Commit Graph

191 Commits

Author SHA1 Message Date
Claridtimo 93a2dc35d0 TLS foundation: tls-channel dep + TlsContextFactory
Adds the marianobarrios:tls-channel:1.0.0 dependency (thin ByteChannel-over-
SSLEngine wrapper, MIT, zero transitive deps, Java 8 bytecode) and a
TlsContextFactory that builds server (keystore) and client (pinned truststore)
SSLContexts, TLS 1.3 only. No transport wiring yet — this just compiles in the
building blocks for full-session encryption of the Presents NIO stream.
2026-06-29 21:52:48 +12:00
Michael Bayne 34bd05060f [maven-release-plugin] prepare release narya-1.19 2026-06-03 10:35:34 -07:00
Ray J. Greenwell 3733ea02f5 Allow the default "warning size" for DSets to be set with a property. 2026-05-14 12:33:18 -07:00
Ray J. Greenwell 201e6bf766 Better documentation. 2026-05-13 14:53:19 -07:00
Ray J. Greenwell c781b86449 Allow the constraint for unstreaming size to be configured at startup...
int property com.threerings.io.maxContainerSize
2026-05-13 14:10:34 -07:00
Michael Bayne f1c1b730a1 [maven-release-plugin] prepare for next development iteration 2026-04-30 13:40:23 -07:00
Michael Bayne 9f4c3dbb54 [maven-release-plugin] prepare release narya-1.18 2026-04-30 13:40:19 -07:00
Ray J. Greenwell cc7193a4f4 Fix tests: add hamcrest jar, make them run headless/no dock icon. 2026-04-27 20:42:39 -07:00
Ray J. Greenwell 5e9f4d5a15 Stop using the old JSR250 annotation.
This will likely break a bunch of things because things further down the
line were depending on narya bringing in this jar.
2026-04-27 15:04:35 -07:00
Ray J. Greenwell 32809d2d79 Fix implicit cast warnings seen. 2026-04-27 15:04:21 -07:00
Ray J. Greenwell d8c22a00f9 Fix more easy deprecation warnings: String constructors of boxed types. 2026-03-21 16:09:04 -07:00
Ray J. Greenwell 1fe0dc2f7f Remove some redundant casts. 2026-03-21 16:09:04 -07:00
Ray J. Greenwell 195562435b Fix Class.newInstance() deprecation warnings. 2026-03-21 16:09:04 -07:00
Ray J. Greenwell 4ddc4e2f8a Why does the compiler care about this one JComboBox and not others? 2026-03-21 15:48:40 -07:00
Ray J. Greenwell 99f797f66a Drive-by: a bit of modernization & warning cleanup, UTF-8 edition. 2026-03-21 15:27:14 -07:00
Ray J. Greenwell d7b4e10430 Only check for the "L" and ";" if we're in an array.
I can't help but over-optimize. We're parsing the result of class.getName(),
it will be a bare class name if not in the array.

Also: Stop going out of our way to not throw an exception if the input
is malformed, as that's the desired result for bad input.
2026-03-21 15:19:13 -07:00
Ray J. Greenwell 5e17d3ba67 Reformat: whitespace and comments, I'm not used to narya's 4-space indent. 2026-03-20 16:27:38 -07:00
Ray J. Greenwell c874221e62 Combine next char checks; class names may not have L! validate prims.
I think something else in narya must be stripping off the "L;" ..?
2026-03-20 16:20:10 -07:00
Ray Greenwell 6180dc265c Merge pull request #9 from fourbites/config-tooltip-support
Config tooltip support. Now as an annotation.
2026-03-20 14:35:49 -07:00
Ray J. Greenwell 93b9cd72c1 Inline the method so I don't have to correct the comment.
It's so small now anyway.
2026-03-20 14:34:14 -07:00
Ray J. Greenwell 4abbdc4c0a Use an annotation for tooltips rather than a separate static field. 2026-03-20 14:28:59 -07:00
Ray J. Greenwell 7e08d9fd48 All we're ever doing with the prefixes is iterating them. List. 2026-03-20 13:39:51 -07:00
Ray J. Greenwell d823feb674 Rayified: Delay chopping out a substring, check primitives?
I guess I could validate that the primitive code is the final character
in the string. start == end - 1...
2026-03-20 13:28:10 -07:00
Ray Greenwell 0e9b81404a Merge pull request #10 from fourbites/deserialization-fixes
Deserialization fixes
2026-03-20 13:16:06 -07:00
fourbites 84bed9e479 Class check cleanup 2026-03-20 20:53:26 +01:00
fourbites 1fd6240d09 Another class filtering fix 2026-03-20 15:41:04 +01:00
fourbites 35b8acb52a Allow L (array) types 2026-03-20 15:18:36 +01:00
fourbites c4ab0d13de Harden deserialization against malicious client input
Add three defenses to the Streamable deserialization system to prevent
exploitation by hacked clients:

- Class whitelist: ObjectInputStream.setAllowedClassPrefixes() validates
  class names before Class.forName(), blocking arbitrary class loading
  from crafted wire data. Callers configure at startup; unconfigured
  streams retain existing behavior for backward compatibility.

- Container size caps: BasicStreamers.validateSize() rejects arrays,
  collections, and maps with negative or >65536 element counts. Prevents
  OOM from a small frame declaring a massive allocation. Applied to all
  12 array/collection read paths and Streamer.ArrayStreamer.

- Recursion depth limit: ObjectInputStream.readObject() tracks nesting
  depth and throws at 32 levels, preventing stack overflow from
  maliciously nested structures (e.g., list-of-list-of-list).
2026-03-20 14:42:10 +01:00
fourbites 2a8db32013 Use keepalive and reduce ping interval
Some networks will kill connections sooner than 60s, especially if they are not using keepalive. This fix should reduce the random disconnects some players experience
2026-03-16 14:16:21 +01:00
Michael Bayne 91f1292ba4 Support Depot ByteEnum in Narya.
I don't think anything is directly streaming these over the wire, but it would
have worked before, so we'll try to keep it working now to avoid unpleasant
surprises.
2026-03-11 12:50:58 -07:00
Michael Bayne 283984464b [maven-release-plugin] prepare for next development iteration 2026-03-09 14:17:16 -07:00
Michael Bayne d930aacc8c [maven-release-plugin] prepare release narya-1.17.4 2026-03-09 14:17:13 -07:00
Ray J. Greenwell 3b0af94757 Drive-by: remove redundant null check. 2026-03-03 14:10:55 -08:00
Ray J. Greenwell fbf3238f80 Have FieldEditor update on ElementUpdatedEvents; Require match NamedEvent!
- It would update if an AttributeChangedEvent was received, but not an
  ElementUpdatedEvent!

- If you have 50 fields and 50 editors, then every one was updating
  whenever an event arrived? Filter by the field that actually changed?
  Does this break something?
2026-03-03 14:10:55 -08:00
Ray J. Greenwell 6e464e132f Allow the reboot manager to specify a time zone...
A balance between: This is obnoxious, I should fix it in my subclass
and/or we should be compositing functionality, not subclassing... but
adding a time zone to this old thing seems fundamental anyway and this
is an easy fix.
2026-03-02 13:28:40 -08:00
Michael Bayne 12c617158d [maven-release-plugin] prepare for next development iteration 2026-02-25 12:18:55 -08:00
Ray J. Greenwell 8813f630d6 [maven-release-plugin] prepare release narya-1.17.3 2026-02-25 12:05:53 -08:00
Ray J. Greenwell 114bfd0460 Include the proper number of parens... how did this get by? 2026-02-25 11:44:51 -08:00
Ray J. Greenwell 7f3b45d2da Add a string to the ignoreable exceptions, for newer Java. 2026-02-24 14:01:49 -08:00
Ray J. Greenwell 45e5561460 InvocationProxy: View a *Provider instance as a *Service.
This is used on multi-noded servers so that I can have a service
interface for talking to the node in charge of a particular resource,
and use the same code path even if that node is the current node.

Perhaps this be more smoothly integrated in the future but for now it's
a static utility you need to manually set up.
2026-02-20 10:32:18 -08:00
fourbites e949041aa0 Add search to admin config 2026-02-17 10:14:15 +01:00
Michael Bayne 794924e8a9 Revert "Avoid a concrete dependency on PresentsServer."
This reverts commit 938847bea9.

This didn't turn out to work well enough, so let's avoid unhelpful indirection.
2026-02-11 11:43:02 -08:00
Michael Bayne 4b6ec141f3 [maven-release-plugin] prepare for next development iteration 2026-02-11 10:06:30 -08:00
Michael Bayne c1b9ec813c [maven-release-plugin] prepare release narya-1.17.2 2026-02-11 10:06:26 -08:00
Michael Bayne 938847bea9 Avoid a concrete dependency on PresentsServer.
ProjectX uses Guice to inject dependencies and this results in some random
manager having a dependency on the concrete server class, which invariably is
getting inject itself at the time this dependency has to be resolved, which
causes circular dependencies.

Guice was able to thread the needle with other sneaky business in some cases,
but also sometimes not. So let's give it a nice interface that it can proxy to
manage this particular circular dependency.
2026-02-11 09:59:23 -08:00
fourbites 7b52b24215 Add tooltip support to config editor via _TIP convention
ObjectEditorPanel now looks up a static String constant named
FIELD_NAME_TIP (e.g. myField → MY_FIELD_TIP) on the ConfigObject after
calling getEditor(), and sets it as a tooltip on the editor panel.

No changes to ConfigObject's API — existing getEditor() overrides
continue to work and automatically receive tooltips.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-11 01:18:58 +01:00
fourbites b6a687d2fa Fix IllegalAccessError crash
This was crashing when served from a webapp due to "IllegalAccessError". Lambda expressions seem to make it happy.
2026-01-03 19:45:40 +01:00
fourbites 4185d621f8 Prevent overlapping reboot warning messages
It's hard to say if this is the cause, but it won't hurt to clear existing intervals just in case.
2025-12-13 12:04:16 +01:00
Michael Bayne e35740aba7 [maven-release-plugin] prepare for next development iteration 2025-11-13 16:57:17 -08:00
Michael Bayne e78dfd88fd [maven-release-plugin] prepare release narya-1.17.1 2025-11-13 16:57:14 -08:00