@capgo/capacitor-fast-sql 8.0.17 → 8.0.19

package/README.md

@@ -55,7 +55,7 @@ This plugin provides direct native SQLite database access with a custom communic
 
 ## iOS Configuration
 
-Add to your `Info.plist` if you encounter any issues:
+This plugin runs a local HTTP server on `localhost`. iOS App Transport Security (ATS) blocks cleartext HTTP by default, so you **must** allow local networking in your `Info.plist`:
 
 ```xml
 <key>NSAppTransportSecurity</key>
@@ -65,9 +65,36 @@ Add to your `Info.plist` if you encounter any issues:
 </dict>
 ```
 
+This only permits cleartext to loopback addresses (`localhost` / `127.0.0.1`) — it does not weaken ATS for external connections.
+
 ## Android Configuration
 
-Add to your `AndroidManifest.xml` if needed:
+This plugin runs a local HTTP server on `localhost` to bypass Capacitor's bridge for performance. Android 9+ blocks cleartext (non-HTTPS) traffic by default, so you **must** allow it for `localhost`.
+
+**Option A — Scoped to localhost only (recommended):**
+
+Create `android/app/src/main/res/xml/network_security_config.xml`:
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <domain-config cleartextTrafficPermitted="true">
+        <domain includeSubdomains="false">localhost</domain>
+        <domain includeSubdomains="false">127.0.0.1</domain>
+    </domain-config>
+</network-security-config>
+```
+
+Then reference it in your `AndroidManifest.xml`:
+
+```xml
+<application
+    android:networkSecurityConfig="@xml/network_security_config">
+    ...
+</application>
+```
+
+**Option B — Allow all cleartext (simpler but less secure):**
 
 ```xml
 <application
@@ -76,9 +103,27 @@ Add to your `AndroidManifest.xml` if needed:
 </application>
 ```
 
-## Encryption (iOS/Android)
+## Encryption (Android)
+
+Encryption uses [SQLCipher](https://www.zetetic.net/sqlcipher/) and is opt-in. Add the SQLCipher dependency to your **app-level** `build.gradle`:
+
+```gradle
+dependencies {
+    implementation 'net.zetetic:sqlcipher-android:4.13.0'
+}
+```
+
+Then connect with encryption enabled:
+
+```typescript
+const db = await FastSQL.connect({
+  database: 'secure',
+  encrypted: true,
+  encryptionKey: 'my-secret-key',
+});
+```
 
-Set `encrypted: true` and provide an `encryptionKey` when connecting. This uses SQLCipher on mobile platforms (ensure SQLCipher is linked on iOS if you use SwiftPM).
+If SQLCipher is not installed and `encrypted: true` is passed, the plugin returns a clear error message instead of crashing.
 
 ## Usage
 

package/android/build.gradle

@@ -54,7 +54,7 @@ dependencies {
     implementation 'androidx.sqlite:sqlite:2.6.2'
     implementation 'com.google.code.gson:gson:2.13.2'
     implementation 'org.nanohttpd:nanohttpd:2.3.1'
-    implementation 'net.zetetic:sqlcipher-android:4.13.0'
+    compileOnly 'net.zetetic:sqlcipher-android:4.13.0'
     testImplementation "junit:junit:$junitVersion"
     androidTestImplementation "androidx.test.ext:junit:$androidxJunitVersion"
     androidTestImplementation "androidx.test.espresso:espresso-core:$androidxEspressoCoreVersion"

package/android/src/main/java/app/capgo/capacitor/fastsql/CapgoCapacitorFastSqlPlugin.java

@@ -19,7 +19,7 @@ import java.util.Map;
 @CapacitorPlugin(name = "CapgoCapacitorFastSql")
 public class CapgoCapacitorFastSqlPlugin extends Plugin {
 
-    private final String pluginVersion = "8.0.17";
+    private final String pluginVersion = "8.0.19";
 
     private Map<String, DatabaseConnection> databases = new HashMap<>();
     private SQLHTTPServer server;
@@ -57,6 +57,16 @@ public class CapgoCapacitorFastSqlPlugin extends Plugin {
             // Open database
             DatabaseConnection db;
             if (encrypted) {
+                try {
+                    Class.forName("net.zetetic.database.sqlcipher.SQLiteDatabase");
+                } catch (ClassNotFoundException e) {
+                    call.reject(
+                        "Encryption is not available. " +
+                            "Add 'implementation \"net.zetetic:sqlcipher-android:4.13.0\"' " +
+                            "to your app's build.gradle to enable encryption."
+                    );
+                    return;
+                }
                 db = new EncryptedSQLDatabase(dbFile.getAbsolutePath(), encryptionKey);
             } else {
                 db = new SQLDatabase(dbFile.getAbsolutePath());

package/android/src/main/java/app/capgo/capacitor/fastsql/EncryptedSQLDatabase.java

@@ -23,6 +23,16 @@ public class EncryptedSQLDatabase implements DatabaseConnection {
         if (encryptionKey == null || encryptionKey.isEmpty()) {
             throw new Exception("Encryption key is required when encrypted is true");
         }
+        try {
+            System.loadLibrary("sqlcipher");
+        } catch (UnsatisfiedLinkError e) {
+            throw new Exception(
+                "SQLCipher native library not found. " +
+                    "Add 'implementation \"net.zetetic:sqlcipher-android:4.13.0\"' " +
+                    "to your app's build.gradle to enable encryption.",
+                e
+            );
+        }
         byte[] keyBytes = encryptionKey.getBytes(StandardCharsets.UTF_8);
         this.db = SQLiteDatabase.openOrCreateDatabase(path, keyBytes, null, null);
         // Enable foreign keys

package/android/src/main/java/app/capgo/capacitor/fastsql/SQLHTTPServer.java

@@ -40,24 +40,33 @@ public class SQLHTTPServer extends NanoHTTPD {
         return getListeningPort();
     }
 
+    private Response addCorsHeaders(Response response) {
+        response.addHeader("Access-Control-Allow-Origin", "*");
+        response.addHeader("Access-Control-Allow-Methods", "POST, OPTIONS");
+        response.addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Database");
+        response.addHeader("Access-Control-Max-Age", "86400");
+        return response;
+    }
+
     @Override
     public Response serve(IHTTPSession session) {
-        // Check authentication
+        if (Method.OPTIONS.equals(session.getMethod())) {
+            return addCorsHeaders(newFixedLengthResponse(Response.Status.OK, "text/plain", ""));
+        }
+
         String authHeader = session.getHeaders().get("authorization");
         if (authHeader == null || !authHeader.equals("Bearer " + token)) {
-            return newFixedLengthResponse(Response.Status.UNAUTHORIZED, "text/plain", "Unauthorized");
+            return addCorsHeaders(newFixedLengthResponse(Response.Status.UNAUTHORIZED, "text/plain", "Unauthorized"));
         }
 
-        // Get database name
         String database = session.getHeaders().get("x-database");
         if (database == null) {
-            return newFixedLengthResponse(Response.Status.BAD_REQUEST, "text/plain", "Database header required");
+            return addCorsHeaders(newFixedLengthResponse(Response.Status.BAD_REQUEST, "text/plain", "Database header required"));
         }
 
-        // Check if database exists
         DatabaseConnection db = databases.get(database);
         if (db == null) {
-            return newFixedLengthResponse(Response.Status.NOT_FOUND, "text/plain", "Database not found");
+            return addCorsHeaders(newFixedLengthResponse(Response.Status.NOT_FOUND, "text/plain", "Database not found"));
         }
 
         String uri = session.getUri();
@@ -65,20 +74,20 @@ public class SQLHTTPServer extends NanoHTTPD {
 
         try {
             if (method == Method.POST && uri.equals("/execute")) {
-                return handleExecute(session, db);
+                return addCorsHeaders(handleExecute(session, db));
             } else if (method == Method.POST && uri.equals("/batch")) {
-                return handleBatch(session, db);
+                return addCorsHeaders(handleBatch(session, db));
             } else if (method == Method.POST && uri.equals("/transaction/begin")) {
-                return handleBeginTransaction(db);
+                return addCorsHeaders(handleBeginTransaction(db));
             } else if (method == Method.POST && uri.equals("/transaction/commit")) {
-                return handleCommitTransaction(db);
+                return addCorsHeaders(handleCommitTransaction(db));
             } else if (method == Method.POST && uri.equals("/transaction/rollback")) {
-                return handleRollbackTransaction(db);
+                return addCorsHeaders(handleRollbackTransaction(db));
             } else {
-                return newFixedLengthResponse(Response.Status.NOT_FOUND, "text/plain", "Endpoint not found");
+                return addCorsHeaders(newFixedLengthResponse(Response.Status.NOT_FOUND, "text/plain", "Endpoint not found"));
             }
         } catch (Exception e) {
-            return newFixedLengthResponse(Response.Status.INTERNAL_ERROR, "text/plain", "Error: " + e.getMessage());
+            return addCorsHeaders(newFixedLengthResponse(Response.Status.INTERNAL_ERROR, "text/plain", "Error: " + e.getMessage()));
         }
     }
 

package/ios/Sources/CapgoCapacitorFastSqlPlugin/CapgoCapacitorFastSqlPlugin.swift

@@ -10,7 +10,7 @@ import SQLite3
  */
 @objc(CapgoCapacitorFastSqlPlugin)
 public class CapgoCapacitorFastSqlPlugin: CAPPlugin, CAPBridgedPlugin {
-    private let pluginVersion: String = "8.0.17"
+    private let pluginVersion: String = "8.0.19"
     public let identifier = "CapgoCapacitorFastSqlPlugin"
     public let jsName = "CapgoCapacitorFastSql"
     public let pluginMethods: [CAPPluginMethod] = [

package/ios/Sources/CapgoCapacitorFastSqlPlugin/SQLHTTPServer.swift

@@ -45,17 +45,48 @@ class SQLHTTPServer {
         isRunning = false
     }
 
+    // MARK: - CORS Headers
+
+    private let corsHeaders: HTTPHeaders = [
+        .accessControlAllowOrigin: "*",
+        .accessControlAllowMethods: "POST, OPTIONS",
+        .accessControlAllowHeaders: "Content-Type, Authorization, X-Database",
+        .accessControlMaxAge: "86400"
+    ]
+
+    private func corsPreflightResponse() -> HTTPResponse {
+        return HTTPResponse(.ok, headers: corsHeaders)
+    }
+
+    private func addCorsHeaders(_ response: HTTPResponse) -> HTTPResponse {
+        for (key, value) in corsHeaders {
+            response.headers[key] = value
+        }
+        return response
+    }
+
     // MARK: - Route Setup
 
     private func setupRoutes() {
         guard let server = server else { return }
 
+        // CORS preflight for all endpoints
+        let preflightPaths = ["/execute", "/batch", "/transaction/begin", "/transaction/commit", "/transaction/rollback"]
+        for path in preflightPaths {
+            server.route(.OPTIONS, path) { [weak self] _ in
+                guard let self = self else {
+                    return HTTPResponse(.internalServerError)
+                }
+                return self.corsPreflightResponse()
+            }
+        }
+
         // Execute endpoint
         server.route(.POST, "/execute") { [weak self] request in
             guard let self = self else {
                 return HTTPResponse(.internalServerError)
             }
-            return self.handleExecuteRequest(request: request)
+            return self.addCorsHeaders(self.handleExecuteRequest(request: request))
         }
 
         // Batch endpoint
@@ -63,7 +94,7 @@ class SQLHTTPServer {
             guard let self = self else {
                 return HTTPResponse(.internalServerError)
             }
-            return self.handleBatchRequest(request: request)
+            return self.addCorsHeaders(self.handleBatchRequest(request: request))
         }
 
         // Transaction endpoints
@@ -71,21 +102,21 @@ class SQLHTTPServer {
             guard let self = self else {
                 return HTTPResponse(.internalServerError)
             }
-            return self.handleBeginTransactionRequest(request: request)
+            return self.addCorsHeaders(self.handleBeginTransactionRequest(request: request))
         }
 
         server.route(.POST, "/transaction/commit") { [weak self] request in
             guard let self = self else {
                 return HTTPResponse(.internalServerError)
             }
-            return self.handleCommitTransactionRequest(request: request)
+            return self.addCorsHeaders(self.handleCommitTransactionRequest(request: request))
         }
 
         server.route(.POST, "/transaction/rollback") { [weak self] request in
             guard let self = self else {
                 return HTTPResponse(.internalServerError)
             }
-            return self.handleRollbackTransactionRequest(request: request)
+            return self.addCorsHeaders(self.handleRollbackTransactionRequest(request: request))
         }
     }
 
@@ -167,7 +198,7 @@ class SQLHTTPServer {
         do {
             let result = try db.execute(statement: statement, params: params)
             let resultData = try JSONSerialization.data(withJSONObject: result)
-            return HTTPResponse(.ok, headers: ["Content-Type": "application/json"], body: resultData)
+            return HTTPResponse(.ok, headers: [.contentType: "application/json"], body: resultData)
         } catch {
             let errorData = "Error: \(error.localizedDescription)".data(using: .utf8)!
             return HTTPResponse(.internalServerError, body: errorData)
@@ -215,7 +246,7 @@ class SQLHTTPServer {
             }
 
             let resultData = try JSONSerialization.data(withJSONObject: results)
-            return HTTPResponse(.ok, headers: ["Content-Type": "application/json"], body: resultData)
+            return HTTPResponse(.ok, headers: [.contentType: "application/json"], body: resultData)
         } catch {
             let errorData = "Error: \(error.localizedDescription)".data(using: .utf8)!
             return HTTPResponse(.internalServerError, body: errorData)
@@ -244,7 +275,7 @@ class SQLHTTPServer {
         do {
             try db.beginTransaction()
             let resultData = "{}".data(using: .utf8)!
-            return HTTPResponse(.ok, headers: ["Content-Type": "application/json"], body: resultData)
+            return HTTPResponse(.ok, headers: [.contentType: "application/json"], body: resultData)
         } catch {
             let errorData = "Error: \(error.localizedDescription)".data(using: .utf8)!
             return HTTPResponse(.internalServerError, body: errorData)
@@ -273,7 +304,7 @@ class SQLHTTPServer {
         do {
             try db.commitTransaction()
             let resultData = "{}".data(using: .utf8)!
-            return HTTPResponse(.ok, headers: ["Content-Type": "application/json"], body: resultData)
+            return HTTPResponse(.ok, headers: [.contentType: "application/json"], body: resultData)
         } catch {
             let errorData = "Error: \(error.localizedDescription)".data(using: .utf8)!
             return HTTPResponse(.internalServerError, body: errorData)
@@ -302,7 +333,7 @@ class SQLHTTPServer {
         do {
             try db.rollbackTransaction()
             let resultData = "{}".data(using: .utf8)!
-            return HTTPResponse(.ok, headers: ["Content-Type": "application/json"], body: resultData)
+            return HTTPResponse(.ok, headers: [.contentType: "application/json"], body: resultData)
         } catch {
             let errorData = "Error: \(error.localizedDescription)".data(using: .utf8)!
             return HTTPResponse(.internalServerError, body: errorData)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-fast-sql",
-  "version": "8.0.17",
+  "version": "8.0.19",
   "description": "High-performance native SQLite plugin with custom protocol for efficient sync operations and IndexedDB replacement",
   "main": "dist/plugin.cjs.js",
   "module": "dist/esm/index.js",