mysigner 0.1.2 → 0.1.4

data/lib/mysigner/upload/asc_rest_uploader.rb

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+require 'digest'
+require 'faraday'
+require 'uri'
+
+module Mysigner
+  module Upload
+    class AscRestUploader
+      # Raised when Apple rejects the /v1/buildUploads POST with a 409
+      # (duplicate CFBundleVersion). Callers should translate this into a
+      # "bump your build number" hint rather than a generic "Unexpected error".
+      class BuildVersionConflictError < StandardError; end
+
+      TERMINAL_APPLE_STATES = %w[COMPLETE FAILED INVALIDATED].freeze
+      POLL_INTERVAL = 10
+      POLL_TIMEOUT  = 600
+      CHUNK_RETRIES = 2
+
+      def initialize(client:, organization_id:, ipa_path:, apple_app_id:,
+                     cf_bundle_version:, cf_bundle_short_version_string:,
+                     platform: 'IOS', poll_interval: POLL_INTERVAL, poll_timeout: POLL_TIMEOUT)
+        @client = client
+        @org_id = organization_id
+        @ipa_path = ipa_path
+        @apple_app_id = apple_app_id
+        @cf_bundle_version = cf_bundle_version
+        @cf_bundle_short_version_string = cf_bundle_short_version_string
+        @platform = platform
+        @poll_interval = poll_interval
+        @poll_timeout = poll_timeout
+      end
+
+      def call
+        begin
+          resp = @client.post(
+            "/api/v1/organizations/#{@org_id}/builds/asc_upload",
+            body: {
+              apple_app_id: @apple_app_id,
+              cf_bundle_version: @cf_bundle_version,
+              cf_bundle_short_version_string: @cf_bundle_short_version_string,
+              platform: @platform,
+              file_name: File.basename(@ipa_path),
+              file_size: File.size(@ipa_path)
+            }
+          )
+        rescue StandardError => e
+          # Apple returns 409 from /v1/buildUploads when a build with the
+          # same CFBundleVersion already exists for this app. Surface a
+          # useful message instead of letting the caller print the raw
+          # "ASC /v1/buildUploads returned 409" string.
+          if e.message =~ /\b(409|buildUploads returned 409|duplicate)/i
+            raise BuildVersionConflictError,
+                  "Apple refused the upload: build #{@cf_bundle_version} already exists for this app (CFBundleVersion must be unique). " \
+                  'Bump CFBundleVersion in your Xcode project and re-archive, then retry.'
+          end
+          raise
+        end
+        data = resp[:data]
+        build_upload_id = data['build_upload_id']
+        ops             = data['upload_operations']
+
+        File.open(@ipa_path, 'rb') do |f|
+          ops.each { |op| put_chunk_with_retry(f, op) }
+        end
+
+        md5 = Digest::MD5.file(@ipa_path).hexdigest
+        sha = Digest::SHA256.file(@ipa_path).hexdigest
+
+        @client.patch(
+          "/api/v1/organizations/#{@org_id}/builds/asc_upload/#{build_upload_id}",
+          body: { uploaded: true, source_file_checksums: { md5: md5, sha256: sha } }
+        )
+
+        final = poll_until_terminal(build_upload_id)
+        { build_upload_id: build_upload_id, final_state: final }
+      end
+
+      private
+
+      def put_chunk_with_retry(file, operation)
+        # Defense-in-depth: Apple's signed URLs are always https. If the
+        # server ever returns an http:// URL, refuse to PUT the chunk — that
+        # would leak the .ipa bytes (and auth headers) in clear text.
+        scheme = URI.parse(operation['url'].to_s).scheme
+        raise "refusing non-https upload URL (scheme=#{scheme.inspect})" unless scheme == 'https'
+
+        file.seek(operation['offset'])
+        bytes = file.read(operation['length'])
+        attempts = 0
+        begin
+          conn = Faraday.new { |f| f.adapter Faraday.default_adapter }
+          resp = conn.public_send(operation['method'].downcase) do |req|
+            req.url operation['url']
+            (operation['requestHeaders'] || []).each { |h| req.headers[h['name']] = h['value'] }
+            req.body = bytes
+          end
+          raise "chunk PUT failed #{resp.status}" unless resp.status.between?(200, 299)
+        rescue StandardError
+          attempts += 1
+          retry if attempts <= CHUNK_RETRIES
+          raise
+        end
+      end
+
+      def poll_until_terminal(build_upload_id)
+        deadline = Time.now + @poll_timeout
+        loop do
+          resp = @client.get("/api/v1/organizations/#{@org_id}/builds/asc_upload/#{build_upload_id}")
+          state = resp[:data]['apple_state']
+          return state if TERMINAL_APPLE_STATES.include?(state)
+          return 'TIMEOUT' if Time.now > deadline
+
+          sleep @poll_interval
+        end
+      end
+    end
+  end
+end

data/lib/mysigner/upload/play_store_uploader.rb

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
+
 require 'json'
-require 'stringio'
 
 module Mysigner
   module Upload
@@ -7,12 +8,12 @@ module Mysigner
       class UploadError < Mysigner::Error; end
       class CredentialsError < UploadError; end
       class TrackError < UploadError; end
-      
+
       # Special error for when AAB uploaded but track assignment failed
       # This carries the version_code so it can be saved to prevent conflicts
       class PartialUploadError < UploadError
         attr_reader :version_code
-        
+
         def initialize(message, version_code:)
           super(message)
           @version_code = version_code
@@ -20,13 +21,19 @@ module Mysigner
       end
 
       VALID_TRACKS = %w[internal alpha beta production].freeze
-      SCOPE = 'https://www.googleapis.com/auth/androidpublisher'.freeze
+      SCOPE = 'https://www.googleapis.com/auth/androidpublisher'
 
-      def initialize(aab_path:, service_account_json:, package_name:)
+      # Phase 0: accepts a short-lived OAuth2 access_token (minted server-side
+      # from the customer's service-account JSON). The JSON no longer leaves
+      # the server. google-api-ruby-client accepts a bare string for
+      # authorization= and sends it as `Authorization: Bearer <token>`.
+      def initialize(aab_path:, access_token:, package_name:)
         @aab_path = File.expand_path(aab_path)
-        @service_account_json = service_account_json
+        @access_token = access_token
         @package_name = package_name
 
+        raise CredentialsError, 'access_token is required' if @access_token.nil? || @access_token.to_s.empty?
+
         validate_aab!
         setup_google_client!
       end
@@ -35,13 +42,22 @@ module Mysigner
       # @param track [String] Track to assign: internal, alpha, beta, production
       # @param release_notes [Hash] Localized release notes { 'en-US' => 'What\'s new...' }
       # @param user_fraction [Float] Rollout percentage (0.0-1.0) for staged rollouts
+      # @param status [String] Explicit release status: draft | inProgress | completed.
+      #   Overrides the user_fraction-derived default. `draft` is useful for
+      #   "upload, don't release yet" flows that iOS-MANUAL users expect.
+      # @param in_app_update_priority [Integer] 0–5 priority hint for in-app update flows
+      # @param release_name [String] Optional release name (defaults to AAB versionName)
+      # @param country_targeting [Hash] { countries: ['US','CA'], include_rest_of_world: false }
+      # @param changes_not_sent_for_review [Boolean] Skip submitting changes to Play review on commit
       # @return [Hash] Upload result with version_code and track info
-      def upload!(track: 'internal', release_notes: nil, user_fraction: nil)
-        @current_track = track  # Store for error messages
+      def upload!(track: 'internal', release_notes: nil, user_fraction: nil,
+                  status: nil, in_app_update_priority: nil, release_name: nil,
+                  country_targeting: nil, changes_not_sent_for_review: nil)
+        @current_track = track # Store for error messages
         say_uploading(track)
 
         version_code = nil
-        
+
         begin
           # 1. Create an edit
           edit = create_edit
@@ -54,11 +70,19 @@ module Mysigner
 
           # 3. Assign to track with release
           if track
-            assign_to_track(edit.id, track, version_code, release_notes: release_notes, user_fraction: user_fraction)
+            assign_to_track(
+              edit.id, track, version_code,
+              release_notes: release_notes,
+              user_fraction: user_fraction,
+              status: status,
+              in_app_update_priority: in_app_update_priority,
+              release_name: release_name,
+              country_targeting: country_targeting
+            )
           end
 
           # 4. Commit the edit
-          commit_edit(edit.id)
+          commit_edit(edit.id, changes_not_sent_for_review: changes_not_sent_for_review)
 
           say_success(track, version_code)
 
@@ -71,20 +95,16 @@ module Mysigner
         rescue Google::Apis::ClientError => e
           error_message = parse_google_error(e)
           # If AAB was uploaded, raise PartialUploadError so CLI can save the version
-          if version_code
-            raise PartialUploadError.new("Google Play API error: #{error_message}", version_code: version_code)
-          else
-            raise UploadError, "Google Play API error: #{error_message}"
-          end
+          raise PartialUploadError.new("Google Play API error: #{error_message}", version_code: version_code) if version_code
+
+          raise UploadError, "Google Play API error: #{error_message}"
         rescue PartialUploadError
           # Re-raise as-is
           raise
-        rescue => e
-          if version_code
-            raise PartialUploadError.new("Upload failed: #{e.message}", version_code: version_code)
-          else
-            raise UploadError, "Upload failed: #{e.message}"
-          end
+        rescue StandardError => e
+          raise PartialUploadError.new("Upload failed: #{e.message}", version_code: version_code) if version_code
+
+          raise UploadError, "Upload failed: #{e.message}"
         end
       end
 
@@ -110,14 +130,14 @@ module Mysigner
         rescue Google::Apis::ClientError => e
           error_message = parse_google_error(e)
           raise UploadError, "Google Play API error: #{error_message}"
-        rescue => e
+        rescue StandardError => e
           raise UploadError, "Upload failed: #{e.message}"
         end
       end
 
       # Assign an existing version code to a track
       def assign_existing_to_track!(version_code, track:, release_notes: nil, user_fraction: nil)
-        @current_track = track  # Store for error messages
+        @current_track = track # Store for error messages
         begin
           edit = create_edit
           assign_to_track(edit.id, track, version_code, release_notes: release_notes, user_fraction: user_fraction)
@@ -138,55 +158,36 @@ module Mysigner
       private
 
       def validate_aab!
-        unless File.exist?(@aab_path)
-          raise UploadError, "AAB file not found: #{@aab_path}"
-        end
+        raise UploadError, "AAB file not found: #{@aab_path}" unless File.exist?(@aab_path)
 
-        unless @aab_path.end_with?('.aab')
-          raise UploadError, "Invalid file type: #{@aab_path} (must be .aab)"
-        end
+        raise UploadError, "Invalid file type: #{@aab_path} (must be .aab)" unless @aab_path.end_with?('.aab')
 
         file_size = File.size(@aab_path)
-        if file_size < 10_000
-          raise UploadError, "AAB file seems too small: #{file_size} bytes (possible corruption)"
-        end
+        return unless file_size < 10_000
+
+        raise UploadError, "AAB file seems too small: #{file_size} bytes (possible corruption)"
       end
 
       def setup_google_client!
-        require 'googleauth'
         require 'google/apis/androidpublisher_v3'
 
-        # Parse and validate service account JSON
-        begin
-          @credentials_data = JSON.parse(@service_account_json)
-        rescue JSON::ParserError => e
-          raise CredentialsError, "Invalid service account JSON: #{e.message}"
-        end
-
-        # Build authorization
-        @auth = Google::Auth::ServiceAccountCredentials.make_creds(
-          json_key_io: StringIO.new(@service_account_json),
-          scope: SCOPE
-        )
-
-        # Create service
+        # Create service with the bare bearer token. google-api-ruby-client
+        # sends a string authorization as `Authorization: Bearer <string>`.
         @service = Google::Apis::AndroidpublisherV3::AndroidPublisherService.new
-        @service.authorization = @auth
+        @service.authorization = @access_token
         @service.client_options.open_timeout_sec = 30
-        @service.client_options.read_timeout_sec = 300  # Large file uploads need time
+        @service.client_options.read_timeout_sec = 300 # Large file uploads need time
         @service.request_options.retries = 3
-
-      rescue LoadError => e
-        raise CredentialsError, "Google API client not installed. Run: gem install google-api-client"
+      rescue LoadError
+        raise CredentialsError, 'Google API client not installed. Run: gem install google-api-client'
       end
 
       def create_edit
         edit = Google::Apis::AndroidpublisherV3::AppEdit.new
         @service.insert_edit(@package_name, edit)
       rescue Google::Apis::ClientError => e
-        if e.message.include?("Package not found") || e.status_code == 404
-          raise UploadError, first_upload_error_message
-        end
+        raise UploadError, first_upload_error_message if e.message.include?('Package not found') || e.status_code == 404
+
         raise
       end
 
@@ -209,39 +210,50 @@ module Mysigner
 
       def upload_bundle(edit_id)
         puts "📦 Uploading AAB (#{format_bytes(File.size(@aab_path))})..."
-        puts ""
+        puts ''
 
         begin
-          result = @service.upload_edit_bundle(
+          @service.upload_edit_bundle(
             @package_name,
             edit_id,
             upload_source: @aab_path,
             content_type: 'application/octet-stream'
           )
-          result
         rescue Google::Apis::ClientError => e
           error_msg = parse_google_error(e)
           raise UploadError, "Bundle upload failed: #{error_msg}"
-        rescue => e
+        rescue StandardError => e
           raise UploadError, "Bundle upload failed: #{e.message}"
         end
       end
 
-      def assign_to_track(edit_id, track, version_code, release_notes: nil, user_fraction: nil)
-        unless VALID_TRACKS.include?(track)
-          raise TrackError, "Invalid track '#{track}'. Valid tracks: #{VALID_TRACKS.join(', ')}"
-        end
+      def assign_to_track(edit_id, track, version_code, release_notes: nil, user_fraction: nil,
+                          status: nil, in_app_update_priority: nil, release_name: nil,
+                          country_targeting: nil)
+        raise TrackError, "Invalid track '#{track}'. Valid tracks: #{VALID_TRACKS.join(', ')}" unless VALID_TRACKS.include?(track)
 
         puts "🚂 Assigning to #{track} track..."
 
-        # Build release
+        # Status precedence: explicit `status:` arg > user_fraction-derived >
+        # completed. Google Play rejects `userFraction` outside (0,1) and also
+        # rejects it when status != inProgress, so we clear it when the
+        # caller-provided status is non-rollout.
+        effective_status = if status && %w[draft inProgress halted completed].include?(status)
+                             status
+                           elsif user_fraction
+                             'inProgress'
+                           else
+                             'completed'
+                           end
+
         release = Google::Apis::AndroidpublisherV3::TrackRelease.new(
           version_codes: [version_code.to_s],
-          status: user_fraction ? 'inProgress' : 'completed'
+          status: effective_status
         )
 
-        # Add release notes if provided
-        if release_notes && release_notes.any?
+        release.name = release_name if release_name
+
+        if release_notes&.any?
           release.release_notes = release_notes.map do |lang, text|
             Google::Apis::AndroidpublisherV3::LocalizedText.new(
               language: lang,
@@ -250,12 +262,16 @@ module Mysigner
           end
         end
 
-        # Add user fraction for staged rollouts
-        if user_fraction
-          release.user_fraction = user_fraction
+        release.user_fraction = user_fraction if user_fraction && effective_status == 'inProgress'
+        release.in_app_update_priority = in_app_update_priority if in_app_update_priority
+
+        if country_targeting.is_a?(Hash) && country_targeting[:countries].is_a?(Array) && country_targeting[:countries].any?
+          release.country_targeting = Google::Apis::AndroidpublisherV3::CountryTargeting.new(
+            countries: country_targeting[:countries],
+            include_rest_of_world: country_targeting.fetch(:include_rest_of_world, false)
+          )
         end
 
-        # Build track update
         track_obj = Google::Apis::AndroidpublisherV3::Track.new(
           track: track,
           releases: [release]
@@ -264,104 +280,108 @@ module Mysigner
         @service.update_edit_track(@package_name, edit_id, track, track_obj)
       end
 
-      def commit_edit(edit_id)
-        puts "💾 Committing changes..."
-        begin
-          # Try with changesNotSentForReview first (for apps without managed review)
-          @service.commit_edit(@package_name, edit_id, changes_not_sent_for_review: true)
-        rescue Google::Apis::ClientError => e
-          error_text = e.message.to_s
-          # Also check body if present
-          if e.respond_to?(:body) && e.body
-            error_text += " #{e.body}"
-          end
-          
-          if error_text.include?('changesNotSentForReview')
-            # App has managed review enabled, commit without the flag
+      # Commit the edit. When `changes_not_sent_for_review` is nil (the
+      # historical default) we opt-in (true) and fall back to false if Google
+      # rejects — some apps have Play-managed review that forbids the flag.
+      # When the caller passes an explicit boolean (from cli_defaults), we
+      # pass it through without the fallback retry.
+      def commit_edit(edit_id, changes_not_sent_for_review: nil)
+        puts '💾 Committing changes...'
+
+        if changes_not_sent_for_review.nil?
+          begin
+            @service.commit_edit(@package_name, edit_id, changes_not_sent_for_review: true)
+          rescue Google::Apis::ClientError => e
+            error_text = e.message.to_s
+            error_text += " #{e.body}" if e.respond_to?(:body) && e.body
+            raise unless error_text.include?('changesNotSentForReview')
+
             @service.commit_edit(@package_name, edit_id)
-          else
-            raise
           end
+        else
+          @service.commit_edit(@package_name, edit_id, changes_not_sent_for_review: !!changes_not_sent_for_review)
         end
       end
 
       def parse_google_error(error)
-        begin
-          body = nil
-          if error.respond_to?(:body) && error.body
-            body = JSON.parse(error.body) rescue nil
-          end
-          
-          message = body&.dig('error', 'message') || error.message
-          details = body&.dig('error', 'errors')&.map { |e| e['message'] }&.join('; ')
-          full_message = details ? "#{message} (#{details})" : message
-          
-          # Provide helpful context for common errors
-          case full_message.to_s.downcase
-          when /package.*not found/i, /app not found/i
-            "#{full_message}\n\n💡 Make sure the package name '#{@package_name}' matches your app in Google Play Console."
-          when /not authorized/i, /permission denied/i, /forbidden/i
-            "#{full_message}\n\n💡 Check that your service account has Editor or Admin access to the app in Google Play Console."
-          when /version.*code.*already/i, /already.*used/i
-            "#{full_message}\n\n💡 Version code already exists. Increment versionCode in android/app/build.gradle and rebuild."
-          when /precondition.*check.*failed/i, /precondition.*failed/i
-            track_name = @current_track || "this track"
-            "#{full_message}\n\n" \
-            "💡 Google Play Console requires setup before publishing to #{track_name}:\n\n" \
-            "   For PRODUCTION track:\n" \
-            "   • Complete store listing (description, screenshots, etc.)\n" \
-            "   • Set content rating\n" \
-            "   • Configure pricing & distribution\n\n" \
-            "   For BETA/ALPHA tracks:\n" \
-            "   • Create a closed/open testing track in Play Console\n" \
-            "   • Add at least one tester email\n\n" \
-            "   For INTERNAL track:\n" \
-            "   • Add internal testers in Play Console\n\n" \
-            "   ✅ Your AAB was uploaded successfully!\n" \
-            "   → Go to Play Console to complete track setup, then use:\n" \
-            "     mysigner submit #{track_name} --platform android --version-code VERSION"
-          when /invalid request/i
-            "#{full_message}\n\n💡 Common causes:\n" \
-            "   • Version code not found on Google Play (must upload first)\n" \
-            "   • App not created in Google Play Console\n" \
-            "   • Service account missing permissions"
-          when /signing/i, /signature/i
-            "#{full_message}\n\n💡 The AAB may not be signed with the correct key. Check your keystore matches what's registered in Play Console."
-          else
-            full_message
+        body = nil
+        if error.respond_to?(:body) && error.body
+          body = begin
+            JSON.parse(error.body)
+          rescue StandardError
+            nil
           end
-        rescue => parse_error
-          "#{error.message} (parsing error: #{parse_error.message})"
         end
+
+        message = body&.dig('error', 'message') || error.message
+        details = body&.dig('error', 'errors')&.map { |e| e['message'] }&.join('; ')
+        full_message = details ? "#{message} (#{details})" : message
+
+        # Provide helpful context for common errors
+        case full_message.to_s.downcase
+        when /package.*not found/i, /app not found/i
+          "#{full_message}\n\n💡 Make sure the package name '#{@package_name}' matches your app in Google Play Console."
+        when /not authorized/i, /permission denied/i, /forbidden/i
+          "#{full_message}\n\n💡 Check that your service account has Editor or Admin access to the app in Google Play Console."
+        when /version.*code.*already/i, /already.*used/i
+          "#{full_message}\n\n💡 Version code already exists. Increment versionCode in android/app/build.gradle and rebuild."
+        when /precondition.*check.*failed/i, /precondition.*failed/i
+          track_name = @current_track || 'this track'
+          "#{full_message}\n\n" \
+            "💡 Google Play Console requires setup before publishing to #{track_name}:\n\n   " \
+            "For PRODUCTION track:\n   " \
+            "• Complete store listing (description, screenshots, etc.)\n   " \
+            "• Set content rating\n   " \
+            "• Configure pricing & distribution\n\n   " \
+            "For BETA/ALPHA tracks:\n   " \
+            "• Create a closed/open testing track in Play Console\n   " \
+            "• Add at least one tester email\n\n   " \
+            "For INTERNAL track:\n   " \
+            "• Add internal testers in Play Console\n\n   " \
+            "✅ Your AAB was uploaded successfully!\n   " \
+            "→ Go to Play Console to complete track setup, then use:\n     " \
+            "mysigner submit #{track_name} --platform android --version-code VERSION"
+        when /invalid request/i
+          "#{full_message}\n\n💡 Common causes:\n   " \
+          "• Version code not found on Google Play (must upload first)\n   " \
+          "• App not created in Google Play Console\n   " \
+          '• Service account missing permissions'
+        when /signing/i, /signature/i
+          "#{full_message}\n\n💡 The AAB may not be signed with the correct key. Check your keystore matches what's registered in Play Console."
+        else
+          full_message
+        end
+      rescue StandardError => e
+        "#{error.message} (parsing error: #{e.message})"
       end
 
       def say_uploading(track)
-        puts "☁️  Uploading to Google Play#{track ? " (#{track} track)" : ''}..."
-        puts ""
+        puts "☁️  Uploading to Google Play#{" (#{track} track)" if track}..."
+        puts ''
         puts "AAB:         #{File.basename(@aab_path)}"
         puts "Size:        #{format_bytes(File.size(@aab_path))}"
         puts "Package:     #{@package_name}"
         puts "Track:       #{track || 'none (upload only)'}"
-        puts ""
+        puts ''
       end
 
       def say_upload_success(version_code)
         puts "✓ Bundle uploaded successfully (version code: #{version_code})"
-        puts ""
+        puts ''
       end
 
       def say_success(track, version_code)
-        puts ""
-        puts "=" * 80
-        puts "✓ Upload complete!"
-        puts "=" * 80
-        puts ""
+        puts ''
+        puts '=' * 80
+        puts '✓ Upload complete!'
+        puts '=' * 80
+        puts ''
         puts "🎉 Your app is now on Google Play (#{track} track)"
-        puts ""
+        puts ''
         puts "Version Code: #{version_code}"
         puts "Package:      #{@package_name}"
         puts "Track:        #{track}"
-        puts ""
+        puts ''
       end
 
       def format_bytes(bytes)