@capgo/capacitor-updater 7.41.1 → 7.42.3

package/ios/Sources/CapacitorUpdaterPlugin/CapacitorUpdaterPlugin.swift

@@ -16,7 +16,18 @@ import Version
  */
 @objc(CapacitorUpdaterPlugin)
 public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
-    let logger = Logger(withTag: "✨  CapgoUpdater")
+    lazy var logger: Logger = {
+        // Default to true for OS logging. In test environments without a bridge,
+        // this will default to true. In production, it reads from config.
+        let osLogging: Bool
+        if self.bridge != nil {
+            osLogging = getConfig().getBoolean("osLogging", true)
+        } else {
+            osLogging = true
+        }
+        let options = Logger.Options(useSyslog: osLogging)
+        return Logger(withTag: "✨  CapgoUpdater", options: options)
+    }()
 
     public let identifier = "CapacitorUpdaterPlugin"
     public let jsName = "CapacitorUpdater"
@@ -60,7 +71,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
         CAPPluginMethod(name: "completeFlexibleUpdate", returnType: CAPPluginReturnPromise)
     ]
     public var implementation = CapgoUpdater()
-    private let pluginVersion: String = "7.41.1"
+    private let pluginVersion: String = "7.42.3"
     static let updateUrlDefault = "https://plugin.capgo.app/updates"
     static let statsUrlDefault = "https://plugin.capgo.app/stats"
     static let channelUrlDefault = "https://plugin.capgo.app/channel_self"
@@ -382,6 +393,32 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
                 self.logger.info("Cleanup complete")
             }
 
+            // Michael (WcaleNieWolny) at 04.01.2026
+            // The following line of code contains a bug. After having evaluated it, I have decided not to fix it.
+            // The initial report: https://discord.com/channels/912707985829163099/1456985639345061969
+            // The bug happens in a very specific scenario. Here is the reproduction steps, followed by the lackof busniess impact
+            // Reproduction steps:
+            // 1. Install iOS app via app store. Version: 10.13.0. Version v10 of the app uses Capacitor 6 (6.3.13) - a version where the key was still "LatestVersionNative"
+            // 2. The plugin writes "10.13.0" to the key "LatestVersionNative"
+            // 3. Update the app to version 10.17.0 via Capgo.
+            // 4. Update the app via testflight to version 11.0.0. This version uses Capacitor 8 (8.41.3) - a version where the key was changed to "LatestNativeBuildVersion"
+            // 5. During the initial load of then new native version, the plugin will read "LatestNativeBuildVersion", not find it, read "LatestVersionNative", find it and revert to builtin version sucessfully.
+            // 6. The plugin writes "11.0.0" to the key "LatestNativeBuildVersion"
+            // 7. The app is now in a state where it is using the builtin version, but the key "LatestNativeBuildVersion" is still set to "11.0.0" and "LatestVersionNative" is still set to "10.13.0".
+            // 8. The user downgrades using app store back to version 10.13.0.
+            // 9. The old plugin reads "LatestVersionNative", finds "10.13.0," so it doesn't revert to builtin version. // <--- THIS IS THE FIRST PART OF THE BUG
+            // 10. "LatestVersionNative" is written to "10.13.0" but "LatestNativeBuildVersion" is not touched, and stays at "11.0.0"
+            // 11. A capgo update happesn to version 10.17.0.
+            // 12. The user updates again to version 11.0.0 via Testflight.
+            // 13. The plugin reads "LatestNativeBuildVersion", finds "11.0.0", so it doesn't revert to builtin version. It is unaware of the native update that happended.
+            // 14. Capgo loads the 10.13.0 version, while it should have loaded the builtin 11.0.0 version. // <--- THIS IS THE SECOND PART OF THE BUG
+            // The business impact:
+            // None - no one will ever be affected by this bug as reverting via app store should in practice never happen. You are not SUPPOSE to go from Capacitor v8 to v6.
+            // Downgrading isn't supported.
+            // Possible fixes:
+            // 1. Write "LatestVersionNative" - this fixes the part 1 of this bug
+            // 2. Compare both keys. If any is not equal to "currentBuildVersion", then revert to builtin version. This fixes the part 2 of this bug
+
             let previous = UserDefaults.standard.string(forKey: "LatestNativeBuildVersion") ?? UserDefaults.standard.string(forKey: "LatestVersionNative") ?? "0"
             if previous != "0" && self.currentBuildVersion != previous {
                 _ = self._reset(toLastSuccessful: false)
@@ -1571,6 +1608,9 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
     }
 
     @objc func appMovedToBackground() {
+        // Reset timeout flag at start of each background cycle
+        self.autoSplashscreenTimedOut = false
+
         let current: BundleInfo = self.implementation.getCurrentBundle()
         self.implementation.sendStats(action: "app_moved_to_background", versionName: current.getVersionName())
         logger.info("Check for pending update")

package/ios/Sources/CapacitorUpdaterPlugin/CapgoUpdater.swift

@@ -48,6 +48,12 @@ import UIKit
     // Flag to track if we've already sent the rate limit statistic - prevents infinite loop
     private static var rateLimitStatisticSent = false
 
+    // Stats batching - queue events and send max once per second
+    private var statsQueue: [StatsEvent] = []
+    private let statsQueueLock = NSLock()
+    private var statsFlushTimer: Timer?
+    private static let statsFlushInterval: TimeInterval = 1.0
+
     private var userAgent: String {
         let safePluginVersion = pluginVersion.isEmpty ? "unknown" : pluginVersion
         let safeAppId = appId.isEmpty ? "unknown" : appId
@@ -70,6 +76,15 @@ import UIKit
         self.logger = logger
     }
 
+    deinit {
+        // Invalidate the stats timer to prevent memory leaks
+        statsFlushTimer?.invalidate()
+        statsFlushTimer = nil
+
+        // Flush any remaining stats before deallocation
+        flushStatsQueue()
+    }
+
     private func calcTotalPercent(percent: Int, min: Int, max: Int) -> Int {
         return (percent * (max - min)) / 100 + min
     }
@@ -80,12 +95,20 @@ import UIKit
     }
 
     public func setPublicKey(_ publicKey: String) {
-        self.publicKey = publicKey
-        if !publicKey.isEmpty {
-            self.cachedKeyId = CryptoCipher.calcKeyId(publicKey: publicKey)
-        } else {
+        // Empty string means no encryption - proceed normally
+        if publicKey.isEmpty {
+            self.publicKey = ""
             self.cachedKeyId = nil
+            return
+        }
+
+        // Non-empty: must be a valid RSA key or crash
+        guard RSAPublicKey.load(rsaPublicKey: publicKey) != nil else {
+            fatalError("Invalid public key in capacitor.config.json: failed to parse RSA key. Remove the key or provide a valid PEM-formatted RSA public key.")
         }
+
+        self.publicKey = publicKey
+        self.cachedKeyId = CryptoCipher.calcKeyId(publicKey: publicKey)
     }
 
     public func getKeyId() -> String? {
@@ -360,6 +383,56 @@ import UIKit
         }
     }
 
+    private func populateDeltaCacheAsync(for id: String) {
+        DispatchQueue.global(qos: .utility).async { [weak self] in
+            self?.populateDeltaCache(for: id)
+        }
+    }
+
+    private func populateDeltaCache(for id: String) {
+        let bundleDir = self.getBundleDirectory(id: id)
+        let fileManager = FileManager.default
+
+        guard fileManager.fileExists(atPath: bundleDir.path) else {
+            logger.debug("Skip delta cache population: bundle dir missing")
+            return
+        }
+
+        do {
+            try fileManager.createDirectory(at: cacheFolder, withIntermediateDirectories: true, attributes: nil)
+        } catch {
+            logger.debug("Skip delta cache population: failed to create cache dir")
+            return
+        }
+
+        guard let enumerator = fileManager.enumerator(at: bundleDir, includingPropertiesForKeys: [.isDirectoryKey], options: [.skipsHiddenFiles]) else {
+            return
+        }
+
+        for case let fileURL as URL in enumerator {
+            let resourceValues = try? fileURL.resourceValues(forKeys: [.isDirectoryKey])
+            if resourceValues?.isDirectory == true {
+                continue
+            }
+
+            let checksum = CryptoCipher.calcChecksum(filePath: fileURL)
+            if checksum.isEmpty {
+                continue
+            }
+
+            let cacheFile = cacheFolder.appendingPathComponent("\(checksum)_\(fileURL.lastPathComponent)")
+            if fileManager.fileExists(atPath: cacheFile.path) {
+                continue
+            }
+
+            do {
+                try fileManager.copyItem(at: fileURL, to: cacheFile)
+            } catch {
+                logger.debug("Delta cache copy failed: \(fileURL.path)")
+            }
+        }
+    }
+
     private func createInfoObject() -> InfoObject {
         return InfoObject(
             platform: "ios",
@@ -526,10 +599,11 @@ import UIKit
 
             let finalFileHash = fileHash
             let fileNameWithoutPath = (fileName as NSString).lastPathComponent
-            let cacheFileName = "\(finalFileHash)_\(fileNameWithoutPath)"
-            let cacheFilePath = cacheFolder.appendingPathComponent(cacheFileName)
-
             let isBrotli = fileName.hasSuffix(".br")
+            let cacheBaseName = isBrotli ? String(fileNameWithoutPath.dropLast(3)) : fileNameWithoutPath
+            let cacheFilePath = cacheFolder.appendingPathComponent("\(finalFileHash)_\(cacheBaseName)")
+            let legacyCacheFilePath: URL? = isBrotli ? cacheFolder.appendingPathComponent("\(finalFileHash)_\(fileNameWithoutPath)") : nil
+
             let destFileName = isBrotli ? String(fileName.dropLast(3)) : fileName
             let destFilePath = destFolder.appendingPathComponent(destFileName)
             let builtinFilePath = builtinFolder.appendingPathComponent(fileName)
@@ -548,7 +622,9 @@ import UIKit
                         self.logger.info("downloadManifest \(fileName) using builtin file \(id)")
                     }
                     // Try cache
-                    else if self.tryCopyFromCache(from: cacheFilePath, to: destFilePath, expectedHash: finalFileHash) {
+                    else if
+                        self.tryCopyFromCache(from: cacheFilePath, to: destFilePath, expectedHash: finalFileHash) ||
+                            (legacyCacheFilePath != nil && self.tryCopyFromCache(from: legacyCacheFilePath!, to: destFilePath, expectedHash: finalFileHash)) {
                         self.logger.info("downloadManifest \(fileName) copy from cache \(id)")
                     }
                     // Download
@@ -962,6 +1038,7 @@ import UIKit
             CryptoCipher.logChecksumInfo(label: "Calculated bundle checksum", hexChecksum: checksum)
             logger.info("Downloading: 80% (unzipping)")
             try self.saveDownloaded(sourceZip: finalPath, id: id, base: self.libraryDir.appendingPathComponent(self.bundleDirectory), notify: true)
+            self.populateDeltaCacheAsync(for: id)
 
         } catch {
             logger.error("Failed to unzip file")
@@ -1306,7 +1383,7 @@ import UIKit
                 let fileName = url.lastPathComponent
                 // Only cleanup package_*.tmp and update_*.dat files
                 let isDownloadTemp = (fileName.hasPrefix("package_") && fileName.hasSuffix(".tmp")) ||
-                                     (fileName.hasPrefix("update_") && fileName.hasSuffix(".dat"))
+                    (fileName.hasPrefix("update_") && fileName.hasSuffix(".dat"))
                 if !isDownloadTemp {
                     continue
                 }
@@ -1667,21 +1744,70 @@ import UIKit
         guard !statsUrl.isEmpty else {
             return
         }
-        operationQueue.maxConcurrentOperationCount = 1
 
-        let versionName = versionName ?? getCurrentBundle().getVersionName()
+        let resolvedVersionName = versionName ?? getCurrentBundle().getVersionName()
+        let info = createInfoObject()
+
+        let event = StatsEvent(
+            platform: info.platform,
+            device_id: info.device_id,
+            app_id: info.app_id,
+            custom_id: info.custom_id,
+            version_build: info.version_build,
+            version_code: info.version_code,
+            version_os: info.version_os,
+            version_name: resolvedVersionName,
+            old_version_name: oldVersionName ?? "",
+            plugin_version: info.plugin_version,
+            is_emulator: info.is_emulator,
+            is_prod: info.is_prod,
+            action: action,
+            channel: info.channel,
+            defaultChannel: info.defaultChannel,
+            key_id: info.key_id,
+            timestamp: Int64(Date().timeIntervalSince1970 * 1000)
+        )
+
+        statsQueueLock.lock()
+        statsQueue.append(event)
+        statsQueueLock.unlock()
 
-        var parameters = createInfoObject()
-        parameters.action = action
-        parameters.version_name = versionName
-        parameters.old_version_name = oldVersionName ?? ""
+        ensureStatsTimerStarted()
+    }
+
+    private func ensureStatsTimerStarted() {
+        DispatchQueue.main.async { [weak self] in
+            guard let self = self else { return }
+            if self.statsFlushTimer == nil || !self.statsFlushTimer!.isValid {
+                // Use closure-based timer to avoid strong reference cycle
+                self.statsFlushTimer = Timer.scheduledTimer(
+                    withTimeInterval: CapgoUpdater.statsFlushInterval,
+                    repeats: true
+                ) { [weak self] _ in
+                    self?.flushStatsQueue()
+                }
+            }
+        }
+    }
+
+    private func flushStatsQueue() {
+        statsQueueLock.lock()
+        guard !statsQueue.isEmpty else {
+            statsQueueLock.unlock()
+            return
+        }
+        let eventsToSend = statsQueue
+        statsQueue.removeAll()
+        statsQueueLock.unlock()
+
+        operationQueue.maxConcurrentOperationCount = 1
 
         let operation = BlockOperation {
             let semaphore = DispatchSemaphore(value: 0)
             self.alamofireSession.request(
                 self.statsUrl,
                 method: .post,
-                parameters: parameters,
+                parameters: eventsToSend,
                 encoder: JSONParameterEncoder.default,
                 requestModifier: { $0.timeoutInterval = self.timeout }
             ).responseData { response in
@@ -1693,10 +1819,10 @@ import UIKit
 
                 switch response.result {
                 case .success:
-                    self.logger.info("Stats sent successfully")
-                    self.logger.debug("Action: \(action), Version: \(versionName)")
+                    self.logger.info("Stats batch sent successfully")
+                    self.logger.debug("Sent \(eventsToSend.count) events")
                 case let .failure(error):
-                    self.logger.error("Error sending stats")
+                    self.logger.error("Error sending stats batch")
                     self.logger.debug("Response: \(response.value?.debugDescription ?? "nil"), Error: \(error.localizedDescription)")
                 }
                 semaphore.signal()
@@ -1704,7 +1830,6 @@ import UIKit
             semaphore.wait()
         }
         operationQueue.addOperation(operation)
-
     }
 
     public func getBundleInfo(id: String?) -> BundleInfo {

package/ios/Sources/CapacitorUpdaterPlugin/CryptoCipher.swift

@@ -63,13 +63,21 @@ public struct CryptoCipher {
                 detectedFormat = "base64"
             }
             // swiftlint:disable:next line_length
-            logger.debug("Received encrypted checksum format: \(detectedFormat) (length: \(checksum.count) chars, \(checksumBytes.count) bytes)")
+            logger.debug("Received checksum format: \(detectedFormat) (length: \(checksum.count) chars, \(checksumBytes.count) bytes)")
 
             if checksumBytes.isEmpty {
                 logger.error("Decoded checksum is empty")
                 throw CustomError.cannotDecode
             }
 
+            // RSA-2048 encrypted data must be exactly 256 bytes
+            // If the checksum is not 256 bytes, the bundle was not encrypted properly
+            if checksumBytes.count != 256 {
+                // swiftlint:disable:next line_length
+                logger.error("Checksum is not RSA encrypted (size: \(checksumBytes.count) bytes, expected 256 for RSA-2048). Bundle must be uploaded with encryption when public key is configured.")
+                throw CustomError.cannotDecode
+            }
+
             guard let rsaPublicKey = RSAPublicKey.load(rsaPublicKey: publicKey) else {
                 logger.error("The public key is not a valid RSA Public key")
                 throw CustomError.cannotDecode

package/ios/Sources/CapacitorUpdaterPlugin/InternalUtils.swift

@@ -135,6 +135,28 @@ struct InfoObject: Codable {
 }
 // swiftlint:enable identifier_name
 
+// swiftlint:disable identifier_name
+struct StatsEvent: Codable {
+    let platform: String?
+    let device_id: String?
+    let app_id: String?
+    let custom_id: String?
+    let version_build: String?
+    let version_code: String?
+    let version_os: String?
+    let version_name: String?
+    let old_version_name: String?
+    let plugin_version: String?
+    let is_emulator: Bool?
+    let is_prod: Bool?
+    let action: String?
+    let channel: String?
+    let defaultChannel: String?
+    let key_id: String?
+    let timestamp: Int64
+}
+// swiftlint:enable identifier_name
+
 // swiftlint:disable identifier_name
 public struct ManifestEntry: Codable {
     let file_name: String?

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-updater",
-  "version": "7.41.1",
+  "version": "7.42.3",
   "license": "MPL-2.0",
   "description": "Live update for capacitor apps",
   "main": "dist/plugin.cjs.js",