7: limits & safe

src/client/java/com/adamcalculator/dynamicpack/DebugScreen.java

@@ -8,8 +8,6 @@
 import net.minecraft.client.toast.SystemToast;
 import net.minecraft.text.Text;
 
-import java.io.IOException;
-
 public class DebugScreen extends Screen {
     protected DebugScreen() {
         super(Text.literal("DebugScreen"));
@@ -32,7 +30,7 @@ protected void init() {
         for (Pack pack : DynamicPackMod.packs) {
             Out.println("gui pack: " + pack);
             try {
-                addDrawableChild(ButtonWidget.builder(Text.of(pack.getLocation().getName() + ":"+pack.checkIsUpdateAvailable()), button -> {
+                addDrawableChild(ButtonWidget.builder(Text.of(pack.getLocation().getName() + ":"+pack.getCachedUpdateAvailableStatus()), button -> {
 
                 }).size(160, 20).position(10, height).build());
 
@@ -60,7 +58,7 @@ public void done(boolean b) {
                         Out.e(e);
                     }
                 }).size(50, 20).position(190, height).build());
-            } catch (IOException e) {
+            } catch (Exception e) {
                 addDrawableChild(ButtonWidget.builder(Text.of(e + ""), button -> {
                 }).size(500, 20).position(10, height).build());
                 Out.e(e);

src/client/java/com/adamcalculator/dynamicpack/pack/DynamicRepoRemote.java

@@ -27,7 +27,7 @@ public DynamicRepoRemote(Pack pack, JSONObject remote) {
 
     @Override
     public boolean checkUpdateAvailable() throws IOException {
-        String content = Urls.parseContent(buildUrl);
+        String content = Urls.parseContent(buildUrl, 64).trim();
         return parent.getCurrentBuild() != Long.parseLong(content);
     }
 

src/client/java/com/adamcalculator/dynamicpack/pack/DynamicRepoSyncProcessV1.java

@@ -80,7 +80,7 @@ private void processContent(JSONObject object) throws IOException, NoSuchAlgorit
         }
 
         progress.textLog("process content id:" + id);
-        processContentParsed(new JSONObject(compressSupported ? Urls.parseGZipContent(urlCompressed) : Urls.parseContent(url)));
+        processContentParsed(new JSONObject(compressSupported ? Urls.parseGZipContent(urlCompressed, Mod.GZIP_LIMIT) : Urls.parseContent(url, Mod.MOD_FILES_LIMIT)));
     }
 
     private void processContentParsed(JSONObject j) throws IOException, NoSuchAlgorithmException {

src/client/java/com/adamcalculator/dynamicpack/pack/ModrinthRemote.java

@@ -1,5 +1,6 @@
 package com.adamcalculator.dynamicpack.pack;
 
+import com.adamcalculator.dynamicpack.Mod;
 import com.adamcalculator.dynamicpack.Urls;
 import org.json.JSONArray;
 import org.json.JSONObject;
@@ -25,7 +26,7 @@ public String getVersionsUrl() {
     }
 
     public JSONObject parseLatestVersionJson() throws IOException {
-        String content = Urls.parseContent(getVersionsUrl());
+        String content = Urls.parseContent(getVersionsUrl(), Mod.MOD_MODTINTH_API_LIMIT);
         JSONArray j = new JSONArray(content);
         for (Object o : j) {
             JSONObject jsonObject = (JSONObject) o;

src/client/java/com/adamcalculator/dynamicpack/pack/Pack.java

@@ -12,6 +12,7 @@
 public class Pack {
     private final File location;
     private JSONObject cachedJson;
+    private boolean cachedUpdateAvailable;
     private long current_build;
     private Remote remote;
     private boolean isSyncing = false;
@@ -61,7 +62,11 @@ public String getCurrentVersionNumber() {
     }
 
     public boolean checkIsUpdateAvailable() throws IOException {
-        return remote.checkUpdateAvailable();
+        return cachedUpdateAvailable = remote.checkUpdateAvailable();
+    }
+
+    public boolean getCachedUpdateAvailableStatus() {
+        return cachedUpdateAvailable;
     }
 
     public void sync(SyncProgress progress, boolean manually) throws Exception {
@@ -105,12 +110,12 @@ private void sync0(SyncProgress progress, boolean manually) throws Exception {
     private boolean dynamicRepoSync(DynamicRepoRemote dynamicRepoRemote, SyncProgress progress) throws Exception {
         String packUrlContent;
         if (dynamicRepoRemote.skipSign) {
-            packUrlContent = Urls.parseContent(dynamicRepoRemote.packUrl);
+            packUrlContent = Urls.parseContent(dynamicRepoRemote.packUrl, Mod.MOD_FILES_LIMIT);
             Out.LOGGER.warn("Dynamic pack " + location.getName() + " is skipping signing.");
             progress.textLog("File parsed, verify skipped.");
 
         } else {
-            packUrlContent = Urls.parseContentAndVerify(dynamicRepoRemote.packSigUrl, dynamicRepoRemote.packUrl, dynamicRepoRemote.publicKey);
+            packUrlContent = Urls.parseContentAndVerify(dynamicRepoRemote.packSigUrl, dynamicRepoRemote.packUrl, dynamicRepoRemote.publicKey, Mod.MOD_FILES_LIMIT);
             progress.textLog("Success parse and verify file.");
         }
 
@@ -153,7 +158,7 @@ private boolean modrinthSync(ModrinthRemote modrinthRemote, SyncProgress progres
         File file = null;
         int attempts = 3;
         while (attempts > 0) {
-            file = Urls.downloadFileToTemp(latest.url, "dynamicpack_download", ".zip");
+            file = Urls.downloadFileToTemp(latest.url, "dynamicpack_download", ".zip", Mod.MODRINTH_HTTPS_FILE_SIZE_LIMIT);
 
             if (Hashes.calcHashForFile(file).equals(latest.fileHash)) {
                 progress.textLog("Download done! Hashes is equals.");

src/main/java/com/adamcalculator/dynamicpack/Mod.java

@@ -1,7 +1,16 @@
 package com.adamcalculator.dynamicpack;
 
 public class Mod {
-    public static final long HTTPS_FILE_SIZE_LIMIT = 1024 * 1024 * 5; // kb -> mb -> 5MB
+    // NOTE: for increase contact to mod developer.
+    public static final long DYNAMIC_PACK_HTTPS_FILE_SIZE_LIMIT = megabyte(8); // kb -> mb -> 5MB (for files in resourcepack)
+    public static final long MODRINTH_HTTPS_FILE_SIZE_LIMIT = megabyte(1024); // 1 GB (for .zip files from modrinth)
+    public static final long MOD_MODTINTH_API_LIMIT = megabyte(8); // 8 MB of api
+    public static final long GZIP_LIMIT = megabyte(50); // 50 MB of .gz file
+    public static final long MOD_FILES_LIMIT = megabyte(8);
+
+    private static long megabyte(long mb) {
+        return 1024L * 1024L * mb;
+    }
 
     public static boolean isRelease() {
         return false;

src/main/java/com/adamcalculator/dynamicpack/Urls.java

@@ -16,43 +16,43 @@ public static boolean isFileDebugScheme() {
         return !Mod.isRelease();
     }
 
-    public static String parseContentAndVerify(String signatureUrl, String url, String publicKeyBase64) throws IOException {
+    public static String parseContentAndVerify(String signatureUrl, String url, String publicKeyBase64, long maxLimit) throws IOException {
         boolean isVerified = GPGDetachedSignatureVerifier
-                .verify(_getInputStreamOfUrl(url),
-                        _getInputStreamOfUrl(signatureUrl),
+                .verify(_getInputStreamOfUrl(url, maxLimit),
+                        _getInputStreamOfUrl(signatureUrl, maxLimit),
                         publicKeyBase64);
 
         if (!isVerified) {
             throw new SecurityException("Failed to verify " + url + " using signature at " + signatureUrl + " and publicKey: " + publicKeyBase64);
         }
-        return _parseContentFromStream(_getInputStreamOfUrl(url));
+        return _parseContentFromStream(_getInputStreamOfUrl(url, maxLimit));
     }
 
     /**
      * Parse text content from url
      * @param url url
      */
-    public static String parseContent(String url) throws IOException {
-        return _parseContentFromStream(_getInputStreamOfUrl(url));
+    public static String parseContent(String url, long limit) throws IOException {
+        return _parseContentFromStream(_getInputStreamOfUrl(url, limit));
     }
 
 
     /**
      * Parse GZip compressed content from url
      * @param url url
      */
-    public static String parseGZipContent(String url) throws IOException {
-        return _parseContentFromStream(new GZIPInputStream(_getInputStreamOfUrl(url)));
+    public static String parseGZipContent(String url, long limit) throws IOException {
+        return _parseContentFromStream(new GZIPInputStream(_getInputStreamOfUrl(url, limit)));
     }
 
 
     /**
      * Create temp zipFile and download to it from url.
      */
-    public static File downloadFileToTemp(String url, String prefix, String suffix) throws IOException {
+    public static File downloadFileToTemp(String url, String prefix, String suffix, long limit) throws IOException {
         File file = File.createTempFile(prefix, suffix);
 
-        InputStream inputStream = _getInputStreamOfUrl(url);
+        InputStream inputStream = _getInputStreamOfUrl(url, limit);
         FileOutputStream fileOutputStream = new FileOutputStream(file);
         _transferStreams(inputStream, fileOutputStream);
 
@@ -72,12 +72,12 @@ public static void downloadDynamicFile(String url, Path path) throws IOException
         }
         Files.createFile(path);
 
-        _transferStreams(_getInputStreamOfUrl(url), Files.newOutputStream(path));
+        _transferStreams(_getInputStreamOfUrl(url, Mod.DYNAMIC_PACK_HTTPS_FILE_SIZE_LIMIT), Files.newOutputStream(path));
     }
 
 
 
-    private static InputStream _getInputStreamOfUrl(String url) throws IOException {
+    private static InputStream _getInputStreamOfUrl(String url, long sizeLimit) throws IOException {
         if (url.startsWith("file_debug_only://")) {
             if (!isFileDebugScheme()) {
                 throw new RuntimeException("Not allowed scheme.");
@@ -94,8 +94,8 @@ private static InputStream _getInputStreamOfUrl(String url) throws IOException {
         } else if (url.startsWith("https://")) {
             URL urlObj = new URL(url);
             URLConnection connection = urlObj.openConnection();
-            if (connection.getContentLengthLong() > Mod.HTTPS_FILE_SIZE_LIMIT) {
-                throw new RuntimeException("File at " + url+ " so bigger. l: " + connection.getContentLengthLong());
+            if (connection.getContentLengthLong() > sizeLimit) {
+                throw new RuntimeException("File at " + url+ " so bigger. " + connection.getContentLengthLong() + " > " + sizeLimit);
             }
             return connection.getInputStream();