// Compliance Integration Tests const TestEnvironment = require('./setup'); const TestHelpers = require('./helpers'); const apiGatewayApp = require('../../services/api-gateway/src/app'); const complianceGuardApp = require('../../services/compliance-guard/src/app'); describe('Compliance Integration Tests', () => { let testEnv; let helpers; let apiClient; let testUser; const SERVICES = { 'api-gateway': { app: apiGatewayApp, port: 13000 }, 'compliance-guard': { app: complianceGuardApp, port: 13006 } }; beforeAll(async () => { testEnv = new TestEnvironment(); helpers = new TestHelpers(testEnv); // Setup test environment await testEnv.setup(); // Setup mocks helpers.setupMocks(); // Start services for (const [name, config] of Object.entries(SERVICES)) { await testEnv.startService(name, config.app, config.port); } // Create test user testUser = await testEnv.createTestUser(); // Create authenticated client apiClient = await helpers.createAuthenticatedClient( `http://localhost:${SERVICES['api-gateway'].port}`, testUser ); }); afterAll(async () => { helpers.cleanupMocks(); await testEnv.cleanup(); }); describe('Data Protection', () => { test('should encrypt sensitive data', async () => { const sensitiveData = { userId: testUser.id, data: { ssn: '123-45-6789', creditCard: '4111111111111111', email: 'test@example.com' } }; const response = await apiClient.post( '/api/v1/compliance/data/encrypt', sensitiveData ); const { encrypted } = helpers.expectApiSuccess(response); expect(encrypted).toBeDefined(); expect(encrypted.data).not.toEqual(sensitiveData.data); expect(encrypted.data).toContain('encrypted:'); }); test('should decrypt data for authorized users', async () => { // First encrypt const originalData = { message: 'Secret message', timestamp: new Date().toISOString() }; const encryptResponse = await apiClient.post( '/api/v1/compliance/data/encrypt', { userId: testUser.id, data: originalData } ); const { encrypted } = helpers.expectApiSuccess(encryptResponse); // Then decrypt const decryptResponse = await apiClient.post( '/api/v1/compliance/data/decrypt', { userId: testUser.id, data: encrypted.data } ); const { decrypted } = helpers.expectApiSuccess(decryptResponse); expect(decrypted).toEqual(originalData); }); test('should prevent unauthorized decryption', async () => { // Create another user const otherUser = await testEnv.createTestUser(); const otherClient = await helpers.createAuthenticatedClient( `http://localhost:${SERVICES['api-gateway'].port}`, otherUser ); // Try to decrypt data encrypted by first user const response = await otherClient.post( '/api/v1/compliance/data/decrypt', { userId: testUser.id, data: 'encrypted:somedata' } ); helpers.expectApiError(response, 403, 'Unauthorized'); }); }); describe('Privacy Rights', () => { test('should handle data export request', async () => { // Create some test data await helpers.createTestCampaign({ userId: testUser.id }); await helpers.createTestTask({ userId: testUser.id }); const response = await apiClient.post( '/api/v1/compliance/privacy/export', { userId: testUser.id } ); const { exportId, status } = helpers.expectApiSuccess(response, 202); expect(exportId).toBeDefined(); expect(status).toBe('processing'); // Wait for export to complete await helpers.sleep(2000); // Check export status const statusResponse = await apiClient.get( `/api/v1/compliance/privacy/export/${exportId}` ); const exportData = helpers.expectApiSuccess(statusResponse); expect(['completed', 'processing']).toContain(exportData.status); if (exportData.status === 'completed') { expect(exportData.downloadUrl).toBeDefined(); } }); test('should handle data deletion request', async () => { // Create test data const campaign = await helpers.createTestCampaign({ userId: testUser.id }); // Request deletion const response = await apiClient.post( '/api/v1/compliance/privacy/delete', { userId: testUser.id, scope: 'all', reason: 'User requested account deletion' } ); const { deletionId, status } = helpers.expectApiSuccess(response, 202); expect(deletionId).toBeDefined(); expect(status).toBe('scheduled'); // Wait for deletion await helpers.sleep(2000); // Verify data was deleted const campaignResponse = await apiClient.get( `/api/v1/campaigns/${campaign.campaignId}` ); helpers.expectApiError(campaignResponse, 404); }); test('should respect data retention policies', async () => { const response = await apiClient.get('/api/v1/compliance/retention/policies'); const { policies } = helpers.expectApiSuccess(response); expect(policies).toBeDefined(); expect(policies).toHaveProperty('messages'); expect(policies).toHaveProperty('userdata'); expect(policies).toHaveProperty('analytics'); expect(policies.messages.retentionDays).toBeGreaterThan(0); expect(policies.userdata.retentionDays).toBeGreaterThan(0); }); }); describe('Consent Management', () => { test('should record user consent', async () => { const consentData = { userId: testUser.id, purposes: [ { purpose: 'marketing', granted: true, timestamp: new Date().toISOString() }, { purpose: 'analytics', granted: true, timestamp: new Date().toISOString() }, { purpose: 'personalization', granted: false, timestamp: new Date().toISOString() } ], ipAddress: '192.168.1.1', userAgent: 'Test Client/1.0' }; const response = await apiClient.post( '/api/v1/compliance/consent/record', consentData ); const { consentId } = helpers.expectApiSuccess(response, 201); expect(consentId).toBeDefined(); }); test('should check consent before processing', async () => { // Check consent status const response = await apiClient.get( `/api/v1/compliance/consent/check/${testUser.id}`, { params: { purpose: 'marketing' } } ); const { granted, timestamp } = helpers.expectApiSuccess(response); expect(typeof granted).toBe('boolean'); if (granted) { expect(timestamp).toBeDefined(); } }); test('should update consent preferences', async () => { const updateData = { userId: testUser.id, updates: [ { purpose: 'marketing', granted: false, timestamp: new Date().toISOString() } ] }; const response = await apiClient.put( '/api/v1/compliance/consent/update', updateData ); helpers.expectApiSuccess(response); // Verify update const checkResponse = await apiClient.get( `/api/v1/compliance/consent/check/${testUser.id}`, { params: { purpose: 'marketing' } } ); const { granted } = helpers.expectApiSuccess(checkResponse); expect(granted).toBe(false); }); }); describe('Audit Logging', () => { test('should log compliance events', async () => { // Perform some compliance actions await apiClient.post('/api/v1/compliance/data/encrypt', { userId: testUser.id, data: { test: 'data' } }); await apiClient.get(`/api/v1/compliance/consent/check/${testUser.id}`, { params: { purpose: 'analytics' } }); // Get audit logs const response = await apiClient.get('/api/v1/compliance/audit/logs', { params: { userId: testUser.id, startDate: new Date(Date.now() - 3600000).toISOString(), endDate: new Date().toISOString() } }); const { logs, total } = helpers.expectApiSuccess(response); expect(logs).toBeDefined(); expect(logs.length).toBeGreaterThan(0); expect(total).toBeGreaterThan(0); // Verify log structure const log = logs[0]; expect(log).toHaveProperty('timestamp'); expect(log).toHaveProperty('action'); expect(log).toHaveProperty('userId'); expect(log).toHaveProperty('details'); }); test('should generate compliance reports', async () => { const response = await apiClient.post('/api/v1/compliance/audit/report', { type: 'monthly', month: new Date().getMonth() + 1, year: new Date().getFullYear() }); const { reportId, status } = helpers.expectApiSuccess(response, 202); expect(reportId).toBeDefined(); expect(status).toBe('generating'); }); }); describe('Regulatory Compliance', () => { test('should validate GDPR compliance', async () => { const response = await apiClient.get('/api/v1/compliance/regulatory/gdpr/status'); const { compliant, issues } = helpers.expectApiSuccess(response); expect(typeof compliant).toBe('boolean'); expect(Array.isArray(issues)).toBe(true); if (!compliant) { expect(issues.length).toBeGreaterThan(0); issues.forEach(issue => { expect(issue).toHaveProperty('category'); expect(issue).toHaveProperty('description'); expect(issue).toHaveProperty('severity'); }); } }); test('should validate CCPA compliance', async () => { const response = await apiClient.get('/api/v1/compliance/regulatory/ccpa/status'); const { compliant, issues } = helpers.expectApiSuccess(response); expect(typeof compliant).toBe('boolean'); expect(Array.isArray(issues)).toBe(true); }); test('should handle Do Not Sell requests', async () => { const response = await apiClient.post('/api/v1/compliance/privacy/donotsell', { userId: testUser.id, optOut: true }); helpers.expectApiSuccess(response); // Verify opt-out status const statusResponse = await apiClient.get( `/api/v1/compliance/privacy/donotsell/${testUser.id}` ); const { optedOut } = helpers.expectApiSuccess(statusResponse); expect(optedOut).toBe(true); }); }); });