✨ Return rich plugin info from installed plugins endpoint#306
✨ Return rich plugin info from installed plugins endpoint#306
Conversation
Refactor the /api/v1/commons/server/plugins endpoint to return detailed plugin information (name, version, authors, dependencies, file hash) instead of a plain string array. Extract Bukkit logic into PluginInfoService.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b1e526dd5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| required = meta.pluginDependencies, | ||
| soft = meta.pluginSoftDependencies, | ||
| ), | ||
| file = jarFile?.let { buildFileData(it) }, |
There was a problem hiding this comment.
The file = jarFile?.let { buildFileData(it) } path lets any IOException/SecurityException from hashing propagate out of getInstalledPlugins(), so one unreadable or missing plugin JAR causes the entire /api/v1/commons/server/plugins response to fail with 500. This endpoint used to be resilient to filesystem issues because it only read in-memory metadata, so the new behavior is a regression; handle hash failures per plugin (e.g., runCatching { ... }.getOrNull()) and still return the rest of the list.
Useful? React with 👍 / 👎.
| sha1 = computeHash(file, "SHA-1"), | ||
| sha256 = computeHash(file, "SHA-256"), |
There was a problem hiding this comment.
This computes SHA-1 and SHA-256 in separate passes for every plugin on every request, which means synchronous disk reads proportional to total plugin size each time the endpoint is called. In practice, periodic polling can noticeably degrade API latency and server throughput; compute both digests in one stream pass and/or cache by file path+mtime so repeated requests do not rescan all plugin binaries.
Useful? React with 👍 / 👎.
🚀 Preview of MineAuth📦 Preview JARs (Release Page)
📖 Documentation & ReportsAvailable for 7 days (until 2026-04-07)
🧪 Test Summary
|
- Protect /plugins endpoint with service account JWT authentication - Guard file hashing errors per plugin to prevent single failure from breaking the entire response (Codex P1) - Compute SHA-1 and SHA-256 in a single stream pass to avoid reading each JAR twice per request (Codex P2) - Add serviceToken security scheme to OpenAPI spec
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
🚀 Preview of MineAuth📦 Preview JARs (Release Page)
📖 Documentation & ReportsAvailable for 7 days (until 2026-04-07)
🧪 Test Summary
|
1 participant
Summary
/api/v1/commons/server/pluginsエンドポイントのレスポンスを、プラグイン名の文字列配列から詳細情報を含むオブジェクト配列に変更PluginInfoServiceに抽出し、ルーターはサービス経由でデータを取得するように変更dependencies.required/soft,file.name,file.hash.sha1/sha256Changes
PluginsData→PluginInfoData+PluginDependenciesData+PluginFileData+PluginFileHashDataPluginInfoServiceinterface +PluginInfoServiceImpl(Koin DI)PluginsRouterをサービス経由に変更Test plan
/api/v1/commons/server/pluginsがプラグインの詳細情報を返すことを確認name,version,authors,dependencies,file.name,file.hash.sha1,file.hash.sha256が含まれることを確認