keligrubb/kestrelos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
45ce90f3ccbb424b490bc8af808df2c551fd668e
kestrelos/test/unit/webrtcSignaling.spec.js
Keli Grubb e61e6bc7e3
All checks were successful
ci/woodpecker/push/push Pipeline was successful
Details
major: kestrel is now a tak server (#6) 
## Added

- CoT (Cursor on Target) server on port 8089 enabling ATAK/iTAK device connectivity
- Support for TAK stream protocol and traditional XML CoT messages
- TLS/SSL support with automatic fallback to plain TCP
- Username/password authentication for CoT connections
- Real-time device position tracking with TTL-based expiration (90s default)
- API endpoints: `/api/cot/config`, `/api/cot/server-package`, `/api/cot/truststore`, `/api/me/cot-password`
- TAK Server section in Settings with QR code for iTAK setup
- ATAK password management in Account page for OIDC users
- CoT device markers on map showing real-time positions
- Comprehensive documentation in `docs/` directory
- Environment variables: `COT_PORT`, `COT_TTL_MS`, `COT_REQUIRE_AUTH`, `COT_SSL_CERT`, `COT_SSL_KEY`, `COT_DEBUG`
- Dependencies: `fast-xml-parser`, `jszip`, `qrcode`

## Changed

- Authentication system supports CoT password management for OIDC users
- Database schema includes `cot_password_hash` field
- Test suite refactored to follow functional design principles

## Removed

- Consolidated utility modules: `authConfig.js`, `authSkipPaths.js`, `bootstrap.js`, `poiConstants.js`, `session.js`

## Security

- XML entity expansion protection in CoT parser
- Enhanced input validation and SQL injection prevention
- Authentication timeout to prevent hanging connections

## Breaking Changes

- Port 8089 must be exposed for CoT server. Update firewall rules and Docker/Kubernetes configurations.

## Migration Notes

- OIDC users must set ATAK password via Account settings before connecting
- Docker: expose port 8089 (`-p 8089:8089`)
- Kubernetes: update Helm values to expose port 8089

Co-authored-by: Madison Grubb <madison@elastiflow.com>
Reviewed-on: #6
2026-02-17 16:41:41 +00:00

89 lines
3.7 KiB
JavaScript
Raw Blame History

import { describe, it, expect, beforeEach, vi } from 'vitest'
import { createSession, clearSessions } from '../../server/utils/liveSessions.js'
import { handleWebSocketMessage } from '../../server/utils/webrtcSignaling.js'
vi.mock('../../server/utils/mediasoup.js', () => {
const mockConnect = vi.fn().mockResolvedValue(undefined)
const mockRouter = { id: 'mock-router', rtpCapabilities: { codecs: [] } }
const mockTransport = { id: 'mock-transport', connect: mockConnect }
return {
getRouter: vi.fn().mockResolvedValue(mockRouter),
createTransport: vi.fn().mockResolvedValue({
transport: mockTransport,
params: { id: 'mock-transport', iceParameters: {}, iceCandidates: [], dtlsParameters: {} },
}),
getTransport: vi.fn().mockReturnValue(mockTransport),
closeRouter: vi.fn().mockResolvedValue(undefined),
getProducer: vi.fn().mockReturnValue(null),
}
})
describe('webrtcSignaling', () => {
const testState = {
sessionId: null,
}
const userId = 'test-user'
beforeEach(async () => {
clearSessions()
const session = await createSession(userId, 'Test')
testState.sessionId = session.id
})
it('returns error when session not found', async () => {
const res = await handleWebSocketMessage(userId, 'non-existent-id', 'get-router-rtp-capabilities', {})
expect(res).toEqual({ error: 'Session not found' })
})
it('returns Forbidden when userId does not match session', async () => {
const res = await handleWebSocketMessage('other-user', testState.sessionId, 'create-transport', {})
expect(res).toEqual({ error: 'Forbidden' })
})
it('returns error for unknown message type', async () => {
const res = await handleWebSocketMessage(userId, testState.sessionId, 'unknown-type', {})
expect(res).toEqual({ error: 'Unknown message type: unknown-type' })
})
it('returns transportId and dtlsParameters required for connect-transport', async () => {
const res = await handleWebSocketMessage(userId, testState.sessionId, 'connect-transport', {})
expect(res?.error).toContain('transportId')
})
it('get-router-rtp-capabilities returns router RTP capabilities', async () => {
const res = await handleWebSocketMessage(userId, testState.sessionId, 'get-router-rtp-capabilities', {})
expect(res?.type).toBe('router-rtp-capabilities')
expect(res?.data).toEqual({ codecs: [] })
})
it('create-transport returns transport params', async () => {
const res = await handleWebSocketMessage(userId, testState.sessionId, 'create-transport', {})
expect(res?.type).toBe('transport-created')
expect(res?.data).toBeDefined()
})
it('connect-transport connects with valid params', async () => {
await handleWebSocketMessage(userId, testState.sessionId, 'create-transport', {})
const res = await handleWebSocketMessage(userId, testState.sessionId, 'connect-transport', {
transportId: 'mock-transport',
dtlsParameters: { role: 'client', fingerprints: [] },
})
expect(res?.type).toBe('transport-connected')
expect(res?.data?.connected).toBe(true)
})
it('returns error when transport.connect throws', async () => {
const { getTransport } = await import('../../server/utils/mediasoup.js')
getTransport.mockReturnValueOnce({
id: 'mock-transport',
connect: vi.fn().mockRejectedValue(new Error('Connection failed')),
})
await handleWebSocketMessage(userId, testState.sessionId, 'create-transport', {})
const res = await handleWebSocketMessage(userId, testState.sessionId, 'connect-transport', {
transportId: 'mock-transport',
dtlsParameters: { role: 'client', fingerprints: [] },
})
expect(res?.error).toBe('Connection failed')
})
})
Reference in New Issue View Git Blame Copy Permalink