@hot-updater/react-native 0.22.2 → 0.23.1

package/lib/typescript/commonjs/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,KAAK,EAAE,KAAK,CAAC;CACd;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAgBpE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,GACf,4BAA4B,CAS9B"}

package/lib/typescript/module/index.d.ts

@@ -3,6 +3,7 @@ import { updateBundle } from "./native";
 import { wrap } from "./wrap";
 export type { HotUpdaterEvent } from "./native";
 export * from "./store";
+export { extractSignatureFailure, isSignatureVerificationError, type SignatureVerificationFailure, } from "./types";
 export type { HotUpdaterOptions } from "./wrap";
 export declare const HotUpdater: {
     /**

package/lib/typescript/module/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAQL,YAAY,EACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAChD,cAAc,SAAS,CAAC;AACxB,YAAY,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAQhD,eAAO,MAAM,UAAU;IACrB;;;;;;;;;;;;;;;;;;;;;OAqBG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;OAYG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;;IAEH;;;;;;;;;;OAUG;;CAEJ,CAAC;AAEF,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAQL,YAAY,EACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAE9B,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAChD,cAAc,SAAS,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,KAAK,4BAA4B,GAClC,MAAM,SAAS,CAAC;AACjB,YAAY,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAQhD,eAAO,MAAM,UAAU;IACrB;;;;;;;;;;;;;;;;;;;;;OAqBG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;;;;;;;;;OAYG;;IAEH;;;;;;;;;;;;;;;;OAgBG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;;IAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;;IAEH;;;;;;;;;;OAUG;;CAEJ,CAAC;AAEF,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC"}

package/lib/typescript/module/specs/NativeHotUpdater.d.ts

@@ -3,8 +3,13 @@ export interface UpdateBundleParams {
     bundleId: string;
     fileUrl: string | null;
     /**
-     * SHA256 hash of the bundle file for integrity verification.
-     * If provided, the native layer will verify the downloaded file's hash.
+     * File hash for integrity/signature verification.
+     *
+     * Format depends on signing configuration:
+     * - Signed: `sig:<base64_signature>` - Native will verify signature (and implicitly hash)
+     * - Unsigned: `<hex_hash>` - Native will verify SHA256 hash only
+     *
+     * Native determines verification mode by checking for "sig:" prefix.
      */
     fileHash: string | null;
 }

package/lib/typescript/module/specs/NativeHotUpdater.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NativeHotUpdater.d.ts","sourceRoot":"","sources":["../../../../src/specs/NativeHotUpdater.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;OAGG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,IAAK,SAAQ,WAAW;IAEvC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,YAAY,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAG3D,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,QAAQ,CAAC,YAAY,EAAE,MAAM;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;KACjC,CAAC;CACH;;AAED,wBAAoE"}
+{"version":3,"file":"NativeHotUpdater.d.ts","sourceRoot":"","sources":["../../../../src/specs/NativeHotUpdater.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGhD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;;;;;;OAQG;IACH,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,IAAK,SAAQ,WAAW;IAEvC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,YAAY,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAG3D,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,QAAQ,CAAC,YAAY,EAAE,MAAM;QAC3B,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,OAAO,EAAE,MAAM,CAAC;QAChB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;KACjC,CAAC;CACH;;AAED,wBAAoE"}

package/lib/typescript/module/types.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Information about a signature verification failure.
+ * This is a security-critical event that indicates the bundle
+ * may have been tampered with or the public key is misconfigured.
+ */
+export interface SignatureVerificationFailure {
+    /**
+     * The bundle ID that failed verification.
+     */
+    bundleId: string;
+    /**
+     * Human-readable error message from the native layer.
+     */
+    message: string;
+    /**
+     * The underlying error object.
+     */
+    error: Error;
+}
+/**
+ * Checks if an error is a signature verification failure.
+ * Matches error messages from both iOS and Android native implementations.
+ *
+ * **IMPORTANT**: This function relies on specific error message patterns from native code.
+ * If you change the error messages in the native implementations, update these patterns:
+ * - iOS: `ios/HotUpdater/Internal/SignatureVerifier.swift` (SignatureVerificationError)
+ * - Android: `android/src/main/java/com/hotupdater/SignatureVerifier.kt` (SignatureVerificationException)
+ */
+export declare function isSignatureVerificationError(error: unknown): boolean;
+/**
+ * Extracts signature verification failure details from an error.
+ */
+export declare function extractSignatureFailure(error: unknown, bundleId: string): SignatureVerificationFailure;
+//# sourceMappingURL=types.d.ts.map

package/lib/typescript/module/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,4BAA4B;IAC3C;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,KAAK,EAAE,KAAK,CAAC;CACd;AAED;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAgBpE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,GACf,4BAA4B,CAS9B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hot-updater/react-native",
-  "version": "0.22.2",
+  "version": "0.23.1",
   "description": "React Native OTA solution for self-hosted",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -111,6 +111,7 @@
   },
   "devDependencies": {
     "@react-native-community/cli": "18.0.0",
+    "@types/node": "^22.10.5",
     "@types/react": "19.1.3",
     "@types/use-sync-external-store": "^0.0.6",
     "del-cli": "^6.0.0",
@@ -119,14 +120,14 @@
     "react-native": "0.79.1",
     "react-native-builder-bob": "^0.40.10",
     "typescript": "^5.8.3",
-    "hot-updater": "0.22.2"
+    "hot-updater": "0.23.1"
   },
   "dependencies": {
     "use-sync-external-store": "1.5.0",
-    "@hot-updater/core": "0.22.2",
-    "@hot-updater/js": "0.22.2",
-    "@hot-updater/plugin-core": "0.22.2",
-    "@hot-updater/cli-tools": "0.22.2"
+    "@hot-updater/cli-tools": "0.23.1",
+    "@hot-updater/core": "0.23.1",
+    "@hot-updater/js": "0.23.1",
+    "@hot-updater/plugin-core": "0.23.1"
   },
   "scripts": {
     "build": "bob build && tsc -p plugin/tsconfig.build.json",

package/plugin/build/withHotUpdater.js

@@ -39,6 +39,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+var node_path_1 = __importDefault(require("node:path"));
 var cli_tools_1 = require("@hot-updater/cli-tools");
 var config_plugins_1 = require("expo/config-plugins");
 var hot_updater_1 = require("hot-updater");
@@ -62,6 +63,36 @@ var getFingerprint = function () { return __awaiter(void 0, void 0, void 0, func
         }
     });
 }); };
+/**
+ * Extract public key from private key in signing config
+ */
+var getPublicKeyFromConfig = function (signingConfig) { return __awaiter(void 0, void 0, void 0, function () {
+    var privateKeyPath, privateKeyPEM, publicKeyPEM, error_1;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                if (!(signingConfig === null || signingConfig === void 0 ? void 0 : signingConfig.enabled) || !(signingConfig === null || signingConfig === void 0 ? void 0 : signingConfig.privateKeyPath)) {
+                    return [2 /*return*/, null];
+                }
+                _a.label = 1;
+            case 1:
+                _a.trys.push([1, 3, , 4]);
+                privateKeyPath = node_path_1.default.isAbsolute(signingConfig.privateKeyPath)
+                    ? signingConfig.privateKeyPath
+                    : node_path_1.default.resolve(process.cwd(), signingConfig.privateKeyPath);
+                return [4 /*yield*/, (0, hot_updater_1.loadPrivateKey)(privateKeyPath)];
+            case 2:
+                privateKeyPEM = _a.sent();
+                publicKeyPEM = (0, hot_updater_1.getPublicKeyFromPrivate)(privateKeyPEM);
+                return [2 /*return*/, publicKeyPEM.trim()];
+            case 3:
+                error_1 = _a.sent();
+                throw new Error("[hot-updater] Failed to extract public key: ".concat(error_1 instanceof Error ? error_1.message : String(error_1), "\n") +
+                    "Run 'npx hot-updater keys generate' to create signing keys");
+            case 4: return [2 /*return*/];
+        }
+    });
+}); };
 /**
  * Native code modifications - should only run once
  */
@@ -91,7 +122,7 @@ var withHotUpdaterConfigAsync = function (props) { return function (config) {
     var modifiedConfig = config;
     // === iOS: Add channel and fingerprint to Info.plist ===
     modifiedConfig = (0, config_plugins_1.withInfoPlist)(modifiedConfig, function (cfg) { return __awaiter(void 0, void 0, void 0, function () {
-        var fingerprintHash, config, fingerprint;
+        var fingerprintHash, config, fingerprint, publicKey;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -105,18 +136,23 @@ var withHotUpdaterConfigAsync = function (props) { return function (config) {
                     fingerprint = _a.sent();
                     fingerprintHash = fingerprint.ios.hash;
                     _a.label = 3;
-                case 3:
+                case 3: return [4 /*yield*/, getPublicKeyFromConfig(config.signing)];
+                case 4:
+                    publicKey = _a.sent();
                     cfg.modResults.HOT_UPDATER_CHANNEL = channel;
                     if (fingerprintHash) {
                         cfg.modResults.HOT_UPDATER_FINGERPRINT_HASH = fingerprintHash;
                     }
+                    if (publicKey) {
+                        cfg.modResults.HOT_UPDATER_PUBLIC_KEY = publicKey;
+                    }
                     return [2 /*return*/, cfg];
             }
         });
     }); });
     // === Android: Add channel and fingerprint to strings.xml ===
     modifiedConfig = (0, config_plugins_1.withStringsXml)(modifiedConfig, function (cfg) { return __awaiter(void 0, void 0, void 0, function () {
-        var fingerprintHash, config, fingerprint;
+        var fingerprintHash, config, fingerprint, publicKey;
         return __generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
@@ -130,7 +166,9 @@ var withHotUpdaterConfigAsync = function (props) { return function (config) {
                     fingerprint = _a.sent();
                     fingerprintHash = fingerprint.android.hash;
                     _a.label = 3;
-                case 3:
+                case 3: return [4 /*yield*/, getPublicKeyFromConfig(config.signing)];
+                case 4:
+                    publicKey = _a.sent();
                     // Ensure resources object exists
                     if (!cfg.modResults.resources) {
                         cfg.modResults.resources = {};
@@ -163,6 +201,19 @@ var withHotUpdaterConfigAsync = function (props) { return function (config) {
                             _: fingerprintHash,
                         });
                     }
+                    if (publicKey) {
+                        // Remove existing hot_updater_public_key entry if it exists
+                        cfg.modResults.resources.string =
+                            cfg.modResults.resources.string.filter(function (item) { return !(item.$ && item.$.name === "hot_updater_public_key"); });
+                        // Add the new hot_updater_public_key entry
+                        cfg.modResults.resources.string.push({
+                            $: {
+                                name: "hot_updater_public_key",
+                                moduleConfig: "true",
+                            },
+                            _: publicKey,
+                        });
+                    }
                     return [2 /*return*/, cfg];
             }
         });

package/src/checkForUpdate.ts

@@ -81,7 +81,7 @@ export async function checkForUpdate(
         return updateBundle({
           bundleId: updateInfo.id,
           fileUrl: updateInfo.fileUrl,
-          fileHash: updateInfo?.fileHash ?? null,
+          fileHash: updateInfo.fileHash,
           status: updateInfo.status,
         });
       },

package/src/index.ts

@@ -15,6 +15,11 @@ import { wrap } from "./wrap";
 
 export type { HotUpdaterEvent } from "./native";
 export * from "./store";
+export {
+  extractSignatureFailure,
+  isSignatureVerificationError,
+  type SignatureVerificationFailure,
+} from "./types";
 export type { HotUpdaterOptions } from "./wrap";
 
 addListener("onProgress", ({ progress }) => {

package/src/specs/NativeHotUpdater.ts

@@ -5,8 +5,13 @@ export interface UpdateBundleParams {
   bundleId: string;
   fileUrl: string | null;
   /**
-   * SHA256 hash of the bundle file for integrity verification.
-   * If provided, the native layer will verify the downloaded file's hash.
+   * File hash for integrity/signature verification.
+   *
+   * Format depends on signing configuration:
+   * - Signed: `sig:<base64_signature>` - Native will verify signature (and implicitly hash)
+   * - Unsigned: `<hex_hash>` - Native will verify SHA256 hash only
+   *
+   * Native determines verification mode by checking for "sig:" prefix.
    */
   fileHash: string | null;
 }

package/src/types.ts

@@ -0,0 +1,63 @@
+/**
+ * Information about a signature verification failure.
+ * This is a security-critical event that indicates the bundle
+ * may have been tampered with or the public key is misconfigured.
+ */
+export interface SignatureVerificationFailure {
+  /**
+   * The bundle ID that failed verification.
+   */
+  bundleId: string;
+  /**
+   * Human-readable error message from the native layer.
+   */
+  message: string;
+  /**
+   * The underlying error object.
+   */
+  error: Error;
+}
+
+/**
+ * Checks if an error is a signature verification failure.
+ * Matches error messages from both iOS and Android native implementations.
+ *
+ * **IMPORTANT**: This function relies on specific error message patterns from native code.
+ * If you change the error messages in the native implementations, update these patterns:
+ * - iOS: `ios/HotUpdater/Internal/SignatureVerifier.swift` (SignatureVerificationError)
+ * - Android: `android/src/main/java/com/hotupdater/SignatureVerifier.kt` (SignatureVerificationException)
+ */
+export function isSignatureVerificationError(error: unknown): boolean {
+  if (!(error instanceof Error)) {
+    return false;
+  }
+
+  const message = error.message.toLowerCase();
+
+  // Match iOS SignatureVerificationError messages
+  // Match Android SignatureVerificationException messages
+  return (
+    message.includes("signature verification") ||
+    message.includes("public key not configured") ||
+    message.includes("public key format is invalid") ||
+    message.includes("signature format is invalid") ||
+    message.includes("bundle may be corrupted or tampered")
+  );
+}
+
+/**
+ * Extracts signature verification failure details from an error.
+ */
+export function extractSignatureFailure(
+  error: unknown,
+  bundleId: string,
+): SignatureVerificationFailure {
+  const normalizedError =
+    error instanceof Error ? error : new Error(String(error));
+
+  return {
+    bundleId,
+    message: normalizedError.message,
+    error: normalizedError,
+  };
+}