Commit Graph

173 Commits

Author SHA1 Message Date
Ray Greenwell 6180dc265c Merge pull request #9 from fourbites/config-tooltip-support
Config tooltip support. Now as an annotation.
2026-03-20 14:35:49 -07:00
Ray J. Greenwell 93b9cd72c1 Inline the method so I don't have to correct the comment.
It's so small now anyway.
2026-03-20 14:34:14 -07:00
Ray J. Greenwell 4abbdc4c0a Use an annotation for tooltips rather than a separate static field. 2026-03-20 14:28:59 -07:00
Ray J. Greenwell 7e08d9fd48 All we're ever doing with the prefixes is iterating them. List. 2026-03-20 13:39:51 -07:00
Ray J. Greenwell d823feb674 Rayified: Delay chopping out a substring, check primitives?
I guess I could validate that the primitive code is the final character
in the string. start == end - 1...
2026-03-20 13:28:10 -07:00
Ray Greenwell 0e9b81404a Merge pull request #10 from fourbites/deserialization-fixes
Deserialization fixes
2026-03-20 13:16:06 -07:00
fourbites 84bed9e479 Class check cleanup 2026-03-20 20:53:26 +01:00
fourbites 1fd6240d09 Another class filtering fix 2026-03-20 15:41:04 +01:00
fourbites 35b8acb52a Allow L (array) types 2026-03-20 15:18:36 +01:00
fourbites c4ab0d13de Harden deserialization against malicious client input
Add three defenses to the Streamable deserialization system to prevent
exploitation by hacked clients:

- Class whitelist: ObjectInputStream.setAllowedClassPrefixes() validates
  class names before Class.forName(), blocking arbitrary class loading
  from crafted wire data. Callers configure at startup; unconfigured
  streams retain existing behavior for backward compatibility.

- Container size caps: BasicStreamers.validateSize() rejects arrays,
  collections, and maps with negative or >65536 element counts. Prevents
  OOM from a small frame declaring a massive allocation. Applied to all
  12 array/collection read paths and Streamer.ArrayStreamer.

- Recursion depth limit: ObjectInputStream.readObject() tracks nesting
  depth and throws at 32 levels, preventing stack overflow from
  maliciously nested structures (e.g., list-of-list-of-list).
2026-03-20 14:42:10 +01:00
fourbites 2a8db32013 Use keepalive and reduce ping interval
Some networks will kill connections sooner than 60s, especially if they are not using keepalive. This fix should reduce the random disconnects some players experience
2026-03-16 14:16:21 +01:00
Michael Bayne 91f1292ba4 Support Depot ByteEnum in Narya.
I don't think anything is directly streaming these over the wire, but it would
have worked before, so we'll try to keep it working now to avoid unpleasant
surprises.
2026-03-11 12:50:58 -07:00
Michael Bayne 283984464b [maven-release-plugin] prepare for next development iteration 2026-03-09 14:17:16 -07:00
Michael Bayne d930aacc8c [maven-release-plugin] prepare release narya-1.17.4 2026-03-09 14:17:13 -07:00
Ray J. Greenwell 3b0af94757 Drive-by: remove redundant null check. 2026-03-03 14:10:55 -08:00
Ray J. Greenwell fbf3238f80 Have FieldEditor update on ElementUpdatedEvents; Require match NamedEvent!
- It would update if an AttributeChangedEvent was received, but not an
  ElementUpdatedEvent!

- If you have 50 fields and 50 editors, then every one was updating
  whenever an event arrived? Filter by the field that actually changed?
  Does this break something?
2026-03-03 14:10:55 -08:00
Ray J. Greenwell 6e464e132f Allow the reboot manager to specify a time zone...
A balance between: This is obnoxious, I should fix it in my subclass
and/or we should be compositing functionality, not subclassing... but
adding a time zone to this old thing seems fundamental anyway and this
is an easy fix.
2026-03-02 13:28:40 -08:00
Michael Bayne 12c617158d [maven-release-plugin] prepare for next development iteration 2026-02-25 12:18:55 -08:00
Ray J. Greenwell 8813f630d6 [maven-release-plugin] prepare release narya-1.17.3 2026-02-25 12:05:53 -08:00
Ray J. Greenwell 114bfd0460 Include the proper number of parens... how did this get by? 2026-02-25 11:44:51 -08:00
Ray J. Greenwell 7f3b45d2da Add a string to the ignoreable exceptions, for newer Java. 2026-02-24 14:01:49 -08:00
Ray J. Greenwell 45e5561460 InvocationProxy: View a *Provider instance as a *Service.
This is used on multi-noded servers so that I can have a service
interface for talking to the node in charge of a particular resource,
and use the same code path even if that node is the current node.

Perhaps this be more smoothly integrated in the future but for now it's
a static utility you need to manually set up.
2026-02-20 10:32:18 -08:00
fourbites e949041aa0 Add search to admin config 2026-02-17 10:14:15 +01:00
Michael Bayne 794924e8a9 Revert "Avoid a concrete dependency on PresentsServer."
This reverts commit 938847bea9.

This didn't turn out to work well enough, so let's avoid unhelpful indirection.
2026-02-11 11:43:02 -08:00
Michael Bayne 4b6ec141f3 [maven-release-plugin] prepare for next development iteration 2026-02-11 10:06:30 -08:00
Michael Bayne c1b9ec813c [maven-release-plugin] prepare release narya-1.17.2 2026-02-11 10:06:26 -08:00
Michael Bayne 938847bea9 Avoid a concrete dependency on PresentsServer.
ProjectX uses Guice to inject dependencies and this results in some random
manager having a dependency on the concrete server class, which invariably is
getting inject itself at the time this dependency has to be resolved, which
causes circular dependencies.

Guice was able to thread the needle with other sneaky business in some cases,
but also sometimes not. So let's give it a nice interface that it can proxy to
manage this particular circular dependency.
2026-02-11 09:59:23 -08:00
fourbites 7b52b24215 Add tooltip support to config editor via _TIP convention
ObjectEditorPanel now looks up a static String constant named
FIELD_NAME_TIP (e.g. myField → MY_FIELD_TIP) on the ConfigObject after
calling getEditor(), and sets it as a tooltip on the editor panel.

No changes to ConfigObject's API — existing getEditor() overrides
continue to work and automatically receive tooltips.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 01:18:58 +01:00
fourbites b6a687d2fa Fix IllegalAccessError crash
This was crashing when served from a webapp due to "IllegalAccessError". Lambda expressions seem to make it happy.
2026-01-03 19:45:40 +01:00
fourbites 4185d621f8 Prevent overlapping reboot warning messages
It's hard to say if this is the cause, but it won't hurt to clear existing intervals just in case.
2025-12-13 12:04:16 +01:00
Michael Bayne e35740aba7 [maven-release-plugin] prepare for next development iteration 2025-11-13 16:57:17 -08:00
Michael Bayne e78dfd88fd [maven-release-plugin] prepare release narya-1.17.1 2025-11-13 16:57:14 -08:00
Michael Bayne 0be130a383 Handle streaming of data manually.
We can no longer reflect on java.awt classes and fiddle with their internals.
2025-11-13 16:53:22 -08:00
Ray J. Greenwell 685468fd70 ConnectionManager can be configured to allow larger messages.
Messages that are too big are dropped and the clients have no hope of
recovering. Warnings are logged but that's it. Allow bigger.
2025-10-23 11:27:17 -07:00
Michael Bayne 1361e237ef [maven-release-plugin] prepare for next development iteration 2025-07-04 09:46:01 -07:00
Michael Bayne 6ec6af0f25 [maven-release-plugin] prepare release narya-1.17 2025-07-04 09:45:58 -07:00
Michael Bayne 91b1c66767 Update to shipped depot & ooo-util. 2025-07-04 09:26:00 -07:00
Michael Bayne 859c7d197d Javadoc fixes. 2025-07-04 08:54:52 -07:00
Michael Bayne 61fd40f318 Streamline the source header. Update the copyright. 2025-04-03 13:21:33 -07:00
Michael Bayne 2b0ea73dd1 Merge pull request #4 from threerings/dependabot/maven/core/junit-junit-4.13.1
Bump junit from 4.10 to 4.13.1 in /core
2025-04-03 13:13:29 -07:00
Michael Bayne 494a8fd06e Merge pull request #5 from threerings/dependabot/maven/core/org.apache.ant-ant-1.10.9
Bump ant from 1.7.1 to 1.10.9 in /core
2025-04-03 13:13:11 -07:00
Michael Bayne 77ccbb97a2 Updating depends. 2025-02-05 10:55:13 -08:00
Michael Bayne 4c98299580 Add a default implementation. 2025-02-05 10:51:56 -08:00
dependabot[bot] ae54490ddf Bump ant from 1.7.1 to 1.10.9 in /core
Bumps ant from 1.7.1 to 1.10.9.

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-03 19:27:01 +00:00
dependabot[bot] d611d1d1bf Bump junit from 4.10 to 4.13.1 in /core
Bumps [junit](https://github.com/junit-team/junit4) from 4.10 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.10.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.10...r4.13.1)

Signed-off-by: dependabot[bot] <support@github.com>
2020-10-13 04:35:43 +00:00
Ray J. Greenwell 5b01edc885 Return to SNAPSHOT development. 2018-09-26 16:22:59 -07:00
Ray J. Greenwell d752f21b9a Prepare for release of 1.16.5. 2018-09-26 16:19:31 -07:00
Michael Bayne 24b54b8dc6 Added a soak test & isolated test for just fixed bug. 2018-09-26 15:34:12 -07:00
Michael Bayne 11e815fcc3 Do not use buffer limit as indicator of frame completion.
If the frame happens to be exactly the same size as the buffer capacity, we
will erroneously think that the last frame was complete because the limit is
normally at the buffer capacity.

This only exploded when we had both a perfectly sized frame and failed to read
it in a single call to read, which apparently took 17 years to happen, and many
billions of frames read.
2018-09-26 15:16:39 -07:00
Ray J. Greenwell ed7c071de1 Remove debuggery. 2018-09-26 15:12:59 -07:00