fix: pre-resolve HuggingFace redirects to fix 0-byte downloads on Android

android/app/src/main/java/ai/offgridmobile/download/DownloadManagerModule.kt

@@ -13,6 +13,9 @@
 import org.json.JSONArray
 import org.json.JSONObject
 import java.io.File
+import java.net.HttpURLConnection
+import java.net.URL
+import java.util.concurrent.Executors
 
 class DownloadManagerModule(reactContext: ReactApplicationContext) :
     ReactContextBaseJavaModule(reactContext) {
@@ -90,6 +93,14 @@
         }
     }
 
+    private val executor = Executors.newSingleThreadExecutor()
+
+    private val allowedDownloadHosts = setOf(
+        "huggingface.co",
+        "cdn-lfs.huggingface.co",
+        "cas-bridge.xethub.hf.co",
+    )
+
     private val downloadManager: DownloadManager by lazy {
         reactApplicationContext.getSystemService(Context.DOWNLOAD_SERVICE) as DownloadManager
     }
@@ -113,67 +124,89 @@
 
     @ReactMethod
     fun startDownload(params: ReadableMap, promise: Promise) {
-        try {
-            val url = params.getString("url") ?: throw IllegalArgumentException("URL is required")
-            val fileName = params.getString("fileName") ?: throw IllegalArgumentException("fileName is required")
-            val title = params.getString("title") ?: fileName
-            val description = params.getString("description") ?: "Downloading model..."
-            val modelId = params.getString("modelId") ?: ""
-            val totalBytes = if (params.hasKey("totalBytes")) params.getDouble("totalBytes").toLong() else 0L
-            val hideNotification = params.hasKey("hideNotification") && params.getBoolean("hideNotification")
-
-            // Clean up any existing file with the same name to prevent DownloadManager
-            // from auto-renaming (e.g., file.gguf → file-1.gguf)
-            val existingFile = File(
-                reactApplicationContext.getExternalFilesDir(Environment.DIRECTORY_DOWNLOADS),
-                fileName
-            )
-            if (existingFile.exists()) {
-                android.util.Log.d("DownloadManager", "Deleting existing file before download: ${existingFile.absolutePath}")
-                existingFile.delete()
-            }
-
-            // Also clean up any stale entries from previous sessions
-            cleanupStaleDownloads()
+        val url = params.getString("url") ?: run {
+            promise.reject("DOWNLOAD_ERROR", "URL is required")
+            return
+        }
+        val fileName = params.getString("fileName")?.let { File(it).name } ?: run {
+            promise.reject("DOWNLOAD_ERROR", "fileName is required")
+            return
+        }
+        val title = params.getString("title") ?: fileName
+        val description = params.getString("description") ?: "Downloading model..."
+        val modelId = params.getString("modelId") ?: ""
+        val totalBytes = if (params.hasKey("totalBytes")) params.getDouble("totalBytes").toLong() else 0L
+        val hideNotification = params.hasKey("hideNotification") && params.getBoolean("hideNotification")
+
+        // Validate URL against allowed download hosts to prevent SSRF
+        val parsedHost = try { URL(url).host } catch (_: Exception) { null }
+        if (parsedHost == null || !allowedDownloadHosts.any { parsedHost == it || parsedHost.endsWith(".$it") }) {
+            promise.reject("DOWNLOAD_ERROR", "Download URL host not allowed: $parsedHost")
+            return
+        }
 
-            val request = DownloadManager.Request(Uri.parse(url))
-                .setTitle(title)
-                .setDescription(description)
-                .setNotificationVisibility(
-                    if (hideNotification) DownloadManager.Request.VISIBILITY_HIDDEN
-                    else DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED
-                )
-                .setDestinationInExternalFilesDir(
-                    reactApplicationContext,
-                    Environment.DIRECTORY_DOWNLOADS,
+        // Resolve redirects on a background thread (network I/O)
+        executor.execute {
+            try {
+                // Clean up any existing file with the same name to prevent DownloadManager
+                // from auto-renaming (e.g., file.gguf → file-1.gguf)
+                val existingFile = File(
+                    reactApplicationContext.getExternalFilesDir(Environment.DIRECTORY_DOWNLOADS),
                     fileName
                 )
-                .setAllowedOverMetered(true)
-                .setAllowedOverRoaming(true)
-
-            val downloadId = downloadManager.enqueue(request)
-
-            // Persist download info
-            val downloadInfo = JSONObject().apply {
-                put("downloadId", downloadId)
-                put("url", url)
-                put("fileName", fileName)
-                put("modelId", modelId)
-                put("title", title)
-                put("totalBytes", totalBytes)
-                put("status", "pending")
-                put("startedAt", System.currentTimeMillis())
-            }
-            persistDownload(downloadId, downloadInfo)
+                if (existingFile.exists()) {
+                    android.util.Log.d("DownloadManager", "Deleting existing file before download: ${existingFile.absolutePath}")
+                    existingFile.delete()
+                }
 
-            val result = Arguments.createMap().apply {
-                putDouble("downloadId", downloadId.toDouble())
-                putString("fileName", fileName)
-                putString("modelId", modelId)
+                // Also clean up any stale entries from previous sessions
+                cleanupStaleDownloads()
+
+                // Pre-resolve redirects so DownloadManager gets the final CDN URL directly.
+                // HuggingFace returns a 302 redirect to a long signed CDN URL (~1350 chars)
+                // that some OEM DownloadManager implementations fail to follow silently.
+                val resolvedUrl = resolveRedirects(url)
+                android.util.Log.d("DownloadManager", "Resolved URL: ${resolvedUrl.take(120)}...")
+
+                val request = DownloadManager.Request(Uri.parse(resolvedUrl))
+                    .setTitle(title)
+                    .setDescription(description)
+                    .setNotificationVisibility(
+                        if (hideNotification) DownloadManager.Request.VISIBILITY_HIDDEN
+                        else DownloadManager.Request.VISIBILITY_VISIBLE_NOTIFY_COMPLETED
+                    )
+                    .setDestinationInExternalFilesDir(
+                        reactApplicationContext,
+                        Environment.DIRECTORY_DOWNLOADS,
+                        fileName
+                    )
+                    .setAllowedOverMetered(true)
+                    .setAllowedOverRoaming(true)
+
+                val downloadId = downloadManager.enqueue(request)
+
+                // Persist download info
+                val downloadInfo = JSONObject().apply {
+                    put("downloadId", downloadId)
+                    put("url", url)
+                    put("fileName", fileName)
+                    put("modelId", modelId)
+                    put("title", title)
+                    put("totalBytes", totalBytes)
+                    put("status", "pending")
+                    put("startedAt", System.currentTimeMillis())
+                }
+                persistDownload(downloadId, downloadInfo)
+
+                val result = Arguments.createMap().apply {
+                    putDouble("downloadId", downloadId.toDouble())
+                    putString("fileName", fileName)
+                    putString("modelId", modelId)
+                }
+                promise.resolve(result)
+            } catch (e: Exception) {
+                promise.reject("DOWNLOAD_ERROR", "Failed to start download: ${e.message}", e)
             }
-            promise.resolve(result)
-        } catch (e: Exception) {
-            promise.reject("DOWNLOAD_ERROR", "Failed to start download: ${e.message}", e)
         }
     }
 
@@ -344,6 +377,52 @@
         // Required for RN event emitter
     }
 
+    /**
+     * Follow HTTP redirects manually and return the final URL.
+     * Some OEM DownloadManager implementations silently fail on 302 redirects
+     * to long signed CDN URLs (e.g. HuggingFace → xethub.hf.co).
+     * By pre-resolving, DownloadManager gets the direct URL with no redirects.
+     * Falls back to the original URL on any error so downloads aren't blocked.
+     */
+    internal fun resolveRedirects(originalUrl: String, maxRedirects: Int = 5): String {
+        var currentUrl = originalUrl
+        for (i in 0 until maxRedirects) {
+            val connection = URL(currentUrl).openConnection() as HttpURLConnection
+            try {
+                connection.instanceFollowRedirects = false
+                connection.requestMethod = "HEAD"
+                connection.connectTimeout = 10_000
+                connection.readTimeout = 10_000
+                val responseCode = connection.responseCode
+                if (responseCode in 300..399) {
+                    val location = connection.getHeaderField("Location")
+                    if (location.isNullOrEmpty()) return currentUrl
+                    val nextUrl = if (location.startsWith("http")) {
+                        location
+                    } else {
+                        URL(URL(currentUrl), location).toString()
+                    }
+                    // Re-validate redirected host against allowlist to prevent SSRF bypass
+                    val nextHost = try { URL(nextUrl).host } catch (_: Exception) { null }
+                    if (nextHost == null || !allowedDownloadHosts.any { nextHost == it || nextHost.endsWith(".$it") }) {
+                        android.util.Log.w("DownloadManager", "Redirect to unauthorized host blocked: $nextHost")
+                        return currentUrl
+                    }
+                    currentUrl = nextUrl
+                } else {
+                    return currentUrl
+                }
+            } catch (e: Exception) {
+                android.util.Log.w("DownloadManager", "Redirect resolution failed, using original URL", e)
+                return originalUrl
+            } finally {
+                connection.disconnect()
+            }
+        }
+        android.util.Log.w("DownloadManager", "Redirect resolution exceeded max redirects ($maxRedirects), using original URL")
+        return originalUrl
+    }
+
     private fun pollAllDownloads() {
         val downloads = getAllPersistedDownloads()
 
@@ -361,6 +440,7 @@
                 putDouble("totalBytes", statusInfo.getDouble("totalBytes").takeIf { it > 0 }
                     ?: download.optDouble("totalBytes", 0.0))
                 putString("status", status)
+                putString("reason", statusInfo.getString("reason") ?: "")
             }
 
             val previousStatus = download.optString("status", "pending")

src/screens/DownloadManagerScreen/items.tsx

@@ -25,10 +25,11 @@ export type DownloadItem = {
   filePath?: string;
   isVisionModel?: boolean;
   mmProjPath?: string;
+  reason?: string;
 };
 
 export interface DownloadItemsData {
-  downloadProgress: Record<string, { progress: number; bytesDownloaded: number; totalBytes: number }>;
+  downloadProgress: Record<string, { progress: number; bytesDownloaded: number; totalBytes: number; reason?: string }>;
   activeDownloads: BackgroundDownloadInfo[];
   activeBackgroundDownloads: Record<number, { modelId: string; fileName: string; author: string; quantization: string; totalBytes: number } | null>;
   downloadedModels: DownloadedModel[];
@@ -87,6 +88,7 @@ export function buildDownloadItems(data: DownloadItemsData): DownloadItem[] {
       bytesDownloaded: progress.bytesDownloaded,
       progress: progress.progress,
       status: 'downloading',
+      reason: progress.reason,
     });
   });
 
@@ -191,7 +193,9 @@ export const ActiveDownloadCard: React.FC<ActiveDownloadCardProps> = ({ item, on
         <View style={styles.quantBadge}>
           <Text style={styles.quantText}>{item.quantization}</Text>
         </View>
-        <Text style={styles.statusText}>{getStatusText(item.status)}</Text>
+        <Text style={styles.statusText}>
+          {getStatusText(item.status)}{item.reason ? ` · ${item.reason}` : ''}
+        </Text>
       </View>
     </Card>
   );

src/screens/DownloadManagerScreen/useDownloadManager.ts

@@ -69,12 +69,12 @@ export function useDownloadManager(): UseDownloadManagerResult {
       if (!metadata) return;
       const key = `${metadata.modelId}/${metadata.fileName}`;
       if (cancelledKeysRef.current.has(key)) return;
-      const existing = useAppStore.getState().downloadProgress[key];
-      if (existing && existing.bytesDownloaded >= event.bytesDownloaded) return;
+      if ((useAppStore.getState().downloadProgress[key]?.bytesDownloaded ?? -1) >= event.bytesDownloaded) return;
       setDownloadProgress(key, {
         progress: event.totalBytes > 0 ? event.bytesDownloaded / event.totalBytes : 0,
         bytesDownloaded: event.bytesDownloaded,
         totalBytes: event.totalBytes,
+        reason: event.reason || undefined,
       });
     });
 

src/services/backgroundDownloadService.ts

@@ -27,6 +27,7 @@ interface DownloadProgressEvent {
   bytesDownloaded: number;
   totalBytes: number;
   status: BackgroundDownloadStatus;
+  reason?: string;
 }
 
 interface DownloadCompleteEvent {

src/stores/appStore.ts

@@ -4,7 +4,7 @@ import { Platform } from 'react-native';
 import AsyncStorage from '@react-native-async-storage/async-storage';
 import { DeviceInfo, DownloadedModel, ModelRecommendation, ONNXImageModel, ImageGenerationMode, AutoDetectMethod, ModelLoadingStrategy, CacheType, GeneratedImage, PersistedDownloadInfo } from '../types';
 
-type DownloadProgressInfo = { progress: number; bytesDownloaded: number; totalBytes: number };
+type DownloadProgressInfo = { progress: number; bytesDownloaded: number; totalBytes: number; reason?: string };
 
 type OnboardingChecklist = {
   downloadedModel: boolean; loadedModel: boolean; sentMessage: boolean;