helios/helios-alarm-clock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Production cleanup: enable R8, add ProGuard rules, validate API input

Browse source 
- Enable R8 minification and resource shrinking for release builds
- Add ProGuard keep rules for Ktor, kotlinx.serialization, Room
- Validate hour/minute range in POST /set endpoint
- Guard wake lock release on server start failure
- Remove unused template colors from colors.xml
- Rewrite README with curl examples, security note, troubleshooting

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Moritz 2026-02-15 17:10:41 +01:00
parent 5ad7c6cee8
commit 6032e9fd07
5 changed files with 103 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/build.gradle.kts
View file

@ -34,7 +34,8 @@ android {
}
buildTypes {
release {
isMinifyEnabled = false
isMinifyEnabled = true
isShrinkResources = true
proguardFiles(
getDefaultProguardFile("proguard-android-optimize.txt"),
"proguard-rules.pro"

42
app/proguard-rules.pro vendored
View file

@ -1,21 +1,27 @@
# Add project specific ProGuard rules here.
# You can control the set of applied configuration files using the
# proguardFiles setting in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Ktor keep CIO engine and routing
-keep class io.ktor.** { *; }
-keepclassmembers class io.ktor.** { *; }
-dontwarn io.ktor.**
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# kotlinx.serialization keep @Serializable classes
-keepattributes *Annotation*, InnerClasses
-dontnote kotlinx.serialization.AnnotationsKt
-keepclassmembers @kotlinx.serialization.Serializable class ** {
*** Companion;
}
-keepclasseswithmembers class ** {
kotlinx.serialization.KSerializer serializer(...);
}
-keep,includedescriptorclasses class com.example.helios_alarm_clock.**$$serializer { *; }
-keepclassmembers class com.example.helios_alarm_clock.** {
*** Companion;
}
-keepclasseswithmembers class com.example.helios_alarm_clock.** {
kotlinx.serialization.KSerializer serializer(...);
}
# Uncomment this to preserve the line number information for
# debugging stack traces.
#-keepattributes SourceFile,LineNumberTable
# Room keep entities
-keep class com.example.helios_alarm_clock.data.AlarmEntity { *; }
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
# SLF4J (Ktor dependency) suppress missing impl warnings
-dontwarn org.slf4j.**

15
app/src/main/java/com/example/helios_alarm_clock/service/KtorService.kt
View file

@ -54,7 +54,13 @@ class KtorService : Service() {
super.onCreate()
acquireWakeLock()
startForeground(NOTIFICATION_ID, buildNotification())
startServer()
try {
startServer()
} catch (e: Exception) {
releaseWakeLock()
stopSelf()
return
}
rescheduleAlarms()
}
@ -111,6 +117,13 @@ class KtorService : Service() {
post("/set") {
try {
val req = call.receive<SetAlarmRequest>()
if (req.hour !in 0..23 || req.minute !in 0..59) {
call.respond(
HttpStatusCode.BadRequest,
ErrorResponse("hour must be 0-23, minute must be 0-59")
)
return@post
}
val id = UUID.randomUUID().toString()
val now = Calendar.getInstance()

7
app/src/main/res/values/colors.xml
View file

@ -1,10 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<color name="purple_200">#FFBB86FC</color>
<color name="purple_500">#FF6200EE</color>
<color name="purple_700">#FF3700B3</color>
<color name="teal_200">#FF03DAC5</color>
<color name="teal_700">#FF018786</color>
<color name="black">#FF000000</color>
<color name="white">#FFFFFFFF</color>
</resources>
</resources>