major: kestrel is now a tak server (#6)
All checks were successful
ci/woodpecker/push/push Pipeline was successful
All checks were successful
ci/woodpecker/push/push Pipeline was successful
## Added - CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity - Support for TAK stream protocol and traditional XML CoT messages - TLS/SSL support with automatic fallback to plain TCP - Username/password authentication for CoT connections - Real-time device position tracking with TTL-based expiration (90s default) - API endpoints: `/api/cot/config`, `/api/cot/server-package`, `/api/cot/truststore`, `/api/me/cot-password` - TAK Server section in Settings with QR code for iTAK setup - ATAK password management in Account page for OIDC users - CoT device markers on map showing real-time positions - Comprehensive documentation in `docs/` directory - Environment variables: `COT_PORT`, `COT_TTL_MS`, `COT_REQUIRE_AUTH`, `COT_SSL_CERT`, `COT_SSL_KEY`, `COT_DEBUG` - Dependencies: `fast-xml-parser`, `jszip`, `qrcode` ## Changed - Authentication system supports CoT password management for OIDC users - Database schema includes `cot_password_hash` field - Test suite refactored to follow functional design principles ## Removed - Consolidated utility modules: `authConfig.js`, `authSkipPaths.js`, `bootstrap.js`, `poiConstants.js`, `session.js` ## Security - XML entity expansion protection in CoT parser - Enhanced input validation and SQL injection prevention - Authentication timeout to prevent hanging connections ## Breaking Changes - Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations. ## Migration Notes - OIDC users must set ATAK password via Account settings before connecting - Docker: expose port 8089 (`-p 8089:8089`) - Kubernetes: update Helm values to expose port 8089 Co-authored-by: Madison Grubb <madison@elastiflow.com> Reviewed-on: #6
This commit was merged in pull request #6.
This commit is contained in:
@@ -1,9 +1,7 @@
|
||||
import { describe, it, expect } from 'vitest'
|
||||
import { requireAuth } from '../../server/utils/authHelpers.js'
|
||||
|
||||
function mockEvent(user = null) {
|
||||
return { context: { user } }
|
||||
}
|
||||
const mockEvent = (user = null) => ({ context: { user } })
|
||||
|
||||
describe('authHelpers', () => {
|
||||
it('requireAuth throws 401 when no user', () => {
|
||||
@@ -19,43 +17,29 @@ describe('authHelpers', () => {
|
||||
|
||||
it('requireAuth returns user when set', () => {
|
||||
const user = { id: '1', identifier: 'a@b.com', role: 'member' }
|
||||
expect(requireAuth(mockEvent(user))).toEqual(user)
|
||||
})
|
||||
|
||||
it.each([
|
||||
['member', 'adminOrLeader', 403],
|
||||
['admin', 'adminOrLeader', null],
|
||||
['leader', 'adminOrLeader', null],
|
||||
['leader', 'admin', 403],
|
||||
['admin', 'admin', null],
|
||||
])('requireAuth with %s role and %s requirement', (userRole, requirement, expectedStatus) => {
|
||||
const user = { id: '1', identifier: 'a', role: userRole }
|
||||
const event = mockEvent(user)
|
||||
expect(requireAuth(event)).toEqual(user)
|
||||
})
|
||||
|
||||
it('requireAuth with adminOrLeader throws 403 for member', () => {
|
||||
const event = mockEvent({ id: '1', identifier: 'a', role: 'member' })
|
||||
expect(() => requireAuth(event, { role: 'adminOrLeader' })).toThrow()
|
||||
try {
|
||||
requireAuth(event, { role: 'adminOrLeader' })
|
||||
if (expectedStatus === null) {
|
||||
expect(requireAuth(event, { role: requirement })).toEqual(user)
|
||||
}
|
||||
catch (e) {
|
||||
expect(e.statusCode).toBe(403)
|
||||
else {
|
||||
expect(() => requireAuth(event, { role: requirement })).toThrow()
|
||||
try {
|
||||
requireAuth(event, { role: requirement })
|
||||
}
|
||||
catch (e) {
|
||||
expect(e.statusCode).toBe(expectedStatus)
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
it('requireAuth with adminOrLeader returns user for admin', () => {
|
||||
const user = { id: '1', identifier: 'a', role: 'admin' }
|
||||
expect(requireAuth(mockEvent(user), { role: 'adminOrLeader' })).toEqual(user)
|
||||
})
|
||||
|
||||
it('requireAuth with adminOrLeader returns user for leader', () => {
|
||||
const user = { id: '1', identifier: 'a', role: 'leader' }
|
||||
expect(requireAuth(mockEvent(user), { role: 'adminOrLeader' })).toEqual(user)
|
||||
})
|
||||
|
||||
it('requireAuth with admin throws 403 for leader', () => {
|
||||
const event = mockEvent({ id: '1', identifier: 'a', role: 'leader' })
|
||||
try {
|
||||
requireAuth(event, { role: 'admin' })
|
||||
}
|
||||
catch (e) {
|
||||
expect(e.statusCode).toBe(403)
|
||||
}
|
||||
})
|
||||
|
||||
it('requireAuth with admin returns user for admin', () => {
|
||||
const user = { id: '1', identifier: 'a', role: 'admin' }
|
||||
expect(requireAuth(mockEvent(user), { role: 'admin' })).toEqual(user)
|
||||
})
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user