Merge pull request #73 from MrAlders0n/copilot/fix-fail-open-issue

MrAlders0n · web-flow · commit db63bb8ba24c · 2025-12-20T02:31:03.000Z
Change capacity check from fail-open to fail-closed and improve status messages
diff --git a/STATUS_MESSAGES.md b/STATUS_MESSAGES.md
@@ -89,13 +89,23 @@ Status messages follow these consistent conventions:
 - **Context**: When connecting to device and checking if a wardriving slot is available
 - **Minimum Visibility**: 500ms minimum enforced (or until API response received)
 
-#### WarDriving app has reached capacity or is down
-- **Message**: `"WarDriving app has reached capacity or is down"`
+#### WarDriving app has reached capacity
+- **Message**: `"WarDriving app has reached capacity"`
 - **Color**: Red (error)
 - **Used in**: `checkCapacity()`, `postToMeshMapperAPI()`
-- **Source**: `content/wardrive.js:2051`, `content/wardrive.js:1115`
-- **Context**: Capacity check API denies slot on connect, or wardriving API returns allowed=false during active session
+- **Source**: `content/wardrive.js:1061`, `content/wardrive.js:1116`
+- **Context**: Capacity check API denies slot on connect (returns allowed=false), or wardriving API returns allowed=false during active session
 - **Minimum Visibility**: N/A (error state persists until disconnect)
+- **Notes**: Displayed when the API successfully responds but indicates capacity is full
+
+#### WarDriving app is down
+- **Message**: `"WarDriving app is down"`
+- **Color**: Red (error)
+- **Used in**: `checkCapacity()`
+- **Source**: `content/wardrive.js:1050`, `content/wardrive.js:1072`
+- **Context**: Capacity check API returns error status or network is unreachable during connect
+- **Minimum Visibility**: N/A (error state persists until disconnect)
+- **Notes**: Implements fail-closed policy - connection is denied if API fails or is unreachable
 
 #### Unable to read device public key; try again
 - **Message**: `"Unable to read device public key; try again"`
@@ -106,13 +116,12 @@ Status messages follow these consistent conventions:
 - **Minimum Visibility**: N/A (error state persists until disconnect)
 
 #### Network issue checking slot, proceeding anyway
-- **Message**: `"Network issue checking slot, proceeding anyway"`
+- **Message**: `"Network issue checking slot, proceeding anyway"` (DEPRECATED - no longer used)
 - **Color**: Amber (warning)
-- **Used in**: `checkCapacity()`
-- **Source**: `content/wardrive.js:1051`, `content/wardrive.js:1070`
-- **Context**: Capacity check API is unreachable or returns error during connect (fail-open behavior)
-- **Minimum Visibility**: 1500ms enforced (brief warning before continuing)
-- **Notes**: Implements fail-open policy - allows connection to proceed despite API failure
+- **Used in**: N/A (removed)
+- **Source**: Previously `content/wardrive.js:1051`, `content/wardrive.js:1070`
+- **Context**: This message is no longer shown. Network issues now result in connection denial (fail-closed)
+- **Notes**: Replaced by fail-closed policy - connection is now denied on network errors
 
 ---
 
@@ -268,9 +277,9 @@ These messages use a hybrid approach: **first display respects 500ms minimum**,
 #### Idle
 - **Message**: `"Idle"`
 - **Color**: Slate (idle)
-- **Used in**: `postApiAndRefreshMap()`
-- **Source**: `content/wardrive.js:1091`
-- **Context**: Manual mode, after API post completes
+- **Used in**: `connect()`, `postApiAndRefreshMap()`
+- **Source**: `content/wardrive.js:2060`, `content/wardrive.js:1091`
+- **Context**: Initial connection complete after capacity check succeeds, or manual mode after API post completes
 - **Minimum Visibility**: 500ms minimum enforced
 
 ---
@@ -360,9 +369,9 @@ Result:     "Message A" (visible 500ms) → "Message C"
 
 ## Summary
 
-**Total Status Messages**: 29 unique message patterns
+**Total Status Messages**: 30 unique message patterns
 - **Connection**: 7 messages
-- **Capacity Check**: 4 messages
+- **Capacity Check**: 4 messages (1 deprecated)
 - **Ping Operation**: 6 messages (consolidated "Ping sent" for both manual and auto)
 - **GPS**: 2 messages
 - **Countdown Timers**: 6 message patterns (with dynamic countdown values)
diff --git a/content/wardrive.js b/content/wardrive.js
@@ -1044,32 +1044,33 @@ async function checkCapacity(reason) {
 
     if (!response.ok) {
       debugWarn(`Capacity check API returned error status ${response.status}`);
-      // Fail open on network errors for connect
+      // Fail closed on network errors for connect
       if (reason === "connect") {
-        debugWarn("Failing open (allowing connection) due to API error");
-        // Show network issue message briefly
-        setStatus("Network issue checking slot, proceeding anyway", STATUS_COLORS.warning);
-        await new Promise(resolve => setTimeout(resolve, 1500)); // Show message for 1.5s
-        return true;
+        debugError("Failing closed (denying connection) due to API error");
+        setStatus("WarDriving app is down", STATUS_COLORS.error);
+        return false;
       }
       return true; // Always allow disconnect to proceed
     }
 
     const data = await response.json();
     debugLog(`Capacity check response: allowed=${data.allowed}`);
 
+    // Handle capacity full vs. allowed cases separately
+    if (data.allowed === false && reason === "connect") {
+      setStatus("WarDriving app has reached capacity", STATUS_COLORS.error);
+    }
+    
     return data.allowed === true;
 
   } catch (error) {
     debugError(`Capacity check failed: ${error.message}`);
     
-    // Fail open on network errors for connect
+    // Fail closed on network errors for connect
     if (reason === "connect") {
-      debugWarn("Failing open (allowing connection) due to network error");
-      // Show network issue message briefly
-      setStatus("Network issue checking slot, proceeding anyway", STATUS_COLORS.warning);
-      await new Promise(resolve => setTimeout(resolve, 1500)); // Show message for 1.5s
-      return true;
+      debugError("Failing closed (denying connection) due to network error");
+      setStatus("WarDriving app is down", STATUS_COLORS.error);
+      return false;
     }
     
     return true; // Always allow disconnect to proceed
@@ -1112,7 +1113,7 @@ async function postToMeshMapperAPI(lat, lon, heardRepeats) {
         const data = await response.json();
         if (data.allowed === false) {
           debugWarn("MeshMapper API returned allowed=false, disconnecting");
-          setStatus("WarDriving app has reached capacity or is down", STATUS_COLORS.error);
+          setStatus("WarDriving app has reached capacity", STATUS_COLORS.error);
           // Disconnect after a brief delay to ensure user sees the message
           setTimeout(() => {
             disconnect().catch(err => debugError(`Disconnect after capacity denial failed: ${err.message}`));
@@ -2048,11 +2049,14 @@ async function connect() {
         const allowed = await checkCapacity("connect");
         if (!allowed) {
           debugWarn("Capacity check denied, disconnecting");
-          setStatus("WarDriving app has reached capacity or is down", STATUS_COLORS.error);
+          // Status message already set by checkCapacity()
           // Disconnect after a brief delay to ensure user sees the message
           setTimeout(() => {
             disconnect().catch(err => debugError(`Disconnect after capacity denial failed: ${err.message}`));
           }, 1500);
+        } else {
+          // Connection complete, set status to Idle
+          setStatus("Idle", STATUS_COLORS.idle);
         }
       } catch (e) {
         debugError(`Channel setup failed: ${e.message}`, e);
