm run test:coverage

Coverage reports include:

Line Coverage: 80%+ target
Function Coverage: 80%+ target
Branch Coverage: 70%+ target
Statement Coverage: 80%+ target

Reports are generated in:

coverage/lcov-report/index.html - HTML report
coverage/coverage.json - JSON format
Console output - Summary view

🔍 Test Environment Setup

Database Configuration

Uses SQLite in-memory database for fast, isolated tests
Automatic setup and teardown for each test
Transaction rollback for data isolation
Mock data factories for consistent test data

Environment Variables

NODE_ENV=test
JWT_SECRET=test-secret-key
DATABASE_URL=sqlite::memory:

Dependencies

{
  "mocha": "Test framework",
  "chai": "Assertion library", 
  "sinon": "Mocking and stubbing",
  "supertest": "HTTP testing",
  "nyc": "Code coverage"
}

🎯 Critical Features Tested

✅ Security & Authentication

Multi-tenant data isolation
JWT token security
Role-based access control
Input validation & sanitization
SQL injection prevention
XSS protection
CSRF protection
Rate limiting
IP restrictions
Brute force protection

✅ Core Functionality

Drone detection processing
Real-time alert system
Threat level assessment
Device management
User management
Multi-tenant architecture
API security
Data validation

✅ Performance & Scalability

High-volume detection processing
Concurrent user operations
Database optimization
Memory efficiency
API response times
Multi-tenant scalability

✅ Integration & Workflows

End-to-end user workflows
Device lifecycle management
Detection → Alert → Tracking workflows
Error handling & recovery
Cross-tenant isolation validation

🚀 Production Readiness

This comprehensive test suite validates that the UAM-ILS drone detection system is ready for production deployment with:

200+ individual tests covering all system components
Security testing against common vulnerabilities
Performance validation under load conditions
Integration testing of complete workflows
Multi-tenant isolation verification
Error handling and recovery validation
API security and rate limiting
Data integrity and consistency checks

The system has been thoroughly tested and validated across all critical areas including security, performance, functionality, and reliability.

📞 Test Maintenance

Adding New Tests

Place tests in appropriate category directory
Follow existing naming patterns (*.test.js)
Include setup/teardown in test files
Add test command to package.json if needed

Test Data Management

Use createTestUser(), createTestTenant(), createTestDevice() helpers
Clean database between tests with cleanDatabase()
Generate consistent test tokens with generateTestToken()

Performance Monitoring

Tests include performance assertions
Monitor test execution times
Update timeout values as needed
Profile slow tests and optimize

🎉 The UAM-ILS drone detection system is comprehensively tested and production-ready!

README.md

UAM-ILS Drone Detection System - Comprehensive Test Suite