Files
kestrelos/test/unit/authSkipPaths.spec.js
T
keligrubb bb01e9a06c
Push / release (push) Successful in 13s
Push / publish (push) Successful in 1m4s
Add ADS-B, AIS, and ALPR map layers with live CoT streaming (#36)
## Summary

- **ADS-B & AIS:** OpenSky and AISStream OSINT feeds upsert into the CoT store; tactical tracks still arrive via adsbcot/aiscot on `:8089`. Map clients subscribe via `GET /api/cot/stream` (SSE) with viewport bbox filtering and Air / Surface / Team layer toggles.
- **ALPR (Flock/OSM):** Toggleable license-plate reader layer sourced from OpenStreetMap, with SQLite cache, Overpass fallback, tiled viewport fetching, and clustered markers with direction cones.
- **Map performance:** Ring-based tile selection (fixes zoom-out crash), immutable tile cache, incremental marker sync, split cluster load/query, and padded SSE bbox to reduce reconnect churn.

## Docs

- `docs/tracking.md` — ADS-B/AIS accuracy tiers, freshness, self-hosted receivers, optional OSINT API keys
- `docs/map-and-cameras.md` — ALPR layer and map behavior updates

---------

Co-authored-by: Madison Grubb <madison@elastiflow.com>
Reviewed-on: #36
2026-06-24 20:54:50 +00:00

48 lines
1.3 KiB
JavaScript

/**
* Ensures no API route that requires auth (requireAuth with optional role)
* is in the auth skip list. When adding a new protected API, add its path prefix to
* PROTECTED_PATH_PREFIXES in server/utils/authHelpers.js so these tests fail if it gets skipped.
*/
import { describe, it, expect } from 'vitest'
import { skipAuth, SKIP_PATHS, PROTECTED_PATH_PREFIXES } from '../../server/utils/authHelpers.js'
describe('authSkipPaths', () => {
it('does not skip any protected path', () => {
const protectedPaths = [
...PROTECTED_PATH_PREFIXES,
'/api/alpr',
'/api/cameras',
'/api/devices',
'/api/devices/any-id',
'/api/me',
'/api/pois',
'/api/pois/any-id',
'/api/users',
'/api/users/any-id',
]
protectedPaths.forEach((path) => {
expect(skipAuth(path)).toBe(false)
})
})
it.each([
'/api/auth/login',
'/api/auth/logout',
'/api/auth/config',
'/api/auth/oidc/authorize',
'/api/auth/oidc/callback',
'/api/health',
'/api/health/ready',
'/health',
])('skips public path: %s', (path) => {
expect(skipAuth(path)).toBe(true)
})
it('keeps SKIP_PATHS and PROTECTED_PATH_PREFIXES disjoint', () => {
const skipSet = new Set(SKIP_PATHS)
for (const path of PROTECTED_PATH_PREFIXES) {
expect(skipSet.has(path)).toBe(false)
}
})
})