Avoid and discourage use of Maven Central as a CDN (#12692)

* Default LibraryLoader to Google's Maven Central mirror, add MavenLibraryResolver.MAVEN_CENTRAL_DEFAULT_MIRROR, and warn on use of Maven Central with MavenLibraryResolver * Account for both Maven Central URLs * Update Javadoc (cherry picked from commit 62b7f86dae)
2025-07-26 01:32:02 -07:00 · 2025-06-23 22:34:01 -07:00
parent 12d8fe0beb
commit 6abf5f0b74
2 changed files with 39 additions and 3 deletions
--- a/paper-api/src/main/java/io/papermc/paper/plugin/loader/library/impl/MavenLibraryResolver.java
+++ b/paper-api/src/main/java/io/papermc/paper/plugin/loader/library/impl/MavenLibraryResolver.java
@@ -41,7 +41,7 @@ import org.slf4j.LoggerFactory;
 * MavenLibraryResolver resolver = new MavenLibraryResolver();
 * resolver.addDependency(new Dependency(new DefaultArtifact("org.jooq:jooq:3.17.7"), null));
 * resolver.addRepository(new RemoteRepository.Builder(
- *     "central", "default", "https://repo1.maven.org/maven2/"
+ *     "central", "default", MavenLibraryResolver.MAVEN_CENTRAL_DEFAULT_MIRROR
 * ).build());
 * }</pre>
 * <p>
@@ -50,6 +50,21 @@ import org.slf4j.LoggerFactory;
@NullMarked
 public class MavenLibraryResolver implements ClassPathLibrary {

+    /**
+     * The default Maven Central mirror, configurable through the {@code PAPER_DEFAULT_CENTRAL_REPOSITORY} environment
+     * variable. Use this instead of Maven Central directly when you do not have your own mirror, as using
+     * Maven Central as a CDN is against the Maven Central Terms of Service, and you will cause users to hit
+     * rate limits.
+     *
+     * <p>This repository is also used by the legacy {@link org.bukkit.plugin.java.LibraryLoader}.</p>
+     */
+    public static final String MAVEN_CENTRAL_DEFAULT_MIRROR = getDefaultMavenCentralMirror();
+    private static final List<String> MAVEN_CENTRAL_URLS = List.of(
+        "https://repo1.maven.org/maven2",
+        "http://repo1.maven.org/maven2",
+        "https://repo.maven.apache.org/maven2",
+        "http://repo.maven.apache.org/maven2"
+    );
    private static final Logger LOGGER = LoggerFactory.getLogger("MavenLibraryResolver");

    private final RepositorySystem repository;
@@ -105,6 +120,12 @@ public class MavenLibraryResolver implements ClassPathLibrary {
     * dependencies from
     */
    public void addRepository(final RemoteRepository remoteRepository) {
+        if (MAVEN_CENTRAL_URLS.stream().anyMatch(remoteRepository.getUrl()::startsWith)) {
+            LOGGER.warn(
+                "Use of Maven Central as a CDN is against the Maven Central Terms of Service. Use MavenLibraryResolver.MAVEN_CENTRAL_DEFAULT_MIRROR instead.",
+                new RuntimeException("Plugin used Maven Central for library resolution")
+            );
+        }
        this.repositories.add(remoteRepository);
    }

@@ -130,4 +151,15 @@ public class MavenLibraryResolver implements ClassPathLibrary {
            store.addLibrary(file.toPath());
        }
    }
+
+    private static String getDefaultMavenCentralMirror() {
+        String central = System.getenv("PAPER_DEFAULT_CENTRAL_REPOSITORY");
+        if (central == null) {
+            central = System.getProperty("org.bukkit.plugin.java.LibraryLoader.centralURL");
+        }
+        if (central == null) {
+            central = "https://maven-central.storage-download.googleapis.com/maven2";
+        }
+        return central;
+    }
 }
--- a/paper-api/src/main/java/org/bukkit/plugin/java/LibraryLoader.java
+++ b/paper-api/src/main/java/org/bukkit/plugin/java/LibraryLoader.java
@@ -1,12 +1,12 @@
 // CHECKSTYLE:OFF
 package org.bukkit.plugin.java;

+import io.papermc.paper.plugin.loader.library.impl.MavenLibraryResolver;
 import java.io.File;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLClassLoader;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -49,6 +49,10 @@ public class LibraryLoader
    public static java.util.function.BiFunction<URL[], ClassLoader, URLClassLoader> LIBRARY_LOADER_FACTORY; // Paper - rewrite reflection in libraries
    public static java.util.function.Function<List<java.nio.file.Path>, List<java.nio.file.Path>> REMAPPER; // Paper - remap libraries

+    private static List<RemoteRepository> getRepositories() {
+        return List.of(new RemoteRepository.Builder("central", "default", MavenLibraryResolver.MAVEN_CENTRAL_DEFAULT_MIRROR).build());
+    }
+
    public LibraryLoader(@NotNull Logger logger)
    {
        this.logger = logger;
@@ -78,7 +82,7 @@ public class LibraryLoader
        session.setSystemProperties( System.getProperties() );
        session.setReadOnly();

-        this.repositories = repository.newResolutionRepositories( session, Arrays.asList( new RemoteRepository.Builder( "central", "default", "https://repo.maven.apache.org/maven2" ).build() ) );
+        this.repositories = repository.newResolutionRepositories( session, getRepositories() );
    }

    @Nullable