@hot-updater/react-native 0.22.2 → 0.23.0

package/lib/typescript/commonjs/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,KAAK,EAAE,KAAK,CAAC;CACd;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAgBpE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,GACf,4BAA4B,CAS9B"}

package/lib/typescript/module/index.d.ts

@@ -3,6 +3,7 @@ import { updateBundle } from "./native";
 import { wrap } from "./wrap";
 export type { HotUpdaterEvent } from "./native";
 export * from "./store";
+export { extractSignatureFailure, isSignatureVerificationError, type SignatureVerificationFailure, } from "./types";
 export type { HotUpdaterOptions } from "./wrap";
 export declare const HotUpdater: {
     /**

package/lib/typescript/module/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAQL,YAAY,EACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAChD,cAAc,SAAS,CAAC;AACxB,YAAY,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAQhD,eAAO,MAAM,UAAU;IACrB;;;;;;;;;;;;;;;;;;;;;OAqBG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;OAYG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;;IAEH;;;;;;;;;;OAUG;;CAEJ,CAAC;AAEF,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAQL,YAAY,EACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAChD,cAAc,SAAS,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,KAAK,4BAA4B,GAClC,MAAM,SAAS,CAAC;AACjB,YAAY,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAQhD,eAAO,MAAM,UAAU;IACrB;;;;;;;;;;;;;;;;;;;;;OAqBG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;OAYG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;;IAEH;;;;;;;;;;OAUG;;CAEJ,CAAC;AAEF,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC"}

package/lib/typescript/module/specs/NativeHotUpdater.d.ts

@@ -3,8 +3,13 @@ export interface UpdateBundleParams {
     bundleId: string;
     fileUrl: string | null;
     /**
-     * SHA256 hash of the bundle file for integrity verification.
-     * If provided, the native layer will verify the downloaded file's hash.
+     * File hash for integrity/signature verification.
+     *
+     * Format depends on signing configuration:
+     * - Signed: `sig:<base64_signature>` - Native will verify signature (and implicitly hash)
+     * - Unsigned: `<hex_hash>` - Native will verify SHA256 hash only
+     *
+     * Native determines verification mode by checking for "sig:" prefix.
      */
     fileHash: string | null;
 }

package/lib/typescript/module/specs/NativeHotUpdater.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NativeHotUpdater.d.ts","sourceRoot":"","sources":["../../../../src/specs/NativeHotUpdater.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;OAGG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,IAAK,SAAQ,WAAW;IAEvC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,YAAY,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAG3D,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,QAAQ,CAAC,YAAY,EAAE,MAAM;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;KACjC,CAAC;CACH;;AAED,wBAAoE"}
+{"version":3,"file":"NativeHotUpdater.d.ts","sourceRoot":"","sources":["../../../../src/specs/NativeHotUpdater.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;;;;;;OAQG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,IAAK,SAAQ,WAAW;IAEvC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,YAAY,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAG3D,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,QAAQ,CAAC,YAAY,EAAE,MAAM;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;KACjC,CAAC;CACH;;AAED,wBAAoE"}

package/lib/typescript/module/types.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Information about a signature verification failure.
+ * This is a security-critical event that indicates the bundle
+ * may have been tampered with or the public key is misconfigured.
+ */
+export interface SignatureVerificationFailure {
+    /**
+     * The bundle ID that failed verification.
+     */
+    bundleId: string;
+    /**
+     * Human-readable error message from the native layer.
+     */
+    message: string;
+    /**
+     * The underlying error object.
+     */
+    error: Error;
+}
+/**
+ * Checks if an error is a signature verification failure.
+ * Matches error messages from both iOS and Android native implementations.
+ *
+ * **IMPORTANT**: This function relies on specific error message patterns from native code.
+ * If you change the error messages in the native implementations, update these patterns:
+ * - iOS: `ios/HotUpdater/Internal/SignatureVerifier.swift` (SignatureVerificationError)
+ * - Android: `android/src/main/java/com/hotupdater/SignatureVerifier.kt` (SignatureVerificationException)
+ */
+export declare function isSignatureVerificationError(error: unknown): boolean;
+/**
+ * Extracts signature verification failure details from an error.
+ */
+export declare function extractSignatureFailure(error: unknown, bundleId: string): SignatureVerificationFailure;
+//# sourceMappingURL=types.d.ts.map

package/lib/typescript/module/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,KAAK,EAAE,KAAK,CAAC;CACd;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAgBpE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,GACf,4BAA4B,CAS9B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hot-updater/react-native",
-  "version": "0.22.2",
+  "version": "0.23.0",
   "description": "React Native OTA solution for self-hosted",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -119,14 +119,14 @@
     "react-native": "0.79.1",
     "react-native-builder-bob": "^0.40.10",
     "typescript": "^5.8.3",
-    "hot-updater": "0.22.2"
+    "hot-updater": "0.23.0"
   },
   "dependencies": {
     "use-sync-external-store": "1.5.0",
-    "@hot-updater/core": "0.22.2",
-    "@hot-updater/js": "0.22.2",
-    "@hot-updater/plugin-core": "0.22.2",
-    "@hot-updater/cli-tools": "0.22.2"
+    "@hot-updater/cli-tools": "0.23.0",
+    "@hot-updater/plugin-core": "0.23.0",
+    "@hot-updater/js": "0.23.0",
+    "@hot-updater/core": "0.23.0"
   },
   "scripts": {
     "build": "bob build && tsc -p plugin/tsconfig.build.json",

package/src/checkForUpdate.ts

@@ -81,7 +81,7 @@ export async function checkForUpdate(
         return updateBundle({
           bundleId: updateInfo.id,
           fileUrl: updateInfo.fileUrl,
-          fileHash: updateInfo?.fileHash ?? null,
+          fileHash: updateInfo.fileHash,
           status: updateInfo.status,
         });
       },

package/src/index.ts

@@ -15,6 +15,11 @@ import { wrap } from "./wrap";
 
 export type { HotUpdaterEvent } from "./native";
 export * from "./store";
+export {
+  extractSignatureFailure,
+  isSignatureVerificationError,
+  type SignatureVerificationFailure,
+} from "./types";
 export type { HotUpdaterOptions } from "./wrap";
 
 addListener("onProgress", ({ progress }) => {

package/src/specs/NativeHotUpdater.ts

@@ -5,8 +5,13 @@ export interface UpdateBundleParams {
   bundleId: string;
   fileUrl: string | null;
   /**
-   * SHA256 hash of the bundle file for integrity verification.
-   * If provided, the native layer will verify the downloaded file's hash.
+   * File hash for integrity/signature verification.
+   *
+   * Format depends on signing configuration:
+   * - Signed: `sig:<base64_signature>` - Native will verify signature (and implicitly hash)
+   * - Unsigned: `<hex_hash>` - Native will verify SHA256 hash only
+   *
+   * Native determines verification mode by checking for "sig:" prefix.
    */
   fileHash: string | null;
 }

package/src/types.ts

@@ -0,0 +1,63 @@
+/**
+ * Information about a signature verification failure.
+ * This is a security-critical event that indicates the bundle
+ * may have been tampered with or the public key is misconfigured.
+ */
+export interface SignatureVerificationFailure {
+  /**
+   * The bundle ID that failed verification.
+   */
+  bundleId: string;
+  /**
+   * Human-readable error message from the native layer.
+   */
+  message: string;
+  /**
+   * The underlying error object.
+   */
+  error: Error;
+}
+
+/**
+ * Checks if an error is a signature verification failure.
+ * Matches error messages from both iOS and Android native implementations.
+ *
+ * **IMPORTANT**: This function relies on specific error message patterns from native code.
+ * If you change the error messages in the native implementations, update these patterns:
+ * - iOS: `ios/HotUpdater/Internal/SignatureVerifier.swift` (SignatureVerificationError)
+ * - Android: `android/src/main/java/com/hotupdater/SignatureVerifier.kt` (SignatureVerificationException)
+ */
+export function isSignatureVerificationError(error: unknown): boolean {
+  if (!(error instanceof Error)) {
+    return false;
+  }
+
+  const message = error.message.toLowerCase();
+
+  // Match iOS SignatureVerificationError messages
+  // Match Android SignatureVerificationException messages
+  return (
+    message.includes("signature verification") ||
+    message.includes("public key not configured") ||
+    message.includes("public key format is invalid") ||
+    message.includes("signature format is invalid") ||
+    message.includes("bundle may be corrupted or tampered")
+  );
+}
+
+/**
+ * Extracts signature verification failure details from an error.
+ */
+export function extractSignatureFailure(
+  error: unknown,
+  bundleId: string,
+): SignatureVerificationFailure {
+  const normalizedError =
+    error instanceof Error ? error : new Error(String(error));
+
+  return {
+    bundleId,
+    message: normalizedError.message,
+    error: normalizedError,
+  };
+}