-
Notifications
You must be signed in to change notification settings - Fork 0
WebSocket Test Harness
A standalone Go application for testing the TMI WebSocket interface for collaborative threat modeling.
Source Location: wstest/ directory in the TMI repository
- OAuth authentication with TMI test provider using login hints (uses
idp=test) - Host mode: Creates threat models, adds participants, creates diagrams, and starts collaboration sessions
- Participant mode: Polls for available collaboration sessions and joins them
- Comprehensive logging of all network interactions and WebSocket messages
- Supports multiple concurrent instances
- Uses the Gorilla WebSocket library
Use the make target (preferred):
make build-wstestOr build directly:
cd wstest
go mod tidy
go build -o wstestStart as a host to create a new collaboration session:
# Basic host mode
./wstest --user alice --host
# Host mode with participants
./wstest --user alice --host --participants "bob,charlie,dave"
# Custom server
./wstest --server http://localhost:8080 --user alice --hostStart as a participant to join existing collaboration sessions:
# Join any available session
./wstest --user bob
# Multiple participants
./wstest --user charlie &
./wstest --user dave &| Option | Description | Default |
|---|---|---|
--server <url> |
Server URL | localhost:8080 |
--user <hint> |
User login hint | Required |
--host |
Run in host mode | false |
--participants <list> |
Comma-separated list of participant hints (host mode only) | Empty |
Terminal 1 (Host):
./wstest --user alice --host --participants "bob"Terminal 2 (Participant):
./wstest --user bobTerminal 1 (Host):
./wstest --user alice --host --participants "bob,charlie,dave"Terminals 2-4 (Participants):
./wstest --user bob
./wstest --user charlie
./wstest --user daveUse the make target to automatically launch three terminal windows:
make wstestThis launches:
- Alice as host with participants "bob,charlie,hobobarbarian@gmail.com"
- Bob as participant
- Charlie as participant
Each instance has a 30-second timeout to prevent runaway processes.
Upon joining a collaboration session, clients receive:
Full list of current participants (includes presenter info if any).
Structure:
{
"message_type": "participants_update",
"initiating_user": { /* user who triggered the update, or null */ },
"participants": [
{
"user": {
"principal_type": "user",
"provider": "tmi",
"provider_id": "alice@tmi.local",
"email": "alice@tmi.local",
"display_name": "Alice (TMI User)"
},
"permissions": "owner",
"last_activity": "2025-01-24T12:00:00Z"
}
],
"host": { /* host user object */ },
"current_presenter": { /* presenter user object, or null */ }
}All subsequent WebSocket messages (sent and received) are logged with timestamps and pretty-printed JSON formatting.
The harness implements the OAuth authorization code flow:
- Starts a local HTTP server on a random port for the callback
- Makes a GET request to
/oauth2/authorize?idp=test&login_hint=<user>&client_callback=<url>&scope=openid+email+profile - Follows the redirect to the local callback server
- Exchanges the authorization code for tokens via POST to
/oauth2/token - Uses the access token for all subsequent API calls and WebSocket connection
Note: The harness uses idp=test which is the TMI development OAuth provider that creates test users based on login hints.
All network interactions are logged to console:
- HTTP requests show method, URL, and request bodies
- HTTP responses show status codes and response bodies
- WebSocket messages are timestamped and pretty-printed
- OAuth callback parameters are logged in detail
Use Ctrl+C to gracefully shutdown the application. The WebSocket connection will be properly closed.
| Target | Description |
|---|---|
make build-wstest |
Build the WebSocket test harness binary |
make wstest |
Launch 3-terminal test (alice as host, bob & charlie as participants) |
make monitor-wstest |
Run WebSocket harness with user 'monitor' in foreground |
make clean-wstest |
Stop all running WebSocket test harness instances |
Check:
- Server is running (
make start-dev) - Correct server URL (default is
localhost:8080) - OAuth flow completes successfully (check console output)
Check:
- Host has started a session first
- Participant user has been added to the threat model authorization
- Session is still active (not timed out)
Check:
- Server logs for errors
- Session hasn't been terminated by host
- Network connectivity
- WebSocket-API-Reference - Full WebSocket API documentation
- Collaborative-Threat-Modeling - Collaboration features overview
- Debugging-Guide - General debugging procedures
- AsyncAPI Specification - WebSocket message schemas
- Using TMI for Threat Modeling
- Accessing TMI
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Metadata and Extensions
- Planning Your Deployment
- Deploying TMI Server
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Monitoring and Health
- Database Operations
- Security Operations
- Performance and Scaling
- Maintenance Tasks