add handling for ChestSizeSync packet

[lost-werewolf]

This adds handling and a permission for the chest size sync packet (155), due to a reported potential memory leak being caused by "chests and items" in the Pryaxis discord.

ReLogic, why do you add these kinds of things and then don't make sure only the server can send them?

[greptile-apps]

Greptile Summary

This PR adds a handler for the SyncChestSize packet (type 155) to prevent a memory-leak / abuse vector reported by community members. Previously the packet was completely unhandled, meaning any client could flood the server with large chest resize requests.

Key changes:

• Registers PacketTypes.SyncChestSize → HandleChestSizeSync in the handler table.
• HandleChestSizeSync validates the chest index against Main.maxChests, checks for a null chest, bounces throttled/disabled/unpermitted players with a corrective SendData (or a kick for the unpermitted case), and enforces build-permission before allowing the resize through.
• A new tshock.ignore.resizechests permission gates the handler; the description warns that it is easy to abuse.

The implementation is largely solid — the off-by-one and force-kick concerns noted in earlier review threads have been addressed. The remaining minor points are the absence of a plugin hook (unlike comparable handlers such as HandleDisplayJar) and a description-style inconsistency in Permissions.cs.

Confidence Score: 4/5

• Safe to merge; closes a real abuse vector with appropriate guards, only minor style issues remain.
• Bounds checking is correct, permission and build-permission checks are in place, and rejection paths all send corrective sync data back to the client. No runtime bugs were found. Score is 4 rather than 5 solely because there is no plugin hook, which limits extensibility in a way that would require a breaking API change to add later.
• No files require special attention beyond the style notes on Permissions.cs and the missing hook in GetDataHandlers.cs.

Important Files Changed

Filename	Overview
TShockAPI/GetDataHandlers.cs	Adds HandleChestSizeSync to intercept packet 155; id bounds check is correct (>= Main.maxChests), permission check kicks without revert (intentional), but no plugin hook is provided unlike comparable handlers such as HandleDisplayJar.
TShockAPI/Permissions.cs	Adds resizechests permission under tshock.ignore namespace; description style is inconsistent with the rest of the region and there is an extra blank line before the new entry.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Client sends SyncChestSize\nid, newSize] --> B{id < 0 or\nid >= Main.maxChests?}
    B -- Yes --> C[return true\nsilently drop]
    B -- No --> D{Main.chest id\nis null?}
    D -- Yes --> E[Log debug\nreturn true]
    D -- No --> F{Player\nIsBeingDisabled?}
    F -- Yes --> G[Log + SendData revert\nreturn true]
    F -- No --> H{Player\nIsBouncerThrottled?}
    H -- Yes --> I[Log + SendData revert\nreturn true]
    H -- No --> J{Has permission\nresizechests?}
    J -- No --> K[Log + Kick\n'Exploit attempt'\nreturn true]
    J -- Yes --> L{HasBuildPermission\nchest.x, chest.y?}
    L -- No --> M[Log + SendData revert\nreturn true]
    L -- Yes --> N{newSize < 0?}
    N -- Yes --> O[Log + SendData revert\nreturn true]
    N -- No --> P[return false\nallow vanilla handling]

Loading

_{Last reviewed commit: ef2efb2}

[ACaiCat]

I have a question，can a normal player send resize packet?

[lost-werewolf]

I have a question，can a normal player send resize packet?

No, hence why I decided to permission lock it and reject by default otherwise. It has genuine use cases for people who would want it, since it can be easier to do something on a modified game client rather than adding a command to a plugin & then running that. After all, there's some settings that do allow modified clients to do stuff (such as invalid place styles)

[ACaiCat]

@greptile-apps review