Telemetry
diff --git a/app/static/sidebar.js b/app/static/sidebar.js
index 012ba31..a0e39c2 100644
--- a/app/static/sidebar.js
+++ b/app/static/sidebar.js
@@ -6,6 +6,7 @@
// steady-cruise tick doesn't touch DOM that didn't actually change.
import { compassIcon, escapeHtml, flagIcon, fmt } from './format.js';
+import { updateP2PStatus } from './community_feed_dialog.js';
import { isNotable, militaryLabel } from './notable_aircraft.js';
import { matchesActiveFilters } from './filters.js';
import { routeLabel, selectAircraft } from './detail_panel.js';
@@ -31,29 +32,6 @@ export const countHistory = [];
let prevFrames = null;
let prevFramesAt = null;
-function renderP2PStatus(p2p) {
- // Snapshot is missing the block entirely when the env kill switch
- // (P2P_ENABLED=0) is set or backend is older than the field.
- // Federation user-toggled off also hides the line.
- const visible = !!(p2p && p2p.enabled);
- const connected = visible && !!p2p.connected;
- const peers = connected ? (p2p.peers | 0) : 0;
- const text = !visible
- ? ''
- : connected
- ? (peers === 1 ? '1 peer connected' : `${peers} peers connected`)
- : 'P2P disconnected';
- const fp = `${visible ? 1 : 0}|${connected ? 1 : 0}|${text}`;
- if (fp === lastP2PFp) return;
- lastP2PFp = fp;
- const row = document.getElementById('p2p-status');
- if (!row) return;
- row.hidden = !visible;
- row.classList.toggle('live', connected);
- row.classList.toggle('dead', visible && !connected);
- document.getElementById('p2p-status-text').textContent = text;
-}
-
function updateMsgRate(snap) {
const el = document.getElementById('msg-rate');
if (snap.frames == null || snap.now == null) { el.textContent = ''; return; }
@@ -75,7 +53,6 @@ let lastEmptyMsg = null;
let lastStatusText = '';
let lastSiteName = '';
let lastDocTitle = '';
-let lastP2PFp = '';
// Scratch host used to parse a row's HTML string into a real Element.
// Reused across calls — the parsed node becomes detached as soon as we
@@ -121,7 +98,7 @@ export function renderSidebar(snap) {
document.getElementById('status-text').textContent = statusText;
lastStatusText = statusText;
}
- renderP2PStatus(snap.p2p);
+ updateP2PStatus(snap.p2p);
const site = snap.site_name || '';
if (site !== lastSiteName) {
document.getElementById('site-name').textContent = site;
@@ -137,13 +114,12 @@ export function renderSidebar(snap) {
const q = state.searchFilter;
const selIcao = state.selectedIcao;
- const needsFilter = state.activeFilters.size > 0 || !!q || !state.showPeer;
+ const needsFilter = state.activeFilters.size > 0 || !!q;
const filtered = needsFilter
? snap.aircraft.filter(a => {
// The selected aircraft stays visible even when it stops
// matching — otherwise the detail panel orphans mid-read.
if (a.icao === selIcao) return true;
- if (!state.showPeer && a.peer) return false;
if (q && !(
(a.callsign || '').toLowerCase().includes(q) ||
a.icao.toLowerCase().includes(q) ||
@@ -333,21 +309,11 @@ export function initSidebar() {
renderFilterBar();
applyFilterVisibility();
- // Peer chip — independent toggle (hide/show aircraft from relay peers).
- const peerChip = document.getElementById('peer-chip');
- if (peerChip) {
- peerChip.classList.toggle('active', state.showPeer);
- peerChip.addEventListener('click', () => {
- state.showPeer = !state.showPeer;
- try { localStorage.setItem('flightjar.showPeer', state.showPeer ? '1' : '0'); }
- catch (_) { /* storage disabled */ }
- peerChip.classList.toggle('active', state.showPeer);
- if (state.lastSnap) {
- renderSidebar(state.lastSnap);
- applyFilterVisibility();
- }
- });
- }
+ // Stale localStorage key from the old "Peers" chip (Community Feed
+ // rework dropped the dedicated visibility toggle). Clear so future
+ // reads can't pick up a half-migrated state.
+ try { localStorage.removeItem('flightjar.showPeer'); }
+ catch (_) { /* storage disabled */ }
const searchInput = document.getElementById('search');
searchInput.addEventListener('input', () => {
diff --git a/app/static/state.js b/app/static/state.js
index e787231..b094475 100644
--- a/app/static/state.js
+++ b/app/static/state.js
@@ -149,9 +149,6 @@ export const state = {
// an aircraft matches when any active filter matches. Empty set means
// "show everything" — the default.
activeFilters: new Set(readFilters()),
- // Whether to show peer aircraft (from the P2P relay). Default: show them.
- // The "Peers" chip in the filter bar toggles this; persisted to localStorage.
- showPeer: localStorage.getItem('flightjar.showPeer') !== '0',
// Enabled airspace groups (see openaip.js → AIRSPACE_GROUPS). Rendered
// airspaces are filtered by membership; empty set means "hide all".
airspaceCategories: readAirspaceCategories(),
diff --git a/app/static/trails.js b/app/static/trails.js
index 3e0224d..74b7dfb 100644
--- a/app/static/trails.js
+++ b/app/static/trails.js
@@ -301,7 +301,7 @@ function reconcileMarker(entry) {
export function applyFilterVisibility() {
const active = state.activeFilters;
const selIcao = state.selectedIcao;
- if (active.size === 0 && state.showPeer) {
+ if (active.size === 0) {
for (const entry of state.aircraft.values()) {
if (entry.hiddenByFilter) {
entry.hiddenByFilter = false;
@@ -311,9 +311,7 @@ export function applyFilterVisibility() {
return;
}
for (const [icao, entry] of state.aircraft) {
- const isPeer = entry.data?.peer === true;
- const visible = icao === selIcao ||
- ((!isPeer || state.showPeer) && matchesActiveFilters(entry.data));
+ const visible = icao === selIcao || matchesActiveFilters(entry.data);
if (!visible && !entry.hiddenByFilter) {
entry.hiddenByFilter = true;
resetTrailState(entry);
diff --git a/dotnet/src/FlightJar.Api/Configuration/AppOptionsBinder.cs b/dotnet/src/FlightJar.Api/Configuration/AppOptionsBinder.cs
index 5b377b4..ad6e581 100644
--- a/dotnet/src/FlightJar.Api/Configuration/AppOptionsBinder.cs
+++ b/dotnet/src/FlightJar.Api/Configuration/AppOptionsBinder.cs
@@ -121,7 +121,6 @@ public static AppOptions FromEnvironment(IDictionary? env = nul
TerrainCacheDir = NullIfEmpty(Str(get, "TERRAIN_CACHE_DIR", "")) ?? "/data/terrain",
TelemetryEnabled = Bool(get, "TELEMETRY_ENABLED", true),
Password = Str(get, "FLIGHTJAR_PASSWORD", ""),
- P2PEnabled = Bool(get, "P2P_ENABLED", true),
P2PRelayUrl = NullIfEmpty(Str(get, "P2P_RELAY_URL", "")) ?? AppOptions.DefaultRelayUrl,
P2PRelayToken = NullIfEmpty(Str(get, "P2P_RELAY_TOKEN", "")),
P2PPushIntervalS = FloatRequired(get, "P2P_PUSH_INTERVAL_S", 5.0),
diff --git a/dotnet/src/FlightJar.Api/Endpoints/P2PEndpoints.cs b/dotnet/src/FlightJar.Api/Endpoints/P2PEndpoints.cs
index f433d61..077bcc4 100644
--- a/dotnet/src/FlightJar.Api/Endpoints/P2PEndpoints.cs
+++ b/dotnet/src/FlightJar.Api/Endpoints/P2PEndpoints.cs
@@ -10,10 +10,11 @@
namespace FlightJar.Api.Endpoints;
///
-/// P2P federation endpoints.
+/// Community Feed endpoints.
///
-/// - GET/POST /api/p2p/config — UI-toggleable on/off and
-/// share-site-name. Default: enabled.
+/// - GET/POST /api/p2p/config — UI-toggleable on/off,
+/// consent_given (set true when the user explicitly opts in via the
+/// Community Feed dialog) and share-site-name.
/// - /p2p/ws — WebSocket stream of sanitised snapshots (receiver
/// lat/lon and per-aircraft distance stripped). Useful for direct same-LAN
/// peer connections and for inspecting what this instance is sharing.
@@ -37,6 +38,7 @@ public static IEndpointRouteBuilder MapP2PEndpoints(this IEndpointRouteBuilder a
{
version = P2PConfigStore.SchemaVersion,
enabled = cfg.Enabled,
+ consent_given = cfg.ConsentGiven,
share_site_name = cfg.ShareSiteName,
});
}).RequireAuthSession();
@@ -51,21 +53,29 @@ public static IEndpointRouteBuilder MapP2PEndpoints(this IEndpointRouteBuilder a
}
catch (JsonException)
{
- return Results.BadRequest(new { error = "expected {enabled?: bool, share_site_name?: bool}" });
+ return Results.BadRequest(new { error = "expected {enabled?: bool, consent_given?: bool, share_site_name?: bool}" });
}
if (payload is null)
{
return Results.BadRequest(new { error = "empty body" });
}
var current = store.Current;
+ var nextEnabled = payload.Enabled ?? current.Enabled;
+ var explicitConsent = payload.ConsentGiven ?? current.ConsentGiven;
+ // Flipping the feed on through this endpoint *is* the consent
+ // moment, so make it implicit. The frontend always sends the
+ // pair from the onboarding dialog; this is belt-and-braces.
+ var nextConsent = explicitConsent || nextEnabled;
var updated = store.Replace(new P2PConfig
{
- Enabled = payload.Enabled ?? current.Enabled,
+ Enabled = nextEnabled,
+ ConsentGiven = nextConsent,
ShareSiteName = payload.ShareSiteName ?? current.ShareSiteName,
});
return Results.Json(new
{
enabled = updated.Enabled,
+ consent_given = updated.ConsentGiven,
share_site_name = updated.ShareSiteName,
});
}).RequireAuthSession();
@@ -142,5 +152,5 @@ private static async Task SendAsync(WebSocket socket, string payload, Cancellati
await socket.SendAsync(bytes, WebSocketMessageType.Text, endOfMessage: true, ct);
}
- private sealed record P2PConfigPayload(bool? Enabled, bool? ShareSiteName);
+ private sealed record P2PConfigPayload(bool? Enabled, bool? ConsentGiven, bool? ShareSiteName);
}
diff --git a/dotnet/src/FlightJar.Api/Hosting/P2PRelayClientService.cs b/dotnet/src/FlightJar.Api/Hosting/P2PRelayClientService.cs
index 0b55f26..0be9f97 100644
--- a/dotnet/src/FlightJar.Api/Hosting/P2PRelayClientService.cs
+++ b/dotnet/src/FlightJar.Api/Hosting/P2PRelayClientService.cs
@@ -75,7 +75,7 @@ public override void Dispose()
private void OnConfigChanged(P2PConfig cfg)
{
- if (cfg.Enabled)
+ if (cfg.Enabled && cfg.ConsentGiven)
{
// Wake the idle loop.
lock (_signalGate)
@@ -97,9 +97,11 @@ protected override async Task ExecuteAsync(CancellationToken stoppingToken)
while (!stoppingToken.IsCancellationRequested)
{
- if (!_configStore.Current.Enabled)
+ var cfg = _configStore.Current;
+ if (!cfg.Enabled || !cfg.ConsentGiven)
{
// Park until the user toggles it on (or shutdown).
+ // No outbound connection is made without explicit consent.
await WaitForEnableAsync(stoppingToken);
if (stoppingToken.IsCancellationRequested) return;
backoff = TimeSpan.FromSeconds(1);
diff --git a/dotnet/src/FlightJar.Api/Program.cs b/dotnet/src/FlightJar.Api/Program.cs
index be949fc..ff5b42d 100644
--- a/dotnet/src/FlightJar.Api/Program.cs
+++ b/dotnet/src/FlightJar.Api/Program.cs
@@ -132,17 +132,13 @@
var p2pCredentialsPath = !string.IsNullOrEmpty(dataDir) ? Path.Combine(dataDir, "p2p_credentials.json") : null;
builder.Services.AddSingleton(sp => new P2PRelayCredentialsStore(
p2pCredentialsPath, sp.GetService>()));
-// The relay client is registered when the env-only kill switch is on
-// (default). Runtime on/off lives in P2PConfigStore so the user can
-// toggle it from the About dialog without restarting; setting
-// P2P_ENABLED=0 keeps the BackgroundService out of the process entirely
-// — used by the e2e harness so the relay's outbound chatter doesn't
-// destabilise timing-sensitive tests.
-if (options.P2PEnabled)
-{
- builder.Services.AddHttpClient();
- builder.Services.AddHostedService();
-}
+// The Community Feed relay client is always registered. It refuses to
+// dial out unless the user has explicitly opted in via the Community
+// Feed dialog (Enabled && ConsentGiven), so fresh installs and tests
+// inherit "no outbound traffic" by default — the BackgroundService
+// just parks on a signal until the user flips it on.
+builder.Services.AddHttpClient();
+builder.Services.AddHostedService();
builder.Services.AddSingleton(sp => sp.GetRequiredService());
// Phase 4: watchlist + notifications + alerts.
diff --git a/dotnet/src/FlightJar.Core/Configuration/AppOptions.cs b/dotnet/src/FlightJar.Core/Configuration/AppOptions.cs
index 9bb98e5..6bc1cf5 100644
--- a/dotnet/src/FlightJar.Core/Configuration/AppOptions.cs
+++ b/dotnet/src/FlightJar.Core/Configuration/AppOptions.cs
@@ -103,24 +103,17 @@ public sealed record AppOptions
/// callers can't read your bot tokens or scrape your watchlist.
public string Password { get; init; } = "";
- // P2P relay federation. The runtime on/off switch and share-site-name
- // toggle are UI-managed, persisted in /data/p2p.json — see
- // P2PConfigStore. The relay URL + bearer token + push interval stay
- // env-only because they're advanced (self-hosted relay, private
- // federation). P2P_ENABLED is a hard env-only kill switch: when
- // false the BackgroundService never registers, so tests and
- // privacy-conscious operators can keep the relay client out of the
- // process entirely. Default true — federation runs.
+ // Community Feed relay. The runtime on/off + consent + share-site-name
+ // toggles are UI-managed and persisted in /data/p2p.json — see
+ // P2PConfigStore. The relay client refuses to dial out unless both
+ // Enabled and ConsentGiven are true; fresh installs default to off,
+ // so tests inherit "no outbound" without needing an extra kill switch.
+ // The relay URL + bearer token + push interval stay env-only because
+ // they're advanced (self-hosted relay, private federation).
/// Default community relay. Set P2P_RELAY_URL to override
/// with a self-hosted relay.
public const string DefaultRelayUrl = "wss://relay.flightjar.xyz/ws";
- /// Hard env-only kill switch (P2P_ENABLED). When false
- /// the relay BackgroundService never registers; the UI toggle is
- /// inert. Default true. The runtime on/off lives in
- /// .
- public bool P2PEnabled { get; init; } = true;
-
/// Relay WebSocket URL. Defaults to the community relay when
/// P2P_RELAY_URL is not set.
public string P2PRelayUrl { get; init; } = DefaultRelayUrl;
diff --git a/dotnet/src/FlightJar.Core/State/RegistrySnapshot.cs b/dotnet/src/FlightJar.Core/State/RegistrySnapshot.cs
index e0f7178..3842097 100644
--- a/dotnet/src/FlightJar.Core/State/RegistrySnapshot.cs
+++ b/dotnet/src/FlightJar.Core/State/RegistrySnapshot.cs
@@ -23,10 +23,10 @@ public sealed record RegistrySnapshot(
/// compute the current frame rate from consecutive snapshots.
public long? Frames { get; init; }
- /// P2P relay status surfaced to the frontend so the sidebar
- /// can show connection state and peer count. Null when federation is
- /// disabled (env kill switch P2P_ENABLED=0) and the service
- /// was never registered.
+ /// Community Feed relay status surfaced to the frontend so
+ /// the Community Feed dialog can show connection state and peer count.
+ /// Null when the user has not opted in (the relay BackgroundService
+ /// parks until consent_given && enabled).
/// The explicit JSON name pins the wire key to p2p;
/// the global SnakeCaseLower policy would otherwise emit p2_p
/// because it inserts an underscore between the digit and trailing
diff --git a/dotnet/src/FlightJar.Persistence/P2P/P2PConfigStore.cs b/dotnet/src/FlightJar.Persistence/P2P/P2PConfigStore.cs
index cef8f82..633ca61 100644
--- a/dotnet/src/FlightJar.Persistence/P2P/P2PConfigStore.cs
+++ b/dotnet/src/FlightJar.Persistence/P2P/P2PConfigStore.cs
@@ -5,15 +5,17 @@
namespace FlightJar.Persistence.P2P;
///
-/// User-toggleable P2P federation settings. Persisted to
+/// User-toggleable Community Feed settings. Persisted to
/// /data/p2p.json so a flip from the UI survives restart.
-/// First run with no file produces the documented defaults
-/// (enabled=true, share_site_name=false) — federation
-/// is on out of the box; opt out is one click in the About dialog.
+/// Fresh installs default to Enabled=false, ConsentGiven=false —
+/// the relay client won't dial out until the operator opts in via the
+/// Community Feed dialog. Existing installs on schema v1 are grandfathered
+/// (ConsentGiven = Enabled) so users who already opted in via the
+/// previous default stay opted in across the upgrade.
///
public sealed class P2PConfigStore
{
- public const int SchemaVersion = 1;
+ public const int SchemaVersion = 2;
private readonly object _gate = new();
private readonly string? _path;
@@ -67,21 +69,34 @@ public async Task LoadAsync(CancellationToken ct = default)
{
return;
}
+ var version = payload.Version ?? 0;
+ var enabled = payload.Enabled ?? false;
+ // v1 had no ConsentGiven and defaulted Enabled=true. Grandfather
+ // those users in so the upgrade doesn't yank sharing out from
+ // under anyone who'd already opted in via the previous default.
+ var consent = payload.ConsentGiven ?? (version <= 1 ? enabled : false);
lock (_gate)
{
_config = new P2PConfig
{
- Enabled = payload.Enabled ?? true,
+ Enabled = enabled,
+ ConsentGiven = consent,
ShareSiteName = payload.ShareSiteName ?? false,
};
}
_logger.LogInformation(
- "loaded P2P config from {Path} (enabled={Enabled}, share_site_name={Share})",
- _path, _config.Enabled, _config.ShareSiteName);
+ "loaded Community Feed config from {Path} (enabled={Enabled}, consent={Consent}, share_site_name={Share})",
+ _path, _config.Enabled, _config.ConsentGiven, _config.ShareSiteName);
+
+ // Migrate the on-disk file forward so subsequent reads see v2.
+ if (version < SchemaVersion)
+ {
+ Persist();
+ }
}
catch (Exception ex)
{
- _logger.LogWarning(ex, "P2P config unreadable at {Path}", _path);
+ _logger.LogWarning(ex, "Community Feed config unreadable at {Path}", _path);
}
}
@@ -105,6 +120,7 @@ private void Persist()
{
Version = SchemaVersion,
Enabled = _config.Enabled,
+ ConsentGiven = _config.ConsentGiven,
ShareSiteName = _config.ShareSiteName,
};
}
@@ -114,7 +130,7 @@ private void Persist()
}
catch (Exception ex)
{
- _logger.LogWarning(ex, "couldn't persist P2P config");
+ _logger.LogWarning(ex, "couldn't persist Community Feed config");
}
}
@@ -126,14 +142,24 @@ private void Persist()
private sealed class PersistedPayload
{
- public int Version { get; set; }
+ public int? Version { get; set; }
public bool? Enabled { get; set; }
+ public bool? ConsentGiven { get; set; }
public bool? ShareSiteName { get; set; }
}
}
public sealed record P2PConfig
{
- public bool Enabled { get; init; } = true;
+ /// Active on/off state. Only meaningful when is true.
+ public bool Enabled { get; init; }
+
+ ///
+ /// True iff the operator has explicitly opted in via the Community Feed dialog
+ /// (or was grandfathered in from a v1 config that already had Enabled=true).
+ /// The relay client refuses to dial out unless this is true.
+ ///
+ public bool ConsentGiven { get; init; }
+
public bool ShareSiteName { get; init; }
}
diff --git a/dotnet/tests/FlightJar.Api.Tests/ApiEndpointsTests.cs b/dotnet/tests/FlightJar.Api.Tests/ApiEndpointsTests.cs
index 8943c73..3e3b0bc 100644
--- a/dotnet/tests/FlightJar.Api.Tests/ApiEndpointsTests.cs
+++ b/dotnet/tests/FlightJar.Api.Tests/ApiEndpointsTests.cs
@@ -26,11 +26,11 @@ public ApiEndpointsTests(WebApplicationFactory factory)
b.UseSetting("BEAST_PORT", "1");
Environment.SetEnvironmentVariable("BEAST_HOST", "127.0.0.1");
Environment.SetEnvironmentVariable("BEAST_PORT", "1");
- // Hard-off the P2P relay client. Without this, the BackgroundService
- // would dial wss://relay.flightjar.xyz on test boot, receive peer
- // aircraft, and ApiAircraft_ReturnsEmptySnapshot would see them
- // merged into the snapshot ("expected 0, got 11").
- Environment.SetEnvironmentVariable("P2P_ENABLED", "0");
+ // The Community Feed relay client refuses to dial out unless the
+ // user has explicitly opted in via /api/p2p/config (which writes
+ // p2p.json with consent_given=true). The test fixture starts with
+ // no data dir / no p2p.json, so the relay client parks on its
+ // enable signal and no outbound chatter occurs.
// Stop the VFRMap cycle refresher from making a real call to
// vfrmap.com during the test run. Without this CI was racing
// the discovery against MapConfig_ReportsLayerStatus, which
diff --git a/dotnet/tests/FlightJar.Api.Tests/Auth/AuthEndpointsTests.cs b/dotnet/tests/FlightJar.Api.Tests/Auth/AuthEndpointsTests.cs
index 2349992..8af43ce 100644
--- a/dotnet/tests/FlightJar.Api.Tests/Auth/AuthEndpointsTests.cs
+++ b/dotnet/tests/FlightJar.Api.Tests/Auth/AuthEndpointsTests.cs
@@ -36,7 +36,6 @@ protected static WebApplicationFactory BuildFactory(string? password)
Environment.SetEnvironmentVariable("BEAST_HOST", "127.0.0.1");
Environment.SetEnvironmentVariable("BEAST_PORT", "1");
Environment.SetEnvironmentVariable("FLIGHTJAR_PASSWORD", password ?? "");
- Environment.SetEnvironmentVariable("P2P_ENABLED", "0");
});
return f;
}
diff --git a/dotnet/tests/FlightJar.Api.Tests/BeastReplayE2ETests.cs b/dotnet/tests/FlightJar.Api.Tests/BeastReplayE2ETests.cs
index dc14e7b..9c5dd5e 100644
--- a/dotnet/tests/FlightJar.Api.Tests/BeastReplayE2ETests.cs
+++ b/dotnet/tests/FlightJar.Api.Tests/BeastReplayE2ETests.cs
@@ -42,7 +42,6 @@ public async Task Replay_SurfacesAircraftInSnapshot()
Environment.SetEnvironmentVariable("BEAST_HOST", "127.0.0.1");
Environment.SetEnvironmentVariable("BEAST_PORT", port.ToString(System.Globalization.CultureInfo.InvariantCulture));
- Environment.SetEnvironmentVariable("P2P_ENABLED", "0");
await using var factory = new WebApplicationFactory();
var client = factory.CreateClient();
diff --git a/dotnet/tests/FlightJar.Persistence.Tests/P2P/P2PConfigStoreTests.cs b/dotnet/tests/FlightJar.Persistence.Tests/P2P/P2PConfigStoreTests.cs
new file mode 100644
index 0000000..a4cb56c
--- /dev/null
+++ b/dotnet/tests/FlightJar.Persistence.Tests/P2P/P2PConfigStoreTests.cs
@@ -0,0 +1,142 @@
+using FlightJar.Persistence.P2P;
+
+namespace FlightJar.Persistence.Tests.P2P;
+
+public class P2PConfigStoreTests : IDisposable
+{
+ private readonly string _tmp;
+
+ public P2PConfigStoreTests()
+ {
+ _tmp = Path.Combine(Path.GetTempPath(), $"flightjar-{Guid.NewGuid():N}");
+ Directory.CreateDirectory(_tmp);
+ }
+
+ public void Dispose()
+ {
+ if (Directory.Exists(_tmp))
+ {
+ Directory.Delete(_tmp, recursive: true);
+ }
+ }
+
+ private string PathFor() => Path.Combine(_tmp, "p2p.json");
+
+ [Fact]
+ public async Task FreshInstall_DefaultsToDisabledNoConsent()
+ {
+ var store = new P2PConfigStore(PathFor());
+ await store.LoadAsync();
+ Assert.False(store.Current.Enabled);
+ Assert.False(store.Current.ConsentGiven);
+ Assert.False(store.Current.ShareSiteName);
+ }
+
+ [Fact]
+ public async Task V1WithEnabledTrue_IsGrandfathered()
+ {
+ // v1 had no consent_given and defaulted enabled=true.
+ await File.WriteAllTextAsync(PathFor(),
+ "{\"version\":1,\"enabled\":true,\"share_site_name\":false}");
+
+ var store = new P2PConfigStore(PathFor());
+ await store.LoadAsync();
+
+ Assert.True(store.Current.Enabled);
+ Assert.True(store.Current.ConsentGiven);
+ }
+
+ [Fact]
+ public async Task V1WithEnabledFalse_StaysOff()
+ {
+ // User had explicitly opted out under v1 — keep them off, no consent.
+ await File.WriteAllTextAsync(PathFor(),
+ "{\"version\":1,\"enabled\":false,\"share_site_name\":false}");
+
+ var store = new P2PConfigStore(PathFor());
+ await store.LoadAsync();
+
+ Assert.False(store.Current.Enabled);
+ Assert.False(store.Current.ConsentGiven);
+ }
+
+ [Fact]
+ public async Task V1Migration_RewritesFileAsV2()
+ {
+ await File.WriteAllTextAsync(PathFor(),
+ "{\"version\":1,\"enabled\":true,\"share_site_name\":false}");
+
+ var first = new P2PConfigStore(PathFor());
+ await first.LoadAsync();
+
+ var raw = await File.ReadAllTextAsync(PathFor());
+ Assert.Contains("\"version\": 2", raw);
+ Assert.Contains("\"consent_given\": true", raw);
+ }
+
+ [Fact]
+ public async Task V2RoundTrip_PreservesAllFields()
+ {
+ var first = new P2PConfigStore(PathFor());
+ first.Replace(new P2PConfig
+ {
+ Enabled = true,
+ ConsentGiven = true,
+ ShareSiteName = true,
+ });
+
+ var fresh = new P2PConfigStore(PathFor());
+ await fresh.LoadAsync();
+ Assert.True(fresh.Current.Enabled);
+ Assert.True(fresh.Current.ConsentGiven);
+ Assert.True(fresh.Current.ShareSiteName);
+ }
+
+ [Fact]
+ public async Task MissingVersion_TreatedAsLegacy()
+ {
+ // No version field at all → treat as v0/v1: grandfather based on enabled.
+ await File.WriteAllTextAsync(PathFor(), "{\"enabled\":true}");
+
+ var store = new P2PConfigStore(PathFor());
+ await store.LoadAsync();
+ Assert.True(store.Current.Enabled);
+ Assert.True(store.Current.ConsentGiven);
+ }
+
+ [Fact]
+ public void Replace_FiresChangedEvent()
+ {
+ var store = new P2PConfigStore(PathFor());
+ P2PConfig? observed = null;
+ store.Changed += c => observed = c;
+
+ store.Replace(new P2PConfig { Enabled = true, ConsentGiven = true });
+
+ Assert.NotNull(observed);
+ Assert.True(observed!.Enabled);
+ Assert.True(observed.ConsentGiven);
+ }
+
+ [Fact]
+ public void Replace_NoChange_NoEvent()
+ {
+ var store = new P2PConfigStore(PathFor());
+ var count = 0;
+ store.Changed += _ => count++;
+
+ store.Replace(new P2PConfig());
+ Assert.Equal(0, count);
+ }
+
+ [Fact]
+ public async Task MalformedFile_LeavesDefaults()
+ {
+ await File.WriteAllTextAsync(PathFor(), "{ this is not json");
+
+ var store = new P2PConfigStore(PathFor());
+ await store.LoadAsync();
+ Assert.False(store.Current.Enabled);
+ Assert.False(store.Current.ConsentGiven);
+ }
+}
diff --git a/playwright.config.js b/playwright.config.js
index 6b17265..c64012d 100644
--- a/playwright.config.js
+++ b/playwright.config.js
@@ -69,10 +69,11 @@ export default defineConfig({
// every test run. Disable it here — the layer still registers in
// the frontend (testing that is the point of the e2e assertion).
BLACKSPOTS_ENABLED: '0',
- // Hard-off the P2P relay client so the BackgroundService doesn't
- // dial wss://relay.flightjar.xyz during tests — the network noise
- // and 5s push timer destabilise timing-sensitive layout assertions.
- P2P_ENABLED: '0',
+ // The Community Feed relay client is consent-gated: it parks until
+ // the user opts in via /api/p2p/config (which writes p2p.json with
+ // consent_given=true). The harness uses a fresh data dir each run,
+ // so the relay client never dials out and there's no need for a
+ // separate env-var kill switch.
FLIGHTJAR_STATIC_DIR: `${process.cwd()}/app/static`,
},
},