electron-updater
Advanced tools
Comparing version 5.0.0-alpha.1 to 5.0.0-alpha.2
@@ -101,28 +101,29 @@ "use strict"; | ||
return await new Promise((resolve, reject) => { | ||
const pass = crypto_1.default.randomBytes(64).toString("base64").replace(/\//g, "_").replace(/\+/g, "-"); | ||
const authInfo = Buffer.from(`autoupdater:${pass}`, "base64"); | ||
const pass = crypto_1.randomBytes(64).toString("base64").replace(/\//g, "_").replace(/\+/g, "-"); | ||
const authInfo = Buffer.from(`autoupdater:${pass}`, "ascii"); | ||
// insecure random is ok | ||
const fileUrl = `/${Date.now().toString(16)}-${Math.floor(Math.random() * 9999).toString(16)}.zip`; | ||
this.server.on("request", (request, response) => { | ||
// check for basic auth header | ||
if (!request.headers.authorization || request.headers.authorization.indexOf("Basic ") === -1) { | ||
response.statusCode = 401; | ||
response.statusMessage = "Invalid Authentication Credentials"; | ||
response.end(); | ||
log.warn("No authenthication info"); | ||
} | ||
// verify auth credentials | ||
const base64Credentials = request.headers.authorization.split(" ")[1]; | ||
const credentials = Buffer.from(base64Credentials, "base64").toString("ascii"); | ||
const [username, password] = credentials.split(":"); | ||
if (username !== "autoupdater" || password !== pass) { | ||
response.statusCode = 401; | ||
response.statusMessage = "Invalid Authentication Credentials"; | ||
response.end(); | ||
log.warn("Invalid authenthication credentials"); | ||
return; | ||
} | ||
const requestUrl = request.url; | ||
log.info(`${requestUrl} requested`); | ||
if (requestUrl === "/") { | ||
// check for basic auth header | ||
if (!request.headers.authorization || request.headers.authorization.indexOf("Basic ") === -1) { | ||
response.statusCode = 401; | ||
response.statusMessage = "Invalid Authentication Credentials"; | ||
response.end(); | ||
log.warn("No authenthication info"); | ||
return; | ||
} | ||
// verify auth credentials | ||
const base64Credentials = request.headers.authorization.split(" ")[1]; | ||
const credentials = Buffer.from(base64Credentials, "base64").toString("ascii"); | ||
const [username, password] = credentials.split(":"); | ||
if (username !== "autoupdater" || password !== pass) { | ||
response.statusCode = 401; | ||
response.statusMessage = "Invalid Authentication Credentials"; | ||
response.end(); | ||
log.warn("Invalid authenthication credentials"); | ||
return; | ||
} | ||
const data = Buffer.from(`{ "url": "${getServerUrl(this.server)}${fileUrl}" }`); | ||
@@ -172,3 +173,3 @@ response.writeHead(200, { "Content-Type": "application/json", "Content-Length": data.length }); | ||
"Cache-Control": "no-cache", | ||
Authorization: `Basic ${authInfo.toString("ascii")}`, | ||
Authorization: `Basic ${authInfo.toString("base64")}`, | ||
}, | ||
@@ -175,0 +176,0 @@ }); |
@@ -25,3 +25,3 @@ "use strict"; | ||
const host = this.options.host; | ||
return host != null && host !== "github.com" && host !== "api.github.com" ? `/api/v3${result}` : result; | ||
return host !== null && host !== "github.com" && host !== "api.github.com" ? `/api/v3${result}` : result; | ||
} | ||
@@ -37,2 +37,3 @@ } | ||
async getLatestVersion() { | ||
var _a, _b, _c, _d; | ||
const cancellationToken = new builder_util_runtime_1.CancellationToken(); | ||
@@ -45,7 +46,30 @@ const feedXml = (await this.httpRequest(util_1.newUrlFromBase(`${this.basePath}.atom`, this.baseUrl), { | ||
let latestRelease = feed.element("entry", false, `No published versions on GitHub`); | ||
let tag; | ||
let tag = null; | ||
try { | ||
if (this.updater.allowPrerelease) { | ||
// noinspection TypeScriptValidateJSTypes | ||
tag = hrefRegExp.exec(latestRelease.element("link").attribute("href"))[1]; | ||
const currentChannel = ((_a = this.updater) === null || _a === void 0 ? void 0 : _a.channel) || String((_b = semver.prerelease(this.updater.currentVersion)) === null || _b === void 0 ? void 0 : _b[0]) || null; | ||
for (const element of feed.getElements("entry")) { | ||
// noinspection TypeScriptValidateJSTypes | ||
const hrefElement = hrefRegExp.exec(element.element("link").attribute("href")); | ||
// If this is null then something is wrong and skip this release | ||
if (hrefElement === null) | ||
continue; | ||
// This Release's Tag | ||
const hrefTag = hrefElement[1]; | ||
//Get Channel from this release's tag | ||
const hrefChannel = ((_c = semver.prerelease(hrefTag)) === null || _c === void 0 ? void 0 : _c[0]) || null; | ||
const shouldFetchVersion = !currentChannel || ["alpha", "beta"].includes(currentChannel); | ||
const isCustomChannel = !["alpha", "beta"].includes(String(hrefChannel)); | ||
// Allow moving from alpha to beta but not down | ||
const channelMismatch = currentChannel === "beta" && hrefChannel === "alpha"; | ||
if (shouldFetchVersion && !isCustomChannel && !channelMismatch) { | ||
tag = hrefTag; | ||
break; | ||
} | ||
const isNextPreRelease = hrefChannel && hrefChannel === currentChannel; | ||
if (isNextPreRelease) { | ||
tag = hrefTag; | ||
break; | ||
} | ||
} | ||
} | ||
@@ -69,14 +93,31 @@ else { | ||
} | ||
const channelFile = util_1.getChannelFilename(this.getDefaultChannelName()); | ||
const channelFileUrl = util_1.newUrlFromBase(this.getBaseDownloadPath(tag, channelFile), this.baseUrl); | ||
const requestOptions = this.createRequestOptions(channelFileUrl); | ||
let rawData; | ||
let channelFile = ""; | ||
let channelFileUrl = ""; | ||
const fetchData = async (channelName) => { | ||
channelFile = util_1.getChannelFilename(channelName); | ||
channelFileUrl = util_1.newUrlFromBase(this.getBaseDownloadPath(String(tag), channelFile), this.baseUrl); | ||
const requestOptions = this.createRequestOptions(channelFileUrl); | ||
try { | ||
return (await this.executor.request(requestOptions, cancellationToken)); | ||
} | ||
catch (e) { | ||
if (e instanceof builder_util_runtime_1.HttpError && e.statusCode === 404) { | ||
throw builder_util_runtime_1.newError(`Cannot find ${channelFile} in the latest release artifacts (${channelFileUrl}): ${e.stack || e.message}`, "ERR_UPDATER_CHANNEL_FILE_NOT_FOUND"); | ||
} | ||
throw e; | ||
} | ||
}; | ||
try { | ||
rawData = (await this.executor.request(requestOptions, cancellationToken)); | ||
const channel = this.updater.allowPrerelease ? this.getCustomChannelName(String(((_d = semver.prerelease(tag)) === null || _d === void 0 ? void 0 : _d[0]) || "latest")) : this.getDefaultChannelName(); | ||
rawData = await fetchData(channel); | ||
} | ||
catch (e) { | ||
if (!this.updater.allowPrerelease && e instanceof builder_util_runtime_1.HttpError && e.statusCode === 404) { | ||
throw builder_util_runtime_1.newError(`Cannot find ${channelFile} in the latest release artifacts (${channelFileUrl}): ${e.stack || e.message}`, "ERR_UPDATER_CHANNEL_FILE_NOT_FOUND"); | ||
if (this.updater.allowPrerelease) { | ||
// Allow fallback to `latest.yml` | ||
rawData = await fetchData(this.getDefaultChannelName()); | ||
} | ||
throw e; | ||
else { | ||
throw e; | ||
} | ||
} | ||
@@ -83,0 +124,0 @@ const result = Provider_1.parseUpdateInfo(rawData, channelFile, channelFileUrl); |
{ | ||
"name": "electron-updater", | ||
"version": "5.0.0-alpha.1", | ||
"version": "5.0.0-alpha.2", | ||
"description": "Cross platform updater for electron applications", | ||
@@ -5,0 +5,0 @@ "main": "out/main.js", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
416631
3794