#!/usr/bin/env node /** * Integration Test for Composable Security Architecture * * This test attempts to load the composable security system with real * plugin-based authorization enhancers. It will only pass if the required * modules are properly installed and configured. * * Required modules for full test: * - wiki-security-friends (mocked in this test) * - wiki-plugin-useraccesstokens * - wiki-plugin-ratelimit * * Usage: * node test/integration.test.js */ const path = require('path'); // Mock the require function first, before any other requires const originalRequire = require; // Mock base security plugin (friends) const mockFriendsPlugin = (log, loga, argv) => ({ retrieveOwner: (cb) => { console.log('[FRIENDS] Retrieving owner...'); cb(); }, getOwner: () => 'test-owner', setOwner: (id, cb) => { console.log(`[FRIENDS] Setting owner to: ${id}`); cb(); }, getUser: (req) => { if (req.session && req.session.friend) { return 'test-user'; } return ''; }, isAuthorized: (req) => { return req.session && req.session.friend === 'test-secret'; }, isAdmin: (req) => { return req.session && req.session.friend === 'admin-secret'; }, defineRoutes: (app, cors, updateOwner) => { app.post('/login', 'friends-login-handler'); app.get('/logout', 'friends-logout-handler'); }, _debug: { authProvider: 'wiki-security-friends' } }); // Set up module mocking - only mock the base auth provider // The plugin-based authorization enhancers will be loaded as real modules const moduleCache = new Map(); moduleCache.set('wiki-security-friends', mockFriendsPlugin); require = function(module) { if (moduleCache.has(module)) { return moduleCache.get(module); } return originalRequire(module); }; const mockLog = (msg) => console.log(`[LOG] ${msg}`); const mockLoga = mockLog; const mockArgv = { status: './test-status', auth_provider: 'wiki-security-friends', authz_enhancers: ['wiki-plugin-useraccesstokens', 'wiki-plugin-ratelimit'], ratelimit_config: { windowMs: 60000, // 1 minute for testing maxRequests: 10, maxAuthRequests: 3 } }; // Mock Express app const mockApp = { use: (path, middleware) => console.log(`[APP] Added middleware for: ${path || 'all routes'}`), get: (path, ...handlers) => console.log(`[APP] Added GET route: ${path}`), post: (path, ...handlers) => console.log(`[APP] Added POST route: ${path}`), delete: (path, ...handlers) => console.log(`[APP] Added DELETE route: ${path}`) }; const mockCors = (req, res, next) => next(); const mockUpdateOwner = (owner) => console.log(`[OWNER] Updated to: ${owner}`); console.log('=== Composable Security Integration Test ===\n'); console.log('This test attempts to load real plugin-based authorization enhancers.'); console.log('It will fail if required plugin modules are not installed.\n'); // Test 1: Load the composable security system console.log('1. Loading composable security system...'); try { const ComposableSecurity = require('../index.js'); const security = ComposableSecurity(mockLog, mockLoga, mockArgv); console.log('✓ Composable security loaded successfully'); console.log(`✓ Debug info:`, security._debug); console.log(); // Test 2: Initialize routes console.log('2. Initializing routes...'); security.defineRoutes(mockApp, mockCors, mockUpdateOwner); console.log('✓ Routes initialized'); console.log(); // Test 3: Test owner management console.log('3. Testing owner management...'); security.retrieveOwner(() => { const owner = security.getOwner(); console.log(`✓ Current owner: ${owner}`); }); console.log(); // Test 4: Test request handling console.log('4. Testing request handling...'); // Mock requests const mockReqAuth = { session: { friend: 'test-secret' }, ip: '127.0.0.1', path: '/test', get: () => null, query: {} }; const mockReqToken = { session: {}, ip: '127.0.0.1', path: '/api/test', get: (header) => header === 'Authorization' ? 'Bearer uat_test123' : null, query: {} }; const mockReqUnauth = { session: {}, ip: '127.0.0.1', path: '/test', get: () => null, query: {} }; // Test authenticated request console.log('Testing authenticated request...'); console.log(` User: ${security.getUser(mockReqAuth)}`); console.log(` Authorized: ${security.isAuthorized(mockReqAuth)}`); console.log(` Admin: ${security.isAdmin(mockReqAuth)}`); // Test token request (will fail without real token validation) console.log('Testing token request...'); console.log(` User: ${security.getUser(mockReqToken)}`); console.log(` Authorized: ${security.isAuthorized(mockReqToken)}`); // Test unauthenticated request console.log('Testing unauthenticated request...'); console.log(` User: ${security.getUser(mockReqUnauth)}`); console.log(` Authorized: ${security.isAuthorized(mockReqUnauth)}`); console.log('✓ Request handling tests completed'); console.log(); console.log('=== Integration Test Summary ==='); console.log('✓ All integration tests completed successfully'); console.log('✓ Composable security works with real plugin-based authorization enhancers'); console.log('✓ Auth provider and plugin enhancers loaded correctly'); console.log('✓ Security interface maintained compatibility'); } catch (error) { console.error('✗ Integration test failed:', error.message); console.error('\nThis is expected if the required plugin modules are not installed.'); console.error('To run a successful test with mocked modules, use: node test/composable-security.test.js'); process.exit(1); }