major: kestrel is now a tak server (#6)

## Added - CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity - Support for TAK stream protocol and traditional XML CoT messages - TLS/SSL support with automatic fallback to plain TCP - Username/password authentication for CoT connections - Real-time device position tracking with TTL-based expiration (90s default) - API endpoints: `/api/cot/config`, `/api/cot/server-package`, `/api/cot/truststore`, `/api/me/cot-password` - TAK Server section in Settings with QR code for iTAK setup - ATAK password management in Account page for OIDC users - CoT device markers on map showing real-time positions - Comprehensive documentation in `docs/` directory - Environment variables: `COT_PORT`, `COT_TTL_MS`, `COT_REQUIRE_AUTH`, `COT_SSL_CERT`, `COT_SSL_KEY`, `COT_DEBUG` - Dependencies: `fast-xml-parser`, `jszip`, `qrcode` ## Changed - Authentication system supports CoT password management for OIDC users - Database schema includes `cot_password_hash` field - Test suite refactored to follow functional design principles ## Removed - Consolidated utility modules: `authConfig.js`, `authSkipPaths.js`, `bootstrap.js`, `poiConstants.js`, `session.js` ## Security - XML entity expansion protection in CoT parser - Enhanced input validation and SQL injection prevention - Authentication timeout to prevent hanging connections ## Breaking Changes - Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations. ## Migration Notes - OIDC users must set ATAK password via Account settings before connecting - Docker: expose port 8089 (`-p 8089:8089`) - Kubernetes: update Helm values to expose port 8089 Co-authored-by: Madison Grubb <madison@elastiflow.com> Reviewed-on: #6
2026-02-17 16:41:41 +00:00
parent b18283d3b3
commit e61e6bc7e3
117 changed files with 5329 additions and 1040 deletions
--- a/test/helpers/env.js
+++ b/test/helpers/env.js
@@ -0,0 +1,54 @@
+/**
+ * Functional helpers for test environment management.
+ * Returns new objects instead of mutating process.env directly.
+ */
+
+/**
+ * Creates a new env object with specified overrides
+ * @param {Record<string, string | undefined>} overrides - Env vars to set/override
+ * @returns {Record<string, string>} New env object
+ */
+export const withEnv = overrides => ({
+  ...process.env,
+  ...Object.fromEntries(
+    Object.entries(overrides).filter(([, v]) => v !== undefined),
+  ),
+})
+
+/**
+ * Creates a new env object with specified vars removed
+ * @param {string[]} keys - Env var keys to remove
+ * @returns {Record<string, string>} New env object
+ */
+export const withoutEnv = (keys) => {
+  const result = { ...process.env }
+  for (const key of keys) {
+    delete result[key]
+  }
+  return result
+}
+
+/**
+ * Executes a function with a temporary env, restoring original after
+ * @param {Record<string, string | undefined>} env - Temporary env to use
+ * @param {() => any} fn - Function to execute
+ * @returns {any} Result of fn()
+ */
+export const withTemporaryEnv = (env, fn) => {
+  const original = { ...process.env }
+  try {
+    // Set defined values
+    Object.entries(env).forEach(([key, value]) => {
+      if (value !== undefined) {
+        process.env[key] = value
+      }
+      else {
+        delete process.env[key]
+      }
+    })
+    return fn()
+  }
+  finally {
+    process.env = original
+  }
+}