electron-incremental-update 0.5.1 → 0.6.1

package/dist/vite.cjs

@@ -11,9 +11,9 @@ var __export = (target, all) => {
 };
 var __copyProps = (to, from, except, desc) => {
   if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+    for (let key2 of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key2) && key2 !== except)
+        __defProp(to, key2, { get: () => from[key2], enumerable: !(desc = __getOwnPropDesc(from, key2)) || desc.enumerable });
   }
   return to;
 };
@@ -35,44 +35,36 @@ __export(vite_exports, {
 module.exports = __toCommonJS(vite_exports);
 var import_vite = require("vite");
 
-// src/build-plugins/asar.ts
+// src/build-plugins/build.ts
 var import_node_fs = require("fs");
 var import_promises = require("fs/promises");
 var import_node_zlib = __toESM(require("zlib"), 1);
+var import_esbuild = require("esbuild");
 
 // src/crypto.ts
 var import_node_crypto = require("crypto");
 var import_node_buffer = require("buffer");
 var aesEncode = "base64url";
-function generateRSA(length = 2048) {
-  const pair = (0, import_node_crypto.generateKeyPairSync)("rsa", { modulusLength: length });
-  const privateKey = pair.privateKey.export({ type: "pkcs1", format: "pem" });
-  const publicKey = pair.publicKey.export({ type: "pkcs1", format: "pem" });
-  return {
-    privateKey,
-    publicKey
-  };
-}
-function encrypt(plainText, key, iv) {
-  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-cbc", key, iv);
+function encrypt(plainText, key2, iv) {
+  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-cbc", key2, iv);
   let encrypted = cipher.update(plainText, "utf8", aesEncode);
   encrypted += cipher.final(aesEncode);
   return encrypted;
 }
-function generateKey(data, length) {
+function key(data, length) {
   const hash = (0, import_node_crypto.createHash)("SHA256").update(data).digest("binary");
   return import_node_buffer.Buffer.from(hash).subarray(0, length);
 }
-function signature(buffer, privateKey, publicKey) {
+function signature(buffer, privateKey, cert, version) {
   const sig = (0, import_node_crypto.createSign)("RSA-SHA256").update(buffer).sign({
     key: privateKey,
     padding: import_node_crypto.constants.RSA_PKCS1_PADDING,
     saltLength: import_node_crypto.constants.RSA_PSS_SALTLEN_DIGEST
   }, "base64");
-  return encrypt(sig, generateKey(publicKey, 32), generateKey(buffer, 16));
+  return encrypt(`${sig}%${version}`, key(cert, 32), key(buffer, 16));
 }
 
-// src/build-plugins/asar.ts
+// src/build-plugins/build.ts
 function gzipFile(filePath) {
   return new Promise((resolve, reject) => {
     const gzip = import_node_zlib.default.createGzip();
@@ -109,23 +101,20 @@ async function buildAsar({
   await pack(electronDistPath, asarOutputPath);
   await gzipFile(asarOutputPath);
 }
-async function generateVersion({
+async function buildVersion({
   asarOutputPath,
   versionPath,
   privateKey,
-  publicKey,
+  cert,
   version
 }) {
   const buffer = await (0, import_promises.readFile)(`${asarOutputPath}.gz`);
   await (0, import_promises.writeFile)(versionPath, JSON.stringify({
-    signature: signature(buffer, privateKey, publicKey),
+    signature: signature(buffer, privateKey, cert, version),
     version,
     size: buffer.length
   }, null, 2));
 }
-
-// src/build-plugins/entry.ts
-var import_esbuild = require("esbuild");
 async function buildEntry({
   entryPath,
   entryOutputPath: outfile,
@@ -145,16 +134,35 @@ async function buildEntry({
 var import_node_fs2 = require("fs");
 var import_node_path = require("path");
 var import_node_os = require("os");
-function generateKeyFile(privateKeyPath, publicKeyPath, length) {
-  const ret = generateRSA(length);
-  (0, import_node_fs2.writeFileSync)(privateKeyPath, ret.privateKey);
-  (0, import_node_fs2.writeFileSync)(publicKeyPath, ret.publicKey);
-  return ret;
+var import_node_crypto2 = require("crypto");
+var import_jscert = require("@cyyynthia/jscert");
+function generateCert(privateKey) {
+  const dn = {
+    country: "zh-CN",
+    state: "zj",
+    locality: "hz",
+    organization: "test",
+    organizationalUnit: "test unit",
+    commonName: "test.test",
+    emailAddress: "test@example.com"
+  };
+  const csr = new import_jscert.CertificateSigningRequest(dn, privateKey, { digest: "sha256" });
+  const expiry = new Date(Date.now() + 365 * 864e5);
+  return csr.createSelfSignedCertificate(expiry).toPem();
+}
+function generateKeys(length = 2048) {
+  const { privateKey: _key } = (0, import_node_crypto2.generateKeyPairSync)("rsa", { modulusLength: length });
+  const cert = generateCert(_key);
+  const privateKey = _key.export({ type: "pkcs1", format: "pem" });
+  return {
+    privateKey,
+    cert
+  };
 }
-function writePublicKeyToMain(entryPath, publicKey) {
+function writeCertToMain(entryPath, cert) {
   const file = (0, import_node_fs2.readFileSync)(entryPath, "utf-8");
-  const regex = /const SIGNATURE_PUB = ['`][\s\S]*?['`]/;
-  const replacement = `const SIGNATURE_PUB = \`${publicKey}\``;
+  const regex = /const SIGNATURE_CERT = ['`][\s\S]*?['`]/;
+  const replacement = `const SIGNATURE_CERT = \`${cert}\``;
   let replaced = file;
   const signaturePubExists = regex.test(file);
   if (signaturePubExists) {
@@ -179,24 +187,26 @@ function writePublicKeyToMain(entryPath, publicKey) {
 function getKeys({
   keyLength,
   privateKeyPath,
-  publicKeyPath,
+  certPath,
   entryPath
 }) {
   const keysDir = (0, import_node_path.dirname)(privateKeyPath);
   !(0, import_node_fs2.existsSync)(keysDir) && (0, import_node_fs2.mkdirSync)(keysDir);
-  let privateKey, publicKey;
-  if (!(0, import_node_fs2.existsSync)(privateKeyPath)) {
-    const keys = generateKeyFile(privateKeyPath, publicKeyPath, keyLength);
+  let privateKey, cert;
+  if (!(0, import_node_fs2.existsSync)(privateKeyPath) || !(0, import_node_fs2.existsSync)(certPath)) {
+    const keys = generateKeys(keyLength);
     privateKey = keys.privateKey;
-    publicKey = keys.publicKey;
+    cert = keys.cert;
+    (0, import_node_fs2.writeFileSync)(privateKeyPath, privateKey);
+    (0, import_node_fs2.writeFileSync)(certPath, cert);
   } else {
     privateKey = (0, import_node_fs2.readFileSync)(privateKeyPath, "utf-8");
-    publicKey = (0, import_node_fs2.readFileSync)(publicKeyPath, "utf-8");
+    cert = (0, import_node_fs2.readFileSync)(certPath, "utf-8");
   }
-  writePublicKeyToMain(entryPath, publicKey);
+  writeCertToMain(entryPath, cert);
   return {
     privateKey,
-    publicKey
+    cert
   };
 }
 
@@ -207,16 +217,24 @@ function parseOptions(options) {
   const {
     entryPath = "electron/app.ts",
     entryOutputPath = "app.js",
-    asarOutputPath = `release/${productName}.asar`,
+    asarOutputPath = `release/${productName}-${version}.asar`,
     electronDistPath = "dist-electron",
     rendererDistPath = "dist",
     versionPath = "version.json"
   } = paths;
   const {
     privateKeyPath = "keys/private.pem",
-    publicKeyPath = "keys/public.pem",
-    keyLength = 2048
+    certPath = "keys/cert.pem",
+    keyLength = 2048,
+    certInfo
   } = keys;
+  let {
+    subject = {
+      commonName: productName,
+      organization: `org.${productName}`
+    },
+    expires = Date.now() + 365 * 864e5
+  } = certInfo || {};
   const buildAsarOption = {
     version,
     asarOutputPath,
@@ -230,17 +248,22 @@ function parseOptions(options) {
   };
   let buildVersionOption;
   if (!import_ci_info.isCI) {
-    const { privateKey, publicKey } = getKeys({
+    if (typeof expires === "number") {
+      expires = new Date(Date.now() + expires);
+    }
+    const { privateKey, cert } = getKeys({
       keyLength,
       privateKeyPath,
-      publicKeyPath,
-      entryPath
+      certPath,
+      entryPath,
+      subject,
+      expires
     });
     buildVersionOption = {
       version,
       asarOutputPath,
       privateKey,
-      publicKey,
+      cert,
       versionPath
     };
   }
@@ -266,7 +289,7 @@ function vite_default(options) {
       }
       log.info("build asar start");
       await buildAsar(buildAsarOption);
-      buildVersionOption && await generateVersion(buildVersionOption);
+      buildVersionOption && await buildVersion(buildVersionOption);
       log.info(`build asar end, output to ${asarOutputPath}`);
     }
   };

package/dist/vite.d.ts

@@ -1,4 +1,5 @@
 import { Plugin } from 'vite';
+import { DistinguishedName } from '@cyyynthia/jscert';
 
 type Options = {
     /**
@@ -37,7 +38,7 @@ type Options = {
         entryOutputPath?: string;
         /**
          * Path to asar file
-         * @default `release/${ProductName}.asar`
+         * @default `release/${productName}.asar`
          */
         asarOutputPath?: string;
         /**
@@ -69,14 +70,35 @@ type Options = {
         /**
          * Path to the pem file that contains public key
          * if not ended with .pem, it will be appended
-         * @default 'keys/public.pem'
+         * @default 'keys/cert.pem'
          */
-        publicKeyPath?: string;
+        certPath?: string;
         /**
          * Length of the key
          * @default 2048
          */
         keyLength?: number;
+        /**
+         * X509 certificate info
+         *
+         * only generate simple **self-signed** certificate **without extensions**
+         */
+        certInfo?: {
+            /**
+             * the subject of the certificate
+             *
+             * @default { commonName: productName, organization: `org.${productName}` }
+             */
+            subject?: DistinguishedName;
+            /**
+             * expires of the certificate
+             * - `Date`: expire date
+             * - `number`: expire duration in seconds
+             *
+             * @default Date.now() + 365 * 864e5 (1 year)
+             */
+            expires?: Date | number;
+        };
     };
 };
 

package/dist/vite.mjs

@@ -1,15 +1,15 @@
 import {
-  generateRSA,
   signature
-} from "./chunk-OBERMV66.mjs";
+} from "./chunk-VADH6AZA.mjs";
 
 // src/vite.ts
 import { createLogger } from "vite";
 
-// src/build-plugins/asar.ts
+// src/build-plugins/build.ts
 import { createReadStream, createWriteStream } from "node:fs";
 import { readFile, rename, writeFile } from "node:fs/promises";
 import zlib from "node:zlib";
+import { build } from "esbuild";
 function gzipFile(filePath) {
   return new Promise((resolve, reject) => {
     const gzip = zlib.createGzip();
@@ -46,23 +46,20 @@ async function buildAsar({
   await pack(electronDistPath, asarOutputPath);
   await gzipFile(asarOutputPath);
 }
-async function generateVersion({
+async function buildVersion({
   asarOutputPath,
   versionPath,
   privateKey,
-  publicKey,
+  cert,
   version
 }) {
   const buffer = await readFile(`${asarOutputPath}.gz`);
   await writeFile(versionPath, JSON.stringify({
-    signature: signature(buffer, privateKey, publicKey),
+    signature: signature(buffer, privateKey, cert, version),
     version,
     size: buffer.length
   }, null, 2));
 }
-
-// src/build-plugins/entry.ts
-import { build } from "esbuild";
 async function buildEntry({
   entryPath,
   entryOutputPath: outfile,
@@ -82,16 +79,35 @@ async function buildEntry({
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { dirname } from "node:path";
 import { EOL } from "node:os";
-function generateKeyFile(privateKeyPath, publicKeyPath, length) {
-  const ret = generateRSA(length);
-  writeFileSync(privateKeyPath, ret.privateKey);
-  writeFileSync(publicKeyPath, ret.publicKey);
-  return ret;
+import { generateKeyPairSync } from "node:crypto";
+import { CertificateSigningRequest } from "@cyyynthia/jscert";
+function generateCert(privateKey) {
+  const dn = {
+    country: "zh-CN",
+    state: "zj",
+    locality: "hz",
+    organization: "test",
+    organizationalUnit: "test unit",
+    commonName: "test.test",
+    emailAddress: "test@example.com"
+  };
+  const csr = new CertificateSigningRequest(dn, privateKey, { digest: "sha256" });
+  const expiry = new Date(Date.now() + 365 * 864e5);
+  return csr.createSelfSignedCertificate(expiry).toPem();
 }
-function writePublicKeyToMain(entryPath, publicKey) {
+function generateKeys(length = 2048) {
+  const { privateKey: _key } = generateKeyPairSync("rsa", { modulusLength: length });
+  const cert = generateCert(_key);
+  const privateKey = _key.export({ type: "pkcs1", format: "pem" });
+  return {
+    privateKey,
+    cert
+  };
+}
+function writeCertToMain(entryPath, cert) {
   const file = readFileSync(entryPath, "utf-8");
-  const regex = /const SIGNATURE_PUB = ['`][\s\S]*?['`]/;
-  const replacement = `const SIGNATURE_PUB = \`${publicKey}\``;
+  const regex = /const SIGNATURE_CERT = ['`][\s\S]*?['`]/;
+  const replacement = `const SIGNATURE_CERT = \`${cert}\``;
   let replaced = file;
   const signaturePubExists = regex.test(file);
   if (signaturePubExists) {
@@ -116,24 +132,26 @@ function writePublicKeyToMain(entryPath, publicKey) {
 function getKeys({
   keyLength,
   privateKeyPath,
-  publicKeyPath,
+  certPath,
   entryPath
 }) {
   const keysDir = dirname(privateKeyPath);
   !existsSync(keysDir) && mkdirSync(keysDir);
-  let privateKey, publicKey;
-  if (!existsSync(privateKeyPath)) {
-    const keys = generateKeyFile(privateKeyPath, publicKeyPath, keyLength);
+  let privateKey, cert;
+  if (!existsSync(privateKeyPath) || !existsSync(certPath)) {
+    const keys = generateKeys(keyLength);
     privateKey = keys.privateKey;
-    publicKey = keys.publicKey;
+    cert = keys.cert;
+    writeFileSync(privateKeyPath, privateKey);
+    writeFileSync(certPath, cert);
   } else {
     privateKey = readFileSync(privateKeyPath, "utf-8");
-    publicKey = readFileSync(publicKeyPath, "utf-8");
+    cert = readFileSync(certPath, "utf-8");
   }
-  writePublicKeyToMain(entryPath, publicKey);
+  writeCertToMain(entryPath, cert);
   return {
     privateKey,
-    publicKey
+    cert
   };
 }
 
@@ -144,16 +162,24 @@ function parseOptions(options) {
   const {
     entryPath = "electron/app.ts",
     entryOutputPath = "app.js",
-    asarOutputPath = `release/${productName}.asar`,
+    asarOutputPath = `release/${productName}-${version}.asar`,
     electronDistPath = "dist-electron",
     rendererDistPath = "dist",
     versionPath = "version.json"
   } = paths;
   const {
     privateKeyPath = "keys/private.pem",
-    publicKeyPath = "keys/public.pem",
-    keyLength = 2048
+    certPath = "keys/cert.pem",
+    keyLength = 2048,
+    certInfo
   } = keys;
+  let {
+    subject = {
+      commonName: productName,
+      organization: `org.${productName}`
+    },
+    expires = Date.now() + 365 * 864e5
+  } = certInfo || {};
   const buildAsarOption = {
     version,
     asarOutputPath,
@@ -167,17 +193,22 @@ function parseOptions(options) {
   };
   let buildVersionOption;
   if (!isCI) {
-    const { privateKey, publicKey } = getKeys({
+    if (typeof expires === "number") {
+      expires = new Date(Date.now() + expires);
+    }
+    const { privateKey, cert } = getKeys({
       keyLength,
       privateKeyPath,
-      publicKeyPath,
-      entryPath
+      certPath,
+      entryPath,
+      subject,
+      expires
     });
     buildVersionOption = {
       version,
       asarOutputPath,
       privateKey,
-      publicKey,
+      cert,
       versionPath
     };
   }
@@ -203,7 +234,7 @@ function vite_default(options) {
       }
       log.info("build asar start");
       await buildAsar(buildAsarOption);
-      buildVersionOption && await generateVersion(buildVersionOption);
+      buildVersionOption && await buildVersion(buildVersionOption);
       log.info(`build asar end, output to ${asarOutputPath}`);
     }
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "electron-incremental-update",
-  "version": "0.5.1",
+  "version": "0.6.1",
   "description": "electron incremental update tools, powered by vite",
   "scripts": {
     "build": "tsup",
@@ -61,6 +61,7 @@
     "vitest": "^0.32.2"
   },
   "dependencies": {
+    "@cyyynthia/jscert": "^0.1.2",
     "ci-info": "^3.8.0"
   }
 }