electron-incremental-update 0.5.1 → 0.6.0

package/dist/index.mjs

@@ -1,24 +1,33 @@
 import {
   __require,
   verify
-} from "./chunk-OBERMV66.mjs";
+} from "./chunk-VADH6AZA.mjs";
 
 // src/index.ts
-import { resolve } from "node:path";
+import { resolve as resolve2 } from "node:path";
 import { app as app3 } from "electron";
 
 // src/updater/index.ts
 import { EventEmitter } from "node:events";
+import { Buffer as Buffer2 } from "node:buffer";
 import { createGunzip } from "node:zlib";
-import { createReadStream, createWriteStream, existsSync } from "node:fs";
-import { rm, writeFile } from "node:fs/promises";
+import { createReadStream, createWriteStream, existsSync, rmSync } from "node:fs";
+import { readFile, rename, rm, writeFile } from "node:fs/promises";
+import { resolve } from "node:path";
 import { app as app2 } from "electron";
 
 // src/updater/defaultFunctions.ts
 import { Buffer } from "node:buffer";
 import https from "node:https";
+
+// src/updater/types.ts
+function isUpdateJSON(json) {
+  return "signature" in json && "version" in json && "size" in json;
+}
+
+// src/updater/defaultFunctions.ts
 function downloadJSONDefault(url, updater, headers) {
-  return new Promise((resolve2, reject) => {
+  return new Promise((resolve3, reject) => {
     https.get(url, (res) => {
       let data = "";
       res.setEncoding("utf8");
@@ -27,8 +36,8 @@ function downloadJSONDefault(url, updater, headers) {
       res.on("end", () => {
         try {
           const json = JSON.parse(data);
-          if ("signature" in json && "version" in json && "size" in json) {
-            resolve2(json);
+          if (isUpdateJSON(json)) {
+            resolve3(json);
           } else {
             throw Error;
           }
@@ -43,7 +52,7 @@ function downloadJSONDefault(url, updater, headers) {
 }
 function downloadBufferDefault(url, updater, headers) {
   let progress = 0;
-  return new Promise((resolve2, reject) => {
+  return new Promise((resolve3, reject) => {
     https.get(url, (res) => {
       let data = [];
       res.headers = headers;
@@ -53,7 +62,7 @@ function downloadBufferDefault(url, updater, headers) {
         data.push(chunk);
       });
       res.on("end", () => {
-        resolve2(Buffer.concat(data));
+        resolve3(Buffer.concat(data));
       });
     }).on("error", (e) => {
       reject(e);
@@ -87,14 +96,14 @@ function compareVersionDefault(oldVersion, newVersion) {
 import { readFileSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { app } from "electron";
-function getAppAsarPath(name) {
+function getProductAsarPath(name) {
   return app.isPackaged ? join(dirname(app.getAppPath()), `${name}.asar`) : "dev";
 }
 function getEntryVersion() {
   return app.getVersion();
 }
-function getAppVersion(name) {
-  return app.isPackaged ? readFileSync(join(getAppAsarPath(name), "version"), "utf-8") : getEntryVersion();
+function getProductVersion(name) {
+  return app.isPackaged ? readFileSync(join(getProductAsarPath(name), "version"), "utf-8") : getEntryVersion();
 }
 function requireNative(packageName) {
   const path = app.isPackaged ? join(app.getAppPath(), "node_modules", packageName) : packageName;
@@ -134,7 +143,7 @@ function restartApp() {
 
 // src/updater/index.ts
 function createUpdater({
-  SIGNATURE_PUB,
+  SIGNATURE_CERT,
   repository,
   productName,
   releaseAsarURL: _release,
@@ -145,94 +154,103 @@ function createUpdater({
 }) {
   const updater = new EventEmitter();
   let signature = "";
-  let version = "";
-  const gzipPath = `../${productName}.asar.gz`;
-  const tmpFile = gzipPath.replace(".asar.gz", ".tmp.gz");
+  const asarPath = getProductAsarPath(productName);
+  const gzipPath = `${asarPath}.gz`;
+  const tmpFilePath = gzipPath.replace(".asar.gz", ".tmp.asar");
   const { downloadBuffer, downloadJSON, extraHeader, userAgent } = downloadConfig || {};
   function log(msg) {
     debug && updater.emit("debug", msg);
   }
-  async function download(url, format) {
-    const ua = userAgent || "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36";
-    const headers = {
-      Accept: `application/${format === "json" ? "json" : "octet-stream"}`,
-      UserAgent: ua,
-      ...extraHeader
-    };
-    log(`download headers: ${JSON.stringify(headers, null, 2)}`);
-    const downloadFn = format === "json" ? downloadJSON ?? downloadJSONDefault : downloadBuffer ?? downloadBufferDefault;
-    log(`download ${format} from ${url}`);
-    const ret = await downloadFn(url, updater, headers);
-    log(`download ${format} success`);
-    return ret;
-  }
-  async function extractFile(gzipFilePath) {
-    if (!gzipFilePath.endsWith(".asar.gz") || !existsSync(gzipFilePath)) {
-      log("update .asar.gz file not exist");
-      return;
+  async function extractFile() {
+    if (!gzipPath.endsWith(".asar.gz") || !existsSync(gzipPath)) {
+      throw new Error(".asar.gz file not exist");
     }
-    gzipFilePath = gzipFilePath.replace(".asar.gz", ".tmp.gz");
-    return new Promise((resolve2, reject) => {
+    return new Promise((resolve3, reject) => {
       const gunzip = createGunzip();
-      const input = createReadStream(gzipFilePath);
-      const outputFilePath = gzipFilePath.replace(".tmp.gz", ".asar");
-      const output = createWriteStream(outputFilePath);
-      log(`outputFilePath: ${outputFilePath}`);
+      const input = createReadStream(gzipPath);
+      const output = createWriteStream(tmpFilePath);
+      log(`outputFilePath: ${tmpFilePath}`);
       input.pipe(gunzip).pipe(output).on("finish", async () => {
-        await rm(gzipFilePath);
-        log(`${gzipFilePath} unzipped`);
-        resolve2(outputFilePath);
+        await rm(gzipPath);
+        log(`${gzipPath} unzipped`);
+        resolve3(null);
       }).on("error", async (err) => {
-        await rm(gzipFilePath);
+        await rm(gzipPath);
         output.destroy(err);
         reject(err);
       });
     });
   }
-  function needUpdate(version2) {
+  function needUpdate(version) {
     if (!app2.isPackaged) {
       log("in dev mode, no need to update");
       return false;
     }
     const currentVersion = getEntryVersion();
-    log(`check update:
-    current version is ${currentVersion},
-    new version is ${version2}`);
+    log(`check update: current version is ${currentVersion}, new version is ${version}`);
     const _compare = compareVersion ?? compareVersionDefault;
-    return _compare(currentVersion, version2);
+    return _compare(currentVersion, version);
   }
-  updater.checkUpdate = async (url) => {
-    try {
-      url ??= _update;
-      if (!url) {
-        log("no updateJsonURL, fallback to use repository");
+  async function parseData(format, data) {
+    if (existsSync(tmpFilePath)) {
+      log(`remove tmp file: ${tmpFilePath}`);
+      await rm(tmpFilePath);
+    }
+    if (existsSync(gzipPath)) {
+      log(`remove .gz file: ${gzipPath}`);
+      await rm(gzipPath);
+    }
+    if (typeof data === "object") {
+      if (format === "json" && isUpdateJSON(data) || format === "buffer" && Buffer2.isBuffer(data)) {
+        return data;
+      } else {
+        throw new Error(`invalid type at format '${format}': ${data}`);
+      }
+    } else if (["string", "undefined"].includes(typeof data)) {
+      const ua = userAgent || "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36";
+      const headers = {
+        Accept: `application/${format === "json" ? "json" : "octet-stream"}`,
+        UserAgent: ua,
+        ...extraHeader
+      };
+      log(`download headers: ${JSON.stringify(headers, null, 2)}`);
+      const info = format === "json" ? {
+        name: "updateJsonURL",
+        url: _update,
+        repoFallback: `${repository.replace("github.com", "raw.githubusercontent.com")}/master/version.json`,
+        fn: downloadJSON ?? downloadJSONDefault
+      } : {
+        name: "releaseAsarURL",
+        url: _release,
+        repoFallback: `${repository}/releases/download/latest/${productName}.asar.gz`,
+        fn: downloadBuffer ?? downloadBufferDefault
+      };
+      data ??= info.url;
+      if (!data) {
+        log(`no ${info.name}, fallback to use repository`);
         if (!repository) {
-          throw new Error("updateJsonURL or repository are not set");
+          throw new Error(`${info.name} or repository are not set`);
         }
-        url = `${repository.replace("github.com", "raw.githubusercontent.com")}/master/version.json`;
+        data = info.repoFallback;
       }
-      if (existsSync(tmpFile)) {
-        log(`remove tmp file: ${tmpFile}`);
-        await rm(tmpFile);
-      }
-      if (existsSync(gzipPath)) {
-        log(`remove .gz file: ${gzipPath}`);
-        await rm(gzipPath);
-      }
-      const json = await download(url, "json");
-      const {
-        signature: _sig,
-        version: _v,
-        size
-      } = json;
-      log(`update info: ${JSON.stringify(json, null, 2)}`);
-      if (!await needUpdate(_v)) {
-        log(`update unavailable: ${_v}`);
+      log(`download ${format} from ${data}`);
+      const ret = await info.fn(data, updater, headers);
+      log(`download ${format} success`);
+      return ret;
+    } else {
+      throw new Error(`invalid type at format '${format}': ${data}`);
+    }
+  }
+  updater.checkUpdate = async (data) => {
+    try {
+      const { signature: _sig, size, version } = await parseData("json", data);
+      log(`checked version: ${version}, size: ${size}`);
+      if (!await needUpdate(version)) {
+        log(`update unavailable: ${version}`);
         return void 0;
       } else {
-        log(`update available: ${_v}`);
+        log(`update available: ${version}`);
         signature = _sig;
-        version = _v;
         return { size, version };
       }
     } catch (error) {
@@ -240,30 +258,35 @@ function createUpdater({
       return error;
     }
   };
-  updater.downloadUpdate = async (src) => {
+  updater.downloadAndInstall = async (data, sig) => {
     try {
-      if (typeof src !== "object") {
-        let _url = src ?? _release;
-        if (!_url) {
-          log("no releaseAsarURL, fallback to use repository");
-          if (!repository) {
-            throw new Error("releaseAsarURL or repository are not set");
-          }
-          _url = `${repository}/releases/download/latest/${productName}.asar.gz`;
-        }
-        src = await download(_url, "buffer");
+      const _sig = sig ?? signature;
+      if (!_sig) {
+        throw new Error("signature are not set, please checkUpdate first or set the second parameter");
       }
+      const buffer = await parseData("buffer", data);
       log("verify start");
-      if (!verify(src, signature, SIGNATURE_PUB)) {
-        log("verify failed");
-        throw new Error("invalid signature");
+      const version = verify(buffer, _sig, SIGNATURE_CERT);
+      if (!version) {
+        throw new Error("verify failed, invalid signature");
       }
       log("verify success");
+      if (!await needUpdate(version)) {
+        throw new Error(`update unavailable: ${version}`);
+      }
       log(`write file: ${gzipPath}`);
-      await writeFile(gzipPath, src);
+      await writeFile(gzipPath, buffer);
       log(`extract file: ${gzipPath}`);
-      await extractFile(gzipPath);
+      await extractFile();
+      const asarVersion = await readFile(resolve(tmpFilePath, "version"), "utf8");
+      if (asarVersion !== version) {
+        rmSync(tmpFilePath);
+        throw new Error(`update failed: asar version is ${asarVersion}, but it should be ${version}`);
+      } else {
+        await rename(tmpFilePath, asarPath);
+      }
       log(`update success, version: ${version}`);
+      signature = "";
       return true;
     } catch (error) {
       log(error);
@@ -281,7 +304,7 @@ function initApp(appOptions, updaterOptions) {
     mainPath = "main/index.js"
   } = appOptions ?? {};
   const mainDir = app3.isPackaged ? `../${productName}.asar` : electronDistPath;
-  const entry = resolve(__dirname, mainDir, mainPath);
+  const entry = resolve2(__dirname, mainDir, mainPath);
   if (updaterOptions) {
     __require(entry)(
       createUpdater({ ...updaterOptions, productName })
@@ -296,11 +319,12 @@ function initApp(appOptions, updaterOptions) {
 }
 export {
   createUpdater,
-  getAppAsarPath,
-  getAppVersion,
   getEntryVersion,
   getGithubReleaseCdnGroup,
+  getProductAsarPath,
+  getProductVersion,
   initApp,
+  isUpdateJSON,
   parseGithubCdnURL,
   requireNative,
   restartApp

package/dist/vite.cjs

@@ -11,9 +11,9 @@ var __export = (target, all) => {
 };
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+    for (let key2 of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key2) && key2 !== except)
+        __defProp(to, key2, { get: () => from[key2], enumerable: !(desc = __getOwnPropDesc(from, key2)) || desc.enumerable });
   }
   return to;
 };
@@ -35,44 +35,36 @@ __export(vite_exports, {
 module.exports = __toCommonJS(vite_exports);
 var import_vite = require("vite");
 
-// src/build-plugins/asar.ts
+// src/build-plugins/build.ts
 var import_node_fs = require("fs");
 var import_promises = require("fs/promises");
 var import_node_zlib = __toESM(require("zlib"), 1);
+var import_esbuild = require("esbuild");
 
 // src/crypto.ts
 var import_node_crypto = require("crypto");
 var import_node_buffer = require("buffer");
 var aesEncode = "base64url";
-function generateRSA(length = 2048) {
-  const pair = (0, import_node_crypto.generateKeyPairSync)("rsa", { modulusLength: length });
-  const privateKey = pair.privateKey.export({ type: "pkcs1", format: "pem" });
-  const publicKey = pair.publicKey.export({ type: "pkcs1", format: "pem" });
-  return {
-    privateKey,
-    publicKey
-  };
-}
-function encrypt(plainText, key, iv) {
-  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-cbc", key, iv);
+function encrypt(plainText, key2, iv) {
+  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-cbc", key2, iv);
   let encrypted = cipher.update(plainText, "utf8", aesEncode);
   encrypted += cipher.final(aesEncode);
   return encrypted;
 }
-function generateKey(data, length) {
+function key(data, length) {
   const hash = (0, import_node_crypto.createHash)("SHA256").update(data).digest("binary");
   return import_node_buffer.Buffer.from(hash).subarray(0, length);
 }
-function signature(buffer, privateKey, publicKey) {
+function signature(buffer, privateKey, cert, version) {
   const sig = (0, import_node_crypto.createSign)("RSA-SHA256").update(buffer).sign({
     key: privateKey,
     padding: import_node_crypto.constants.RSA_PKCS1_PADDING,
     saltLength: import_node_crypto.constants.RSA_PSS_SALTLEN_DIGEST
   }, "base64");
-  return encrypt(sig, generateKey(publicKey, 32), generateKey(buffer, 16));
+  return encrypt(`${sig}%${version}`, key(cert, 32), key(buffer, 16));
 }
 
-// src/build-plugins/asar.ts
+// src/build-plugins/build.ts
 function gzipFile(filePath) {
   return new Promise((resolve, reject) => {
     const gzip = import_node_zlib.default.createGzip();
@@ -109,23 +101,20 @@ async function buildAsar({
   await pack(electronDistPath, asarOutputPath);
   await gzipFile(asarOutputPath);
 }
-async function generateVersion({
+async function buildVersion({
   asarOutputPath,
   versionPath,
   privateKey,
-  publicKey,
+  cert,
   version
 }) {
   const buffer = await (0, import_promises.readFile)(`${asarOutputPath}.gz`);
   await (0, import_promises.writeFile)(versionPath, JSON.stringify({
-    signature: signature(buffer, privateKey, publicKey),
+    signature: signature(buffer, privateKey, cert, version),
     version,
     size: buffer.length
   }, null, 2));
 }
-
-// src/build-plugins/entry.ts
-var import_esbuild = require("esbuild");
 async function buildEntry({
   entryPath,
   entryOutputPath: outfile,
@@ -145,16 +134,35 @@ async function buildEntry({
 var import_node_fs2 = require("fs");
 var import_node_path = require("path");
 var import_node_os = require("os");
-function generateKeyFile(privateKeyPath, publicKeyPath, length) {
-  const ret = generateRSA(length);
-  (0, import_node_fs2.writeFileSync)(privateKeyPath, ret.privateKey);
-  (0, import_node_fs2.writeFileSync)(publicKeyPath, ret.publicKey);
-  return ret;
+var import_node_crypto2 = require("crypto");
+var import_jscert = require("@cyyynthia/jscert");
+function generateCert(privateKey) {
+  const dn = {
+    country: "zh-CN",
+    state: "zj",
+    locality: "hz",
+    organization: "test",
+    organizationalUnit: "test unit",
+    commonName: "test.test",
+    emailAddress: "test@example.com"
+  };
+  const csr = new import_jscert.CertificateSigningRequest(dn, privateKey, { digest: "sha256" });
+  const expiry = new Date(Date.now() + 365 * 864e5);
+  return csr.createSelfSignedCertificate(expiry).toPem();
+}
+function generateKeys(length = 2048) {
+  const { privateKey: _key } = (0, import_node_crypto2.generateKeyPairSync)("rsa", { modulusLength: length });
+  const cert = generateCert(_key);
+  const privateKey = _key.export({ type: "pkcs1", format: "pem" });
+  return {
+    privateKey,
+    cert
+  };
 }
-function writePublicKeyToMain(entryPath, publicKey) {
+function writeCertToMain(entryPath, cert) {
   const file = (0, import_node_fs2.readFileSync)(entryPath, "utf-8");
-  const regex = /const SIGNATURE_PUB = ['`][\s\S]*?['`]/;
-  const replacement = `const SIGNATURE_PUB = \`${publicKey}\``;
+  const regex = /const SIGNATURE_CERT = ['`][\s\S]*?['`]/;
+  const replacement = `const SIGNATURE_CERT = \`${cert}\``;
   let replaced = file;
   const signaturePubExists = regex.test(file);
   if (signaturePubExists) {
@@ -179,24 +187,26 @@ function writePublicKeyToMain(entryPath, publicKey) {
 function getKeys({
   keyLength,
   privateKeyPath,
-  publicKeyPath,
+  certPath,
   entryPath
 }) {
   const keysDir = (0, import_node_path.dirname)(privateKeyPath);
   !(0, import_node_fs2.existsSync)(keysDir) && (0, import_node_fs2.mkdirSync)(keysDir);
-  let privateKey, publicKey;
-  if (!(0, import_node_fs2.existsSync)(privateKeyPath)) {
-    const keys = generateKeyFile(privateKeyPath, publicKeyPath, keyLength);
+  let privateKey, cert;
+  if (!(0, import_node_fs2.existsSync)(privateKeyPath) || !(0, import_node_fs2.existsSync)(certPath)) {
+    const keys = generateKeys(keyLength);
     privateKey = keys.privateKey;
-    publicKey = keys.publicKey;
+    cert = keys.cert;
+    (0, import_node_fs2.writeFileSync)(privateKeyPath, privateKey);
+    (0, import_node_fs2.writeFileSync)(certPath, cert);
   } else {
     privateKey = (0, import_node_fs2.readFileSync)(privateKeyPath, "utf-8");
-    publicKey = (0, import_node_fs2.readFileSync)(publicKeyPath, "utf-8");
+    cert = (0, import_node_fs2.readFileSync)(certPath, "utf-8");
   }
-  writePublicKeyToMain(entryPath, publicKey);
+  writeCertToMain(entryPath, cert);
   return {
     privateKey,
-    publicKey
+    cert
   };
 }
 
@@ -214,9 +224,17 @@ function parseOptions(options) {
   } = paths;
   const {
     privateKeyPath = "keys/private.pem",
-    publicKeyPath = "keys/public.pem",
-    keyLength = 2048
+    certPath = "keys/cert.pem",
+    keyLength = 2048,
+    certInfo
   } = keys;
+  let {
+    subject = {
+      commonName: productName,
+      organization: `org.${productName}`
+    },
+    expires = Date.now() + 365 * 864e5
+  } = certInfo || {};
   const buildAsarOption = {
     version,
     asarOutputPath,
@@ -230,17 +248,22 @@ function parseOptions(options) {
   };
   let buildVersionOption;
   if (!import_ci_info.isCI) {
-    const { privateKey, publicKey } = getKeys({
+    if (typeof expires === "number") {
+      expires = new Date(Date.now() + expires);
+    }
+    const { privateKey, cert } = getKeys({
       keyLength,
       privateKeyPath,
-      publicKeyPath,
-      entryPath
+      certPath,
+      entryPath,
+      subject,
+      expires
     });
     buildVersionOption = {
       version,
       asarOutputPath,
       privateKey,
-      publicKey,
+      cert,
       versionPath
     };
   }
@@ -266,7 +289,7 @@ function vite_default(options) {
       }
       log.info("build asar start");
       await buildAsar(buildAsarOption);
-      buildVersionOption && await generateVersion(buildVersionOption);
+      buildVersionOption && await buildVersion(buildVersionOption);
       log.info(`build asar end, output to ${asarOutputPath}`);
     }
   };

package/dist/vite.d.ts

@@ -1,4 +1,5 @@
 import { Plugin } from 'vite';
+import { DistinguishedName } from '@cyyynthia/jscert';
 
 type Options = {
     /**
@@ -69,14 +70,35 @@ type Options = {
         /**
          * Path to the pem file that contains public key
          * if not ended with .pem, it will be appended
-         * @default 'keys/public.pem'
+         * @default 'keys/cert.pem'
          */
-        publicKeyPath?: string;
+        certPath?: string;
         /**
          * Length of the key
          * @default 2048
          */
         keyLength?: number;
+        /**
+         * X509 certificate info
+         *
+         * only generate simple **self-signed** certificate **without extensions**
+         */
+        certInfo?: {
+            /**
+             * the subject of the certificate
+             *
+             * @default { commonName: productName, organization: `org.${productName}` }
+             */
+            subject?: DistinguishedName;
+            /**
+             * expires of the certificate
+             * - `Date`: expire date
+             * - `number`: expire duration in seconds
+             *
+             * @default Date.now() + 365 * 864e5 (1 year)
+             */
+            expires?: Date | number;
+        };
     };
 };