screentinker/server/test
ScreenTinker 7eab9c6092 PiP overlay MVP: push image/web overlays to a device or group (#109)
Implements the #109 MVP from docs proposal: a floating overlay PUSHED to a device or
group in real time, rendered above the playlist without disturbing it. Scope is the
MVP only — video/RTSP, MQTT, offline-queue, and the priority/stacking system are
deferred to follow-up PRs as the proposal specifies.

Protocol (/device socket, player-agnostic):
- device:pip-show { pip_id, type:image|web, uri, position, width, height, duration,
  title?, title_color?, background_color?, opacity?, border_radius?, close_button? }
- device:pip-clear { pip_id? }
The player fetches uri itself (same trust model as remote_url content; server never
proxies). type:web is full-trust by design, hence the 'full' token scope.

Server (server/routes/pip.js, new; mounted in config/api-surface.js PUBLIC_ROUTERS):
- POST /api/pip and POST /api/pip/clear + DELETE /api/pip, all requireScope('full').
- Resolves device_id to a device OR a group, expands a group to members, and emits
  per-device — reusing the group command route's room-size online check and
  {device_id, name, status: sent|offline} result shape. Generates pip_id.
- Validates type/position allowlists, uri http(s), numeric bounds on
  width/height/duration/opacity/border_radius, colors via the existing VALID_COLOR
  (#RRGGBB; transparency is the separate opacity field).
- Workspace-isolated: every target query is scoped to req.workspaceId, so a token
  bound to workspace A can't address workspace B (404). Offline devices are reported,
  never queued (PiP is ephemeral).

Player overlay layer (Tizen; tizen/js/pip-overlay.js, new):
- A #pip sibling ABOVE #stage that PlaylistPlayer/ZoneRenderer never touch.
- applyOrientation now applies the SAME transform to #pip as #stage, so corner
  positions track the visible CONTENT in all four orientations.
- image -> <img>, web -> <iframe> (muted by default: empty allow= denies autoplay),
  sized/positioned/styled per payload, optional title bar.
- Single overlay slot, last-show-wins; duration timer (0 = until cleared); pip-clear
  (id-aware) or timer tears down; teardown wrapped so a malformed payload can't wedge
  the layer. Reports show/clear over device:log (tag 'pip').

Dashboard: a minimal "Send overlay" / "Clear overlay" tester on the device-detail
controls (device/group via the open device, type, uri, position, duration), calling
POST /api/pip through the api helper.

Tests (server suite green, 161/161):
- api.test.js: PiP tier — authz (read/write 403, full passes), workspace isolation
  (wsA token -> wsB device 404), payload validation, device + group targeting, clear;
  plus the PUBLIC_ROUTERS snapshot-firewall updated for /api/pip.
- pip-overlay.test.js: loads the real player.js + pip-overlay.js in a vm with a DOM
  shim; proves the overlay shows, auto-dismisses on the duration timer, and never
  changes the playlist signature / touches #stage; web->iframe, last-show-wins,
  id-aware clear, malformed-payload safety.

Not in this PR (intentional):
- Android player overlay — fast-follow. Protocol + server are player-agnostic; the
  Android layer (an overlay View above the player, orientation-matched to MainActivity's
  rootView rotation) is the same shape and lands next.
- OpenAPI docs for POST /api/pip — the contract test's scope heuristic only treats
  'command' paths as full-scope, so documenting a full-scope non-command route there
  needs that heuristic extended first; deferred with the docs item (proposal §8.6).
- video/rtsp types, MQTT, offline queue-on-reconnect, priority/stacking, arbitrary
  (x,y)/selector positioning (proposal §6).

Refs #109

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 14:42:32 -05:00
..
admin-users.test.js feat(admin): Delete Organization + Workspace with cascade (#36) 2026-06-09 09:22:21 -05:00
agency-digest.test.js feat(api): batched email digest for agency uploads (#73) 2026-06-14 13:59:37 -05:00
agency-gate.test.js feat(api): agency portal endpoints + router.param target seam (#73) 2026-06-13 22:48:42 -05:00
agency-layouts.test.js feat(api): GET /api/agency/layouts - device-free layout geometry (#73) 2026-06-14 13:53:30 -05:00
agency-list.test.js feat(api): GET /api/agency/playlists - a token's designated targets (#73) 2026-06-14 13:08:07 -05:00
agency-scope.test.js feat(api): agency-token security primitive - off-ladder scope + agencyGate (#73) 2026-06-13 21:30:38 -05:00
agency.test.js feat: full-screen-only guardrail for agency designations (#73) 2026-06-14 17:36:30 -05:00
ai-design.test.js fix(ai): de-overlap generated text + layer shapes behind text (#41) 2026-06-09 12:57:41 -05:00
api.test.js PiP overlay MVP: push image/web overlays to a device or group (#109) 2026-06-18 14:42:32 -05:00
apitoken-unit.test.js test(api): close #92 follow-up coverage gaps 2026-06-12 20:10:36 -05:00
branding.test.js feat(branding): instance-level default white-label branding (#15) 2026-06-08 16:55:22 -05:00
config-paths.test.js chore(version): single-source VERSION, env-configurable data paths, bump tooling 2026-06-10 12:56:03 -05:00
i18n-tokens.test.js test(api): close #92 follow-up coverage gaps 2026-06-12 20:10:36 -05:00
openapi-contract.test.js test(api): fix spec scope drift + guard it in CI; Redoc provenance 2026-06-12 18:45:09 -05:00
operator-permissions.test.js fix(roles): make platform_operator assignable + add deny/assign regression tests 2026-06-05 12:44:39 -05:00
pair-lockout.test.js fix(api): harden device pairing against brute-force (#87) 2026-06-12 20:16:12 -05:00
pip-overlay.test.js PiP overlay MVP: push image/web overlays to a device or group (#109) 2026-06-18 14:42:32 -05:00
provisioning.test.js fix(api): consolidate device pairing to /pair, remove vestigial bare endpoint (#90) 2026-06-12 20:13:16 -05:00
schedule-eval.test.js feat(scheduling): per-item schedule blocks (#74 dayparting, #75 auto-expire) 2026-06-11 15:46:41 -05:00
schema-check.test.js fix(db): observable migrations + fail-fast schema verification (#37) 2026-06-09 09:31:52 -05:00
security-fixes.test.js fix(security): patch quick-win findings from the codebase review 2026-06-08 19:02:19 -05:00
tenant-cascade-migration.test.js fix(db): cascade tenant resources on workspace/org delete (#18 follow-up) 2026-06-08 16:01:52 -05:00
tizen-eval-drift.test.js feat(scheduling): per-item schedule blocks (#74 dayparting, #75 auto-expire) 2026-06-11 15:46:41 -05:00
totp-keyrotation.test.js test(server): TOTP - bite, lockout, replay, recovery, st_ bypass, key-rotation (#100) 2026-06-13 20:48:55 -05:00
totp-unit.test.js test(server): TOTP - bite, lockout, replay, recovery, st_ bypass, key-rotation (#100) 2026-06-13 20:48:55 -05:00
totp.test.js fix(server): strip totp_secret_enc/totp_last_step from login responses (#100) 2026-06-13 20:48:55 -05:00
user-deletion.test.js feat(admin): Delete Organization + Workspace with cascade (#36) 2026-06-09 09:22:21 -05:00
widget-render-xss.test.js fix(security): sanitize public widget render to close stored XSS 2026-06-08 19:11:14 -05:00