npm - @hot-updater/react-native - Versions diffs - 0.25.1 → 0.25.3 - Mend

@hot-updater/react-native 0.25.1 → 0.25.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +6 -6
package/plugin/build/withHotUpdater.js +60 -10

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hot-updater/react-native",
-  "version": "0.25.1",
+  "version": "0.25.3",
   "description": "React Native OTA solution for self-hosted",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -120,14 +120,14 @@
     "react-native": "0.79.1",
     "react-native-builder-bob": "^0.40.10",
     "typescript": "^5.8.3",
-    "hot-updater": "0.25.1"
+    "hot-updater": "0.25.3"
   },
   "dependencies": {
     "use-sync-external-store": "1.5.0",
-    "@hot-updater/cli-tools": "0.25.1",
-    "@hot-updater/js": "0.25.1",
-    "@hot-updater/core": "0.25.1",
-    "@hot-updater/plugin-core": "0.25.1"
+    "@hot-updater/cli-tools": "0.25.3",
+    "@hot-updater/core": "0.25.3",
+    "@hot-updater/js": "0.25.3",
+    "@hot-updater/plugin-core": "0.25.3"
   },
   "scripts": {
     "build": "bob build && tsc -p plugin/tsconfig.build.json",

package/plugin/build/withHotUpdater.js CHANGED Viewed

@@ -39,6 +39,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+var promises_1 = require("node:fs/promises");
 var cli_tools_1 = require("@hot-updater/cli-tools");
 var config_plugins_1 = require("expo/config-plugins");
 var hot_updater_1 = require("hot-updater");
@@ -64,32 +65,81 @@ var getFingerprint = function () { return __awaiter(void 0, void 0, void 0, func
     });
 }); };
 /**
- * Extract public key from private key in signing config
+ * Extract public key for embedding in native configs.
+ * Supports multiple sources with priority order:
+ * 1. HOT_UPDATER_PRIVATE_KEY environment variable
+ * 2. Private key file (extract public key)
+ * 3. Public key file (derived from privateKeyPath)
+ * 4. Skip with warning (graceful fallback)
  */
 var getPublicKeyFromConfig = function (signingConfig) { return __awaiter(void 0, void 0, void 0, function () {
-    var privateKeyPath, privateKeyPEM, publicKeyPEM, error_1;
+    var envPrivateKey, publicKeyPEM, privateKeyPath, publicKeyPath, privateKeyPEM, publicKeyPEM, _privateKeyError_1, publicKeyPEM, _publicKeyError_1;
     return __generator(this, function (_a) {
         switch (_a.label) {
             case 0:
-                if (!(signingConfig === null || signingConfig === void 0 ? void 0 : signingConfig.enabled) || !(signingConfig === null || signingConfig === void 0 ? void 0 : signingConfig.privateKeyPath)) {
+                // If signing not enabled, no public key needed
+                if (!(signingConfig === null || signingConfig === void 0 ? void 0 : signingConfig.enabled)) {
+                    return [2 /*return*/, null];
+                }
+                envPrivateKey = process.env.HOT_UPDATER_PRIVATE_KEY;
+                if (envPrivateKey) {
+                    try {
+                        publicKeyPEM = (0, hot_updater_1.getPublicKeyFromPrivate)(envPrivateKey);
+                        console.log("[hot-updater] Using public key extracted from HOT_UPDATER_PRIVATE_KEY environment variable");
+                        return [2 /*return*/, publicKeyPEM.trim()];
+                    }
+                    catch (error) {
+                        console.warn("[hot-updater] WARNING: Failed to extract public key from HOT_UPDATER_PRIVATE_KEY:\n" +
+                            "".concat(error instanceof Error ? error.message : String(error), "\n"));
+                        // Continue to try other methods
+                    }
+                }
+                // If no privateKeyPath configured, can't proceed with file-based methods
+                if (!signingConfig.privateKeyPath) {
+                    console.warn("[hot-updater] WARNING: signing.enabled is true but no privateKeyPath configured.\n" +
+                        "Public key will not be embedded. Set HOT_UPDATER_PRIVATE_KEY environment variable or configure privateKeyPath.");
                     return [2 /*return*/, null];
                 }
-                _a.label = 1;
-            case 1:
-                _a.trys.push([1, 3, , 4]);
                 privateKeyPath = path_1.default.isAbsolute(signingConfig.privateKeyPath)
                     ? signingConfig.privateKeyPath
                     : path_1.default.resolve(process.cwd(), signingConfig.privateKeyPath);
+                publicKeyPath = privateKeyPath.replace(/private-key\.pem$/, "public-key.pem");
+                _a.label = 1;
+            case 1:
+                _a.trys.push([1, 3, , 8]);
                 return [4 /*yield*/, (0, hot_updater_1.loadPrivateKey)(privateKeyPath)];
             case 2:
                 privateKeyPEM = _a.sent();
                 publicKeyPEM = (0, hot_updater_1.getPublicKeyFromPrivate)(privateKeyPEM);
+                console.log("[hot-updater] Extracted public key from ".concat(privateKeyPath));
                 return [2 /*return*/, publicKeyPEM.trim()];
             case 3:
-                error_1 = _a.sent();
-                throw new Error("[hot-updater] Failed to extract public key: ".concat(error_1 instanceof Error ? error_1.message : String(error_1), "\n") +
-                    "Run 'npx hot-updater keys generate' to create signing keys");
-            case 4: return [2 /*return*/];
+                _privateKeyError_1 = _a.sent();
+                _a.label = 4;
+            case 4:
+                _a.trys.push([4, 6, , 7]);
+                return [4 /*yield*/, (0, promises_1.readFile)(publicKeyPath, "utf-8")];
+            case 5:
+                publicKeyPEM = _a.sent();
+                console.log("[hot-updater] Using public key from ".concat(publicKeyPath));
+                return [2 /*return*/, publicKeyPEM.trim()];
+            case 6:
+                _publicKeyError_1 = _a.sent();
+                // Priority 4: All sources failed - throw error
+                throw new Error("[hot-updater] Failed to load public key for bundle signing.\n\n" +
+                    "Signing is enabled (signing.enabled: true) but no public key sources found.\n\n" +
+                    "For EAS builds, use EAS Secrets:\n" +
+                    '  eas env:create --name HOT_UPDATER_PRIVATE_KEY --value "$(cat keys/private-key.pem)"\n\n' +
+                    "Or add to eas.json:\n" +
+                    '  "env": { "HOT_UPDATER_PRIVATE_KEY": "-----BEGIN PRIVATE KEY-----\\n..." }\n\n' +
+                    "For local development:\n" +
+                    "  npx hot-updater keys generate\n\n" +
+                    "Searched locations:\n" +
+                    "  - HOT_UPDATER_PRIVATE_KEY environment variable\n" +
+                    "  - Private key file: ".concat(privateKeyPath, "\n") +
+                    "  - Public key file: ".concat(publicKeyPath, "\n"));
+            case 7: return [3 /*break*/, 8];
+            case 8: return [2 /*return*/];
         }
     });
 }); };