refactor: reorganize test suite, add integration tests for NAT filter

- Move integration tests (api, network, phase2, smoke) to tests/integration/ - Move Playwright specs (captive-portal, interop-happy-path) to tests/e2e/ - Move playwright.config.mjs to tests/e2e/ - Fix hardcoded IP fallbacks: 192.168.4.1 → 10.192.45.1 - Add test-reset-auth.mjs: reset→pay→allow→revoke→block cycle - Add test-session-expiry.mjs: pay→wait 65s→verify blocked (slow test) - Add test-dns-firewall.mjs: DNS hijack/forward + per-client NAT filter - Update Makefile with test-unit, test-integration, test-e2e, test-all targets - Update package.json scripts for new paths - Fix Playwright video: retain-on-failure instead of always-on - Update AGENTS.md: per-client NAT filter description - Update CHECKLIST.md: mark completed items, add Board B identity - Board B nsec: 9af47906... → SSID TollGate-b96d80, AP IP 10.185.47.1 - 186 unit tests passing
author: Your Name <you@example.com> 2026-05-17 17:18:43 +0530
committer: Your Name <you@example.com> 2026-05-17 17:18:43 +0530
commit: 8071741815f0b0938701e80a63e80b0ec94b2778 (patch)
tree: 2a1511480e0b58f4efb144aa9d10c9fba5eed034 /tests/integration/test-reset-auth.mjs
parent: 0c2c67b463d6a90aaa0bb69bf3c91dba1d9ec3ec (diff)
1 files changed, 101 insertions, 0 deletions
diff --git a/tests/integration/test-reset-auth.mjs b/tests/integration/test-reset-auth.mjs
new file mode 100644
index 0000000..279b2f9
--- /dev/null
+++ b/tests/integration/test-reset-auth.mjs
@@ -0,0 +1,101 @@
+import { execSync } from 'child_process';
+const IP = process.env.TOLLGATE_IP || '10.192.45.1';
+const API = `http://${IP}:2121`;
+const SUDO_PW = process.env.SUDO_PW || 'c03rad0r123';
+let passed = 0, failed = 0;
+function assert(cond, msg) {
+  if (cond) { console.log(`  ✓ ${msg}`); passed++; }
+  else { console.log(`  ✗ ${msg}`); failed++; }
+}
+function run(cmd) {
+  try { return execSync(cmd, { encoding: 'utf8', timeout: 15000 }); }
+  catch { return null; }
+}
+function runJson(cmd) {
+  const out = run(cmd);
+  try { return out ? JSON.parse(out) : null; }
+  catch { return null; }
+}
+function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
+function mintToken(amount = 21) {
+  run('cashu -h https://testnut.cashu.space invoice ' + amount + ' 2>&1');
+  const out = run('cashu -h https://testnut.cashu.space send --legacy ' + amount + ' 2>&1');
+  const match = out && out.match(/cashuA[a-zA-Z0-9_-]+/);
+  return match ? match[0] : null;
+}
+function canPing(host = '8.8.8.8') {
+  const result = run(`ping -c 1 -W 2 -I wlp59s0 ${host} 2>/dev/null`);
+  return result && !result.includes('100% packet loss');
+}
+console.log(`\n=== Reset Auth Integration Test (target: ${IP}) ===\n`);
+console.log('1. Reset auth to clear state');
+const reset1 = run(`curl -s --connect-timeout 10 http://${IP}/reset_authentication`);
+assert(reset1 && reset1.includes('reset'), 'Reset returns {"status":"reset"}');
+await sleep(1000);
+console.log('\n2. Verify no session');
+const usage1 = run(`curl -s --connect-timeout 10 ${API}/usage`);
+assert(usage1 && usage1.includes('-1/-1'), 'Usage is -1/-1 before payment');
+console.log('\n3. Verify internet blocked');
+assert(!canPing(), 'Ping blocked before payment');
+console.log('\n4. Pay with valid token');
+const token = mintToken(21);
+assert(token !== null, 'Token generated');
+if (token) {
+  const payResult = runJson(`curl -s --connect-timeout 20 -X POST --data-binary '${token}' -H "Content-Type: application/cashu" ${API}/`);
+  assert(payResult && payResult.kind === 1022, 'Payment accepted (kind=1022)');
+  const allotment = payResult && payResult.tags && payResult.tags.find(t => t[0] === 'allotment');
+  assert(allotment && parseInt(allotment[1]) > 0, `Allotment: ${allotment ? allotment[1] : 'N/A'}ms`);
+}
+await sleep(1000);
+console.log('\n5. Verify session active');
+const usage2 = run(`curl -s --connect-timeout 10 ${API}/usage`);
+assert(usage2 && !usage2.includes('-1/-1'), `Usage: ${usage2}`);
+console.log('\n6. Verify internet allowed');
+assert(canPing(), 'Ping works with active session');
+console.log('\n7. Reset auth while session active');
+const reset2 = run(`curl -s --connect-timeout 10 http://${IP}/reset_authentication`);
+assert(reset2 && reset2.includes('reset'), 'Reset returns {"status":"reset"}');
+await sleep(1000);
+console.log('\n8. Verify session cleared');
+const usage3 = run(`curl -s --connect-timeout 10 ${API}/usage`);
+assert(usage3 && usage3.includes('-1/-1'), 'Usage is -1/-1 after reset');
+console.log('\n9. Verify internet blocked again');
+assert(!canPing(), 'Ping blocked after reset');
+console.log('\n10. Pay again (new token)');
+const token2 = mintToken(21);
+if (token2) {
+  const pay2 = runJson(`curl -s --connect-timeout 20 -X POST --data-binary '${token2}' -H "Content-Type: application/cashu" ${API}/`);
+  assert(pay2 && pay2.kind === 1022, 'Second payment accepted');
+}
+await sleep(1000);
+console.log('\n11. Verify internet works again');
+assert(canPing(), 'Ping works with new session');
+console.log('\n12. Final reset');
+run(`curl -s --connect-timeout 10 http://${IP}/reset_authentication`);
+console.log(`\n=== Results: ${passed} passed, ${failed} failed ===\n`);
+process.exit(failed > 0 ? 1 : 0);
author	Your Name <you@example.com>	2026-05-17 17:18:43 +0530
committer	Your Name <you@example.com>	2026-05-17 17:18:43 +0530
commit	8071741815f0b0938701e80a63e80b0ec94b2778 (patch)
tree	2a1511480e0b58f4efb144aa9d10c9fba5eed034 /tests/integration/test-reset-auth.mjs
parent	0c2c67b463d6a90aaa0bb69bf3c91dba1d9ec3ec (diff)

diff --git a/tests/integration/test-reset-auth.mjs b/tests/integration/test-reset-auth.mjs new file mode 100644 index 0000000..279b2f9 --- /dev/null +++ b/tests/integration/test-reset-auth.mjs
@@ -0,0 +1,101 @@
	1	import { execSync } from 'child_process';
	2
	3	const IP = process.env.TOLLGATE_IP \|\| '10.192.45.1';
	4	const API = `http://${IP}:2121`;
	5	const SUDO_PW = process.env.SUDO_PW \|\| 'c03rad0r123';
	6	let passed = 0, failed = 0;
	7
	8	function assert(cond, msg) {
	9	if (cond) { console.log(` ✓ ${msg}`); passed++; }
	10	else { console.log(` ✗ ${msg}`); failed++; }
	11	}
	12
	13	function run(cmd) {
	14	try { return execSync(cmd, { encoding: 'utf8', timeout: 15000 }); }
	15	catch { return null; }
	16	}
	17
	18	function runJson(cmd) {
	19	const out = run(cmd);
	20	try { return out ? JSON.parse(out) : null; }
	21	catch { return null; }
	22	}
	23
	24	function sleep(ms) { return new Promise(r => setTimeout(r, ms)); }
	25
	26	function mintToken(amount = 21) {
	27	run('cashu -h https://testnut.cashu.space invoice ' + amount + ' 2>&1');
	28	const out = run('cashu -h https://testnut.cashu.space send --legacy ' + amount + ' 2>&1');
	29	const match = out && out.match(/cashuA[a-zA-Z0-9_-]+/);
	30	return match ? match[0] : null;
	31	}
	32
	33	function canPing(host = '8.8.8.8') {
	34	const result = run(`ping -c 1 -W 2 -I wlp59s0 ${host} 2>/dev/null`);
	35	return result && !result.includes('100% packet loss');
	36	}
	37
	38	console.log(`\n=== Reset Auth Integration Test (target: ${IP}) ===\n`);
	39
	40	console.log('1. Reset auth to clear state');
	41	const reset1 = run(`curl -s --connect-timeout 10 http://${IP}/reset_authentication`);
	42	assert(reset1 && reset1.includes('reset'), 'Reset returns {"status":"reset"}');
	43
	44	await sleep(1000);
	45
	46	console.log('\n2. Verify no session');
	47	const usage1 = run(`curl -s --connect-timeout 10 ${API}/usage`);
	48	assert(usage1 && usage1.includes('-1/-1'), 'Usage is -1/-1 before payment');
	49
	50	console.log('\n3. Verify internet blocked');
	51	assert(!canPing(), 'Ping blocked before payment');
	52
	53	console.log('\n4. Pay with valid token');
	54	const token = mintToken(21);
	55	assert(token !== null, 'Token generated');
	56	if (token) {
	57	const payResult = runJson(`curl -s --connect-timeout 20 -X POST --data-binary '${token}' -H "Content-Type: application/cashu" ${API}/`);
	58	assert(payResult && payResult.kind === 1022, 'Payment accepted (kind=1022)');
	59	const allotment = payResult && payResult.tags && payResult.tags.find(t => t[0] === 'allotment');
	60	assert(allotment && parseInt(allotment[1]) > 0, `Allotment: ${allotment ? allotment[1] : 'N/A'}ms`);
	61	}
	62
	63	await sleep(1000);
	64
	65	console.log('\n5. Verify session active');
	66	const usage2 = run(`curl -s --connect-timeout 10 ${API}/usage`);
	67	assert(usage2 && !usage2.includes('-1/-1'), `Usage: ${usage2}`);
	68
	69	console.log('\n6. Verify internet allowed');
	70	assert(canPing(), 'Ping works with active session');
	71
	72	console.log('\n7. Reset auth while session active');
	73	const reset2 = run(`curl -s --connect-timeout 10 http://${IP}/reset_authentication`);
	74	assert(reset2 && reset2.includes('reset'), 'Reset returns {"status":"reset"}');
	75
	76	await sleep(1000);
	77
	78	console.log('\n8. Verify session cleared');
	79	const usage3 = run(`curl -s --connect-timeout 10 ${API}/usage`);
	80	assert(usage3 && usage3.includes('-1/-1'), 'Usage is -1/-1 after reset');
	81
	82	console.log('\n9. Verify internet blocked again');
	83	assert(!canPing(), 'Ping blocked after reset');
	84
	85	console.log('\n10. Pay again (new token)');
	86	const token2 = mintToken(21);
	87	if (token2) {
	88	const pay2 = runJson(`curl -s --connect-timeout 20 -X POST --data-binary '${token2}' -H "Content-Type: application/cashu" ${API}/`);
	89	assert(pay2 && pay2.kind === 1022, 'Second payment accepted');
	90	}
	91
	92	await sleep(1000);
	93
	94	console.log('\n11. Verify internet works again');
	95	assert(canPing(), 'Ping works with new session');
	96
	97	console.log('\n12. Final reset');
	98	run(`curl -s --connect-timeout 10 http://${IP}/reset_authentication`);
	99
	100	console.log(`\n=== Results: ${passed} passed, ${failed} failed ===\n`);
	101	process.exit(failed > 0 ? 1 : 0);