Sravan
/
BizGaze_Remote


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
							// End-to-end test of the backend platform.
// Exercises the full flow: register -> enable MFA -> login (2 steps) ->
// enroll machine -> agent comes online -> technician requests session ->
// consent -> signaling relay -> audit trail. No browser/Electron needed:
// the "agent" and "viewer" are raw WebSocket clients.

process.env.DB_PATH = '/tmp/ra-e2e.db';
const fs = require('fs');
for (const f of ['/tmp/ra-e2e.db', '/tmp/ra-e2e.db-wal', '/tmp/ra-e2e.db-shm']) { try { fs.unlinkSync(f); } catch {} }

const PORT = 8099;
process.env.PORT = PORT;
const { server } = require('../server');
const A = require('../auth');
const WebSocket = require('ws');

const BASE = `http://localhost:${PORT}`;
let passed = 0, failed = 0;
function check(name, cond) {
  if (cond) { console.log('  ok  -', name); passed++; }
  else { console.log('  FAIL-', name); failed++; }
}

// minimal cookie-aware fetch
async function call(path, body, cookie) {
  const r = await fetch(BASE + path, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json', ...(cookie ? { Cookie: cookie } : {}) },
    body: body ? JSON.stringify(body) : undefined,
  });
  const setCookie = r.headers.get('set-cookie');
  const data = await r.json().catch(() => ({}));
  return { status: r.status, data, cookie: setCookie ? setCookie.split(';')[0] : cookie };
}
async function get(path, cookie) {
  const r = await fetch(BASE + path, { headers: cookie ? { Cookie: cookie } : {} });
  return { status: r.status, data: await r.json().catch(() => ({})) };
}
const wait = (ms) => new Promise((r) => setTimeout(r, ms));
function wsClient() {
  const ws = new WebSocket(`ws://localhost:${PORT}/ws`);
  ws.q = [];
  ws.on('message', (d) => ws.q.push(JSON.parse(d)));
  return ws;
}
function nextMsg(ws, type, timeout = 3000) {
  return new Promise((resolve, reject) => {
    const start = Date.now();
    (function poll() {
      const i = ws.q.findIndex((m) => m.type === type);
      if (i >= 0) return resolve(ws.q.splice(i, 1)[0]);
      if (Date.now() - start > timeout) return reject(new Error('timeout waiting for ' + type));
      setTimeout(poll, 20);
    })();
  });
}

(async () => {
  await wait(300); // let server bind
  console.log('E2E backend tests:');

  // 1. Register
  const email = 'tech@example.com';
  const reg = await call('/api/register', { email, password: 'supersecret', teamName: 'Acme IT' });
  check('register returns mfa setup', reg.status === 200 && reg.data.mfaSetup && reg.data.mfaSetup.secret);
  const secret = reg.data.mfaSetup.secret;

  // 2. Login before MFA enabled — allowed, mfaRequired=false
  let login = await call('/api/login', { email, password: 'supersecret' });
  check('login sets session cookie', !!login.cookie);

  // 3. Enable MFA with a valid TOTP
  const enable = await call('/api/mfa/enable', { email, code: A.totp(secret) });
  check('mfa enable succeeds with valid code', enable.status === 200);
  const badEnable = await call('/api/mfa/enable', { email, code: '000000' });
  check('mfa enable rejects bad code', badEnable.status === 401);

  // 4. Fresh login now requires MFA
  login = await call('/api/login', { email, password: 'supersecret' });
  check('login now flags mfaRequired', login.data.mfaRequired === true);
  let cookie = login.cookie;

  // 5. Protected route blocked until MFA passed
  const meBlocked = await get('/api/me', cookie);
  check('me blocked before mfa', meBlocked.status === 401);

  // 6. Pass MFA
  const mfa = await call('/api/login/mfa', { code: A.totp(secret) }, cookie);
  check('login mfa step succeeds', mfa.status === 200);
  const me = await get('/api/me', cookie);
  check('me works after mfa, role=admin', me.status === 200 && me.data.role === 'admin');

  // 7. Wrong password rejected
  const badLogin = await call('/api/login', { email, password: 'wrong' });
  check('wrong password rejected', badLogin.status === 401);

  // 8. Enroll a machine (consent-required)
  const mach = await call('/api/machines', { name: 'Dana-Laptop', unattended: false }, cookie);
  check('machine enrolled, returns token', mach.status === 200 && mach.data.enrollToken);
  const enrollToken = mach.data.enrollToken;

  // 9. Agent comes online
  const agent = wsClient();
  await new Promise((r) => agent.on('open', r));
  agent.send(JSON.stringify({ type: 'agent-hello', enrollToken }));
  const reg2 = await nextMsg(agent, 'agent-registered');
  check('agent registers via enroll token', reg2.name === 'Dana-Laptop');

  // machine shows online in API
  const machines = await get('/api/machines', cookie);
  check('machine reports online', machines.data[0].online === true);

  // 10. Technician (viewer) requests a session — needs cookie on the WS upgrade
  const viewer = new WebSocket(`ws://localhost:${PORT}/ws`, { headers: { Cookie: cookie } });
  viewer.q = []; viewer.on('message', (d) => viewer.q.push(JSON.parse(d)));
  await new Promise((r) => viewer.on('open', r));
  viewer.send(JSON.stringify({ type: 'viewer-connect', machineId: machines.data[0].id }));
  const pending = await nextMsg(viewer, 'session-pending');
  check('viewer gets session-pending', !!pending.sessionId);

  // 11. Agent receives the consent request
  const reqMsg = await nextMsg(agent, 'session-request');
  check('agent receives session-request with technician email', reqMsg.technician === email);

  // 12. Agent grants consent -> both sides proceed
  agent.send(JSON.stringify({ type: 'consent', sessionId: reqMsg.sessionId, granted: true }));
  const ready = await nextMsg(viewer, 'session-ready');
  const startStream = await nextMsg(agent, 'start-stream');
  check('consent grant -> viewer session-ready', !!ready);
  check('consent grant -> agent start-stream', !!startStream);

  // 13. Signaling relay: agent offer reaches viewer; viewer answer reaches agent
  agent.send(JSON.stringify({ type: 'offer', sessionId: reqMsg.sessionId, sdp: { fake: 'offer' } }));
  const relayedOffer = await nextMsg(viewer, 'offer');
  check('offer relayed agent->viewer', relayedOffer.sdp.fake === 'offer');
  viewer.send(JSON.stringify({ type: 'answer', sessionId: reqMsg.sessionId, sdp: { fake: 'answer' } }));
  const relayedAnswer = await nextMsg(agent, 'answer');
  check('answer relayed viewer->agent', relayedAnswer.sdp.fake === 'answer');

  // 14. End session
  viewer.send(JSON.stringify({ type: 'end-session', sessionId: reqMsg.sessionId }));
  await nextMsg(agent, 'session-ended');
  check('session-ended delivered to agent', true);

  // 15. Audit log captured the full flow
  const audit = await get('/api/audit', cookie);
  const actions = audit.data.map((a) => a.action);
  for (const a of ['user_registered', 'login', 'machine_enrolled', 'session_requested', 'consent_granted', 'session_ended']) {
    check(`audit contains "${a}"`, actions.includes(a));
  }

  // 16. Denial path
  viewer.send(JSON.stringify({ type: 'viewer-connect', machineId: machines.data[0].id }));
  const pending2 = await nextMsg(viewer, 'session-pending');
  const req2 = await nextMsg(agent, 'session-request');
  agent.send(JSON.stringify({ type: 'consent', sessionId: req2.sessionId, granted: false }));
  const denied = await nextMsg(viewer, 'session-denied');
  check('consent denial -> viewer session-denied', !!denied);

  agent.close(); viewer.close();
  console.log(`\n${passed} passed, ${failed} failed.`);
  server.close();
  process.exit(failed ? 1 : 0);
})().catch((e) => { console.error('E2E ERROR:', e); process.exit(1); });