feat(plugin): register vortex-mod-mediafire v1.0.0 (task 34)#147
Merged
Conversation
New official MediaFire hoster plugin in sibling repo `vortex-mod-mediafire/`. Resolves free MediaFire file links to their direct download<n>.mediafire.com CDN URL via two strategies: - Plain `href` extraction from the public landing page - `data-scrambled-url` (base64) decoding, with download host allow-list to defang attacker-controlled scramble payloads Filename + size parsed from `<span class="dl-btn-label" title=...>` and "Download (X.YZ MB)" label. Resumable=true so the host engine engages multi-connection ranged downloads. Coverage: 55 native unit tests + 3 Extism-loaded WASM smoke tests + 9 fixture-driven parser cases. Registry entry includes SHA-256 of the .wasm and plugin.toml. PRD-v2 §P1.15, PRD §4.1.
📝 WalkthroughWalkthroughThis PR documents and registers a new MediaFire plugin ( ChangesPlugin Registration and Documentation
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Review rate limit: 4/5 reviews remaining, refill in 12 minutes. Comment |
github-actions
Bot
added
the
documentation
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@CHANGELOG.md`:
- Line 21: Update the changelog entry that references the registry file: replace
the incorrect path string "vortex/registry/registry.toml" with the correct
repository path "registry/registry.toml" in the CHANGELOG.md entry describing
the plugin registration (the same paragraph that mentions checksum_sha256 and
checksum_sha256_toml for the wasm and manifest).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 20d08e78-6cfc-40db-844e-d3e9deeaf888
📒 Files selected for processing (2)
CHANGELOG.mdregistry/registry.toml
|
|
||
| ### Added | ||
|
|
||
| - **Plugin `vortex-mod-mediafire` v1.0.0** (scope `plugin`, sprint task 34, PRD-v2 §P1.15 / PRD §4.1): new official Vortex plugin in a sibling repo `vortex-mod-mediafire/`. Hoster category, `http` capability only — no wait, no captcha, no subprocess. Recognises `https://(www.|m.)?mediafire.com/file/<key>(/<filename>)?(/file)?` URLs (folder URLs are deliberately out of scope). The plugin scrapes the public landing page, extracting the direct CDN URL via two strategies: the plain `href="https://download<n>.mediafire.com/..."` button and the obfuscated `data-scrambled-url="<base64>"` attribute. Decoded scrambled URLs are checked against a `^download[0-9]*\.mediafire\.com$` host allow-list before being returned, so an attacker controlling the scramble payload cannot redirect the host engine to an arbitrary target. Filename + size are parsed from `<span class="dl-btn-label" title="...">` and the "Download (X.YZ MB)" text; size units span B / KB / MB / GB / TB. `FileLink.resumable` is reported as `true` so the host's segmented engine engages multi-connection ranged downloads. 55 native unit tests + 3 WASM-loaded smoke tests (Extism with stub `http_request`) + 9 fixture-driven parser cases over `tests/fixtures/*.html`. Registered in `vortex/registry/registry.toml` with `checksum_sha256 = 5775871b…f942` (wasm) and `checksum_sha256_toml = 88f1e844…42c0` (manifest). |
There was a problem hiding this comment.
Fix the registry path string in the changelog entry.
At Line 21, the entry says vortex/registry/registry.toml, but the file in this repo is registry/registry.toml. Keeping the exact path avoids confusion when contributors verify the registration.
Suggested edit
- ... Registered in `vortex/registry/registry.toml` with `checksum_sha256 = 5775871b…f942` (wasm) and `checksum_sha256_toml = 88f1e844…42c0` (manifest).
+ ... Registered in `registry/registry.toml` with `checksum_sha256 = 5775871b…f942` (wasm) and `checksum_sha256_toml = 88f1e844…42c0` (manifest).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| - **Plugin `vortex-mod-mediafire` v1.0.0** (scope `plugin`, sprint task 34, PRD-v2 §P1.15 / PRD §4.1): new official Vortex plugin in a sibling repo `vortex-mod-mediafire/`. Hoster category, `http` capability only — no wait, no captcha, no subprocess. Recognises `https://(www.|m.)?mediafire.com/file/<key>(/<filename>)?(/file)?` URLs (folder URLs are deliberately out of scope). The plugin scrapes the public landing page, extracting the direct CDN URL via two strategies: the plain `href="https://download<n>.mediafire.com/..."` button and the obfuscated `data-scrambled-url="<base64>"` attribute. Decoded scrambled URLs are checked against a `^download[0-9]*\.mediafire\.com$` host allow-list before being returned, so an attacker controlling the scramble payload cannot redirect the host engine to an arbitrary target. Filename + size are parsed from `<span class="dl-btn-label" title="...">` and the "Download (X.YZ MB)" text; size units span B / KB / MB / GB / TB. `FileLink.resumable` is reported as `true` so the host's segmented engine engages multi-connection ranged downloads. 55 native unit tests + 3 WASM-loaded smoke tests (Extism with stub `http_request`) + 9 fixture-driven parser cases over `tests/fixtures/*.html`. Registered in `vortex/registry/registry.toml` with `checksum_sha256 = 5775871b…f942` (wasm) and `checksum_sha256_toml = 88f1e844…42c0` (manifest). | |
| - **Plugin `vortex-mod-mediafire` v1.0.0** (scope `plugin`, sprint task 34, PRD-v2 §P1.15 / PRD §4.1): new official Vortex plugin in a sibling repo `vortex-mod-mediafire/`. Hoster category, `http` capability only — no wait, no captcha, no subprocess. Recognises `https://(www.|m.)?mediafire.com/file/<key>(/<filename>)?(/file)?` URLs (folder URLs are deliberately out of scope). The plugin scrapes the public landing page, extracting the direct CDN URL via two strategies: the plain `href="https://download<n>.mediafire.com/..."` button and the obfuscated `data-scrambled-url="<base64>"` attribute. Decoded scrambled URLs are checked against a `^download[0-9]*\.mediafire\.com$` host allow-list before being returned, so an attacker controlling the scramble payload cannot redirect the host engine to an arbitrary target. Filename + size are parsed from `<span class="dl-btn-label" title="...">` and the "Download (X.YZ MB)" text; size units span B / KB / MB / GB / TB. `FileLink.resumable` is reported as `true` so the host's segmented engine engages multi-connection ranged downloads. 55 native unit tests + 3 WASM-loaded smoke tests (Extism with stub `http_request`) + 9 fixture-driven parser cases over `tests/fixtures/*.html`. Registered in `registry/registry.toml` with `checksum_sha256 = 5775871b…f942` (wasm) and `checksum_sha256_toml = 88f1e844…42c0` (manifest). |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@CHANGELOG.md` at line 21, Update the changelog entry that references the
registry file: replace the incorrect path string "vortex/registry/registry.toml"
with the correct repository path "registry/registry.toml" in the CHANGELOG.md
entry describing the plugin registration (the same paragraph that mentions
checksum_sha256 and checksum_sha256_toml for the wasm and manifest).
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
registry/registry.toml[Unreleased]entry toCHANGELOG.mdWhat is
vortex-mod-mediafire?Standalone repo: https://github.com/mpiton/vortex-mod-mediafire (GPL-3.0)
Release v1.0.0: https://github.com/mpiton/vortex-mod-mediafire/releases/tag/v1.0.0
WASM hoster plugin (
httpcapability only — no subprocess, no captcha,no wait). Resolves
https://(www.|m.)?mediafire.com/file/<key>(/<filename>)?(/file)?URLs to direct
download<n>.mediafire.comCDN URLs via two strategies:hrefextraction from the public landing pagedata-scrambled-urldecoding, with download host allow-listto defang attacker-controlled scramble payloads
multi-megabyte buffer
Changes
registry/registry.toml[[plugin]]block, version1.0.0, categoryhoster, SHA-256 of.wasm(5775871b…f942) andplugin.toml(88f1e844…42c0)CHANGELOG.md[Unreleased] / Addeddescribing the plugin's contract, security gates, and test coverageWhy this scope (registry-only)
cycle. Vortex consumes it via the existing
GithubStoreClient(
src-tauri/src/adapters/driven/plugin/github_store_client.rs)which builds the download URL from
repository + v<version>.vortex_mod_mediafire.wasm(verifiedagainst
build_wasm_urltest fixtures), so the existing installerlogic resolves it without code changes.
(
can_handle,supports_playlist,extract_links,resolve_stream_url) matches the contract already exercised by theVimeo / Gallery / SoundCloud plugins.
Test plan
cargo build --target wasm32-wasip1 --releasesucceeds in theplugin repo (1.1 MB artefact)
cargo testin the plugin repo: 58 tests pass (4 suites — unitlib 43, parser fixtures 12, WASM smoke via Extism 3)
cargo clippy --all-targets -- -D warnings: no issuescargo fmt --check: cleanregistry.tomlchecksum(
5775871b…f942)real MediaFire link — to do once this PR merges and the registry
is pulled by the installer
Related
.claude/output/sprints/prd-v2-roadmap/tasks/34-plugin-mediafire.mdSummary by cubic
Registers the
vortex-mod-mediafirev1.0.0 hoster plugin and adds a changelog entry, meeting Task 34 (PRD-v2 §P1.15 / PRD §4.1). The plugin resolves MediaFire file links to direct CDN downloads; no app code changes are needed.httpcapability only; supportshttps://(www.|m.)?mediafire.com/file/...(folders out of scope).hrefor base64data-scrambled-url, with a download host allow-list and a 2 MiB response cap..wasmandplugin.toml,official = true,min_vortex_version = "0.1.0".Written for commit 24e951f. Summary will update on new commits.
Summary by CodeRabbit
vortex-mod-mediafireplugin v1.0.0 with support for MediaFire URLs, file information extraction, and resumable downloads.