mirror of https://github.com/cliffe/BreakEscape.git synced 2026-02-20 13:50:46 +00:00

Go to file

Z. Cliffe Schreuders d3b31b4368 Add comprehensive unlock system tests

Created test suite with 34 tests covering all unlock scenarios and security:

DOOR TESTS (10 tests):
- PIN/password validation (correct/incorrect, case sensitivity)
- Key unlocks (client-validated)
- Unlocked doors (method='unlocked')

CONTAINER TESTS (8 tests):
- PIN/password validation
- Key, lockpick, biometric, bluetooth, RFID unlocks
- Unlocked containers

NPC UNLOCK TESTS (6 tests):
✅ NPC can unlock door/container if encountered and has permission
🔒 SECURITY: Fails if NPC not encountered
🔒 SECURITY: Fails if NPC lacks permission for that target
🔒 SECURITY: Fails for non-existent NPC
🔒 SECURITY: Fails if unlockable is not an array

SECURITY TESTS - BYPASS PREVENTION (4 tests):
🔒 CRITICAL: Locked door CANNOT be bypassed with method='unlocked'
🔒 CRITICAL: Locked container CANNOT be bypassed with method='unlocked'
✅ Unlocked door CAN use method='unlocked'
✅ Unlocked container CAN use method='unlocked'

ERROR CASES (3 tests):
- Non-existent doors/objects return 422
- Invalid methods return 422

DATA FILTERING (2 tests):
- Verify 'requires' field filtered from responses
- Verify recursive filtering of contents

INTEGRATION (1 test):
- Multiple sequential unlocks
- Idempotent operations

Test Results: 34 runs, 115 assertions, 0 failures

Server Implementation:
- validate_npc_unlock: Validates NPC encounter and permission list
- find_npc_in_scenario: Searches all rooms for NPC
- method='npc': New unlock method requiring NPC id as attempt

Client Implementation:
- Updated handleUnlockDoor to call server API with method='npc'
- Server validates all NPC unlock requests
- No client-side lock manipulation

Security Principle: All unlock authorization is server-side.
Client cannot bypass locks by manipulating state or claiming NPC unlocks.

2025-11-22 00:46:56 +00:00

.cursor/rules

settings updates

2025-05-16 10:42:42 +01:00

.github

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

.vscode

Add NPC dialogue and interaction scripts

2025-10-29 13:48:22 +00:00

app

Add comprehensive unlock system tests

2025-11-22 00:46:56 +00:00

bin

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

config

Implement comprehensive server-side validation and data filtering for client actions

2025-11-22 00:46:55 +00:00

refactor: Move scenarios to root and update paths

2025-11-21 15:27:54 +00:00

docs

feat(rfid): Enhance hex generation with improved hash-based approach for realistic card data

2025-11-15 23:48:15 +00:00

lib

feat: Add rake task to load engine seed data

2025-11-21 15:27:54 +00:00

planning_notes

Implement comprehensive server-side validation and client integration for inventory and container management

2025-11-21 15:27:54 +00:00

public/break_escape

Add comprehensive unlock system tests

2025-11-22 00:46:56 +00:00

scenarios

refactor: Move scenarios to root and update paths

2025-11-21 15:27:54 +00:00

scripts

refactor: Convert scenarios to ERB templates

2025-11-21 15:27:53 +00:00

story_design

feat: Add educational tool help files for security tools

2025-11-19 18:26:14 +00:00

test

Add comprehensive unlock system tests

2025-11-22 00:46:56 +00:00

.gitignore

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

.rubocop.yml

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

break_escape.gemspec

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

CODEBASE_EXPLORATION.md

docs: Add comprehensive codebase exploration documentation

2025-11-20 15:37:37 +00:00

Gemfile

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

Gemfile.lock

chore: Add .gitignore, update Gemfile and Gemfile.lock for Rails 7.2.3, and clean up development environment settings

2025-11-21 15:27:54 +00:00

HACKTIVITY_INTEGRATION.md

docs: Add comprehensive documentation

2025-11-21 15:27:54 +00:00

IMPLEMENTATION_COMPLETE.md

Implement Line-of-Sight (LOS) System for NPCs

2025-11-12 11:58:29 +00:00

index.html

feat(rfid): Complete system integration

2025-11-15 23:48:15 +00:00

key-demo.html

feat: Enhance key selection with additional key presets and improve random key generation logic

2025-10-28 16:03:50 +00:00

locksmith-forge.html

refactor: Simplify key generation by using generic names for keys in KeySelection

2025-10-28 14:26:52 +00:00

MIT-LICENSE

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

Rakefile

feat: Generate Rails Engine structure

2025-11-21 15:27:53 +00:00

README_design.md

Add Codebase Review Document and Refactor Key Systems: Introduce a comprehensive review of the codebase organization, highlighting areas for improvement and recent refactoring successes. Refactor key-lock and unlock systems for better modularity and maintainability, consolidating logic into dedicated modules. Update relevant files and documentation to reflect these changes, ensuring a clearer structure and improved performance.

2025-10-12 23:11:32 +01:00

README_scenario_design.md

docs: Update room layout documentation and add comprehensive test scenarios

2025-11-17 08:49:50 +00:00

README.md

docs: Add comprehensive documentation

2025-11-21 15:27:54 +00:00

SCENARIO_FORMAT_FIXES.md

Implement Line-of-Sight (LOS) System for NPCs

2025-11-12 11:58:29 +00:00

SCENARIO_JSON_FORMAT_AUDIT.md

Implement Line-of-Sight (LOS) System for NPCs

2025-11-12 11:58:29 +00:00

scenario_select.html

Refactor scenarios: Remove deprecated XML files and update JSON scenarios with starting inventory items. Adjust room creation logic to prevent sprite creation for starting inventory items. Update scenario select paths for consistency.

2025-10-25 23:28:25 +01:00

server.py

feat(npc): Implement conversation state management and enhance NPC interaction features

2025-11-05 01:03:08 +00:00

test-auto-desktop.html

Update Minigame Framework: Replace references to 'minigames.css' with 'minigames-framework.css' across multiple HTML files for improved organization. Add new Google Font 'Pixelify Sans' to enhance typography in the game. Introduce new icon assets for better visual representation in various minigames, including search, disk, backpack, and clipboard icons. Update CSS styles for various minigames to enhance visual consistency and user experience.

2025-10-21 10:58:56 +01:00

test-container-desktop.html

2025-10-21 10:58:56 +01:00

test-container-interactive-items.html

2025-10-21 10:58:56 +01:00

test-container-minigame.html

Add Container Minigame: Introduce a new minigame for interacting with container items, including features for visual display, item interaction, and integration with the unlock system. Add CSS styles and test page for functionality. Update index.html and minigame manager to support the new minigame.

2025-10-13 11:53:07 +01:00

test-container-simple.html

2025-10-21 10:58:56 +01:00

test-keyboard-pause.html

feat: Implement keyboard input pause/resume functionality for minigames

2025-10-28 22:45:41 +00:00

test-los-visualization.html

Add Hostile NPC mode

2025-11-14 19:47:54 +00:00

test-notes-features.html

Add Notes Minigame: Implement interactive note display and inventory integration

2025-10-10 02:39:28 +01:00

test-npc-ink.html

Add NPC dialogue and interaction scripts

2025-10-29 13:48:22 +00:00

test-npc-interaction.html

Add Hostile NPC mode

2025-11-14 19:47:54 +00:00

test-password-minigame.html

2025-10-21 10:58:56 +01:00

test-person-chat-item-delivery.html

Add NPC sprite test scenario, server for development, and HTML test pages

2025-11-04 14:16:48 +00:00

test-phaser-lockpicking.html

Refactor minigame structure and styles: Update index_new.html to link to the new minigames-framework.css, add new lockpicking-comparison.html and locksmith-forge.html files for enhanced gameplay, and introduce dusting and lockpicking CSS files for improved styling. Update README_design.md for clarity on main.js functionality. Add new test-phaser-lockpicking.html for testing purposes. Enhance Bluetooth system with new functionality in bluetooth.js and interactions.js. Ensure game state management for notes and Bluetooth devices is consistent across the application.

2025-08-08 15:33:44 +01:00

test-phone-chat-minigame.html

feat: Implement voice messages in phone chat minigame

2025-10-30 02:45:05 +00:00

test-phone-minigame.html.old

refactor: Remove old phone-messages minigame and transition to phone-chat

2025-10-30 10:16:31 +00:00

test-pin-minigame.html

2025-10-21 10:58:56 +01:00

test-rfid-hex-generation.html

feat(rfid): Enhance hex generation with improved hash-based approach for realistic card data

2025-11-15 23:48:15 +00:00

test-text-file-minigame.html

2025-10-21 10:58:56 +01:00

TESTING_GUIDE.md

Implement global variable system for NPC conversations

2025-11-08 15:44:24 +00:00

verify-css.html

2025-10-21 10:58:56 +01:00

README.md

BreakEscape Rails Engine

Cybersecurity training escape room game as a mountable Rails Engine.

Features

24+ cybersecurity escape room scenarios
Server-side progress tracking with 2-table schema
Randomized passwords per game instance via ERB
JIT Ink script compilation for NPC dialogue
Polymorphic player support (User/DemoUser)
Pundit authorization
RESTful API for game state management
Session-based state persistence

Installation

In your Gemfile:

gem 'break_escape', path: 'path/to/break_escape'

Then:

bundle install
rails break_escape:install:migrations
rails db:migrate
rails db:seed  # Optional: creates missions from scenarios

Mounting in Host App

In your config/routes.rb:

mount BreakEscape::Engine => "/break_escape"

Usage

Standalone Mode (Development)

export BREAK_ESCAPE_STANDALONE=true
rails server
# Visit http://localhost:3000/break_escape/

Mounted Mode (Production)

Mount in Hacktivity or another Rails app. The engine will use the host app's current_user via Devise.

Configuration

# config/initializers/break_escape.rb
BreakEscape.configure do |config|
  config.standalone_mode = false  # true for development
  config.demo_user_handle = 'demo_player'
end

Database Schema

break_escape_missions - Scenario metadata (name, display_name, published, difficulty)
break_escape_games - Player state + scenario snapshot (JSONB)
break_escape_demo_users - Standalone mode only (optional)

API Endpoints

GET /games/:id/scenario - Scenario JSON (ERB-generated)
GET /games/:id/ink?npc=X - NPC script (JIT compiled from .ink)
GET /games/:id/bootstrap - Initial game data
PUT /games/:id/sync_state - Sync player state
POST /games/:id/unlock - Validate unlock attempt
POST /games/:id/inventory - Update inventory

Architecture

ERB Scenario Generation

Scenarios are stored as .json.erb templates and rendered on-demand with randomized values:

<%= random_password %> - Generates unique password per game
<%= random_pin %> - Generates unique 4-digit PIN
<%= random_code %> - Generates unique hex code

JIT Ink Compilation

NPC dialogue scripts compile on first request (~300ms):

Check if .json exists and is newer than .ink
If needed, run inklecate to compile
Cache compiled JSON for subsequent requests

State Management

Player state stored in JSONB column:

Current room and unlocked rooms
Inventory and collected items
NPC encounters
Global variables (synced with client)
Health and minigame state

Testing

rails test

License

MIT

Documentation

See HACKTIVITY_INTEGRATION.md for integration guide.

Languages

JavaScript 86.5%

Ink 7%

HTML 2.9%

CSS 2.5%

Ruby 0.9%

Other 0.2%