electron-incremental-update 1.2.0 → 2.0.0-beta.1

package/README.md

@@ -10,7 +10,9 @@ The new `${electron.app.name}.asar`, which can download from remote or load from
 
 All **native modules** should be packaged into `app.asar` to reduce `${electron.app.name}.asar` file size, [see usage](#use-native-modules). Therefore, auto upgrade of portable app is possible.
 
-no `vite-plugin-electron-renderer` config
+Support bytecode protection, [see details](#bytecode-protection)
+
+No `vite-plugin-electron-renderer` config
 
 - inspired by [Obsidian](https://obsidian.md/)'s upgrade strategy
 
@@ -159,16 +161,27 @@ module.exports = {
 
 ### Use in main process
 
-To use electron's `net` module for updating, the `checkUpdate` and `download` functions must be called after the app is ready by default.
-
-However, you have the option to customize the download function when creating the updater.
+To use electron's `net` module for updating, the `checkUpdate` and `download` functions must be called after the app is ready by default. You have the option to customize the download function when creating the updater.
 
 **NOTE: There should only one function and should be default export in the entry file**
 
+in `electron/entry.ts`
+
+```ts
+initApp({
+  updater: {
+    overrideFunctions: {
+      downloadJSON: (url: string, headers: Record<string, any>) => {}
+      // ...
+    }
+  },
+})
+```
+
 in `electron/main/index.ts`
 
 ```ts
-import { startupWithUpdater } from 'electron-incremental-update'
+import { startupWithUpdater, UpdaterError } from 'electron-incremental-update'
 import { getPathFromAppNameAsar, getVersions } from 'electron-incremental-update/utils'
 import { app } from 'electron'
 
@@ -185,10 +198,12 @@ export default startupWithUpdater((updater) => {
     console.log(percent)
   }
   updater.logger = console
+  updater.receiveBeta = true
+  
   updater.checkUpdate().then(async (result) => {
     if (result === undefined) {
       console.log('Update Unavailable')
-    } else if (result instanceof Error) {
+    } else if (result instanceof UpdaterError) {
       console.error(result)
     } else {
       console.log('new version: ', result.version)
@@ -213,7 +228,16 @@ export default startupWithUpdater((updater) => {
 
 All the **native modules** should be set as `dependency` in `package.json`. `electron-rebuild` only check dependencies inside `dependency` field.
 
-If you are using `electron-builder` to build distributions, all the native modules with its **large relavent `node_modiles`** will be packaged into `app.asar` by default. You can setup `nativeModuleEntryMap` option to prebundle all the native modules and skip bundled by `electron-builder`
+If you are using `electron-builder` to build distributions, all the native modules with its **large relavent `node_modiles`** will be packaged into `app.asar` by default.
+
+Luckily, `Esbuild` can bundle all the dependencies. Just follow the steps:
+
+1. setup `nativeModuleEntryMap` option
+2. Manually copy the native binaries in `postBuild` callback
+3. Exclude all the dependencies in `electron-builder`'s config
+4. call the native functions with `loadNativeModuleFromEntry` in your code
+
+#### Example
 
 in `vite.config.ts`
 
@@ -224,6 +248,7 @@ const plugin = electronWithUpdater({
     entry: {
       nativeModuleEntryMap: {
         db: './electron/native/db.ts',
+        img: './electron/native/img.ts',
       },
       postBuild: async ({ copyToEntryOutputDir }) => {
         // for better-sqlite3
@@ -248,9 +273,8 @@ in `electron/native/db.ts`
 
 ```ts
 import Database from 'better-sqlite3'
-import { getPaths } from 'electron-incremental-update/utils'
 
-const db = new Database(':memory:', { nativeBinding: getPaths().getPathFromEntryAsar('better_sqlite3.node') })
+const db = new Database(':memory:', { nativeBinding: './better_sqlite3.node' })
 
 export function test() {
   db.exec(
@@ -295,7 +319,11 @@ module.exports = {
 
 ### Bytecode protection
 
-credit to [electron-vite](https://github.com/alex8088/electron-vite/blob/master/src/plugins/bytecode.ts)
+From v1.2, the vite plugin is able to generate bytecode to protect your application.
+
+It will automatically protect your `SIGNATURE_CERT` by default.
+
+credit to [electron-vite](https://github.com/alex8088/electron-vite/blob/master/src/plugins/bytecode.ts), and improve the string protection (see [original issue](https://github.com/alex8088/electron-vite/issues/552))
 
 ```ts
 electronWithUpdater({
@@ -311,6 +339,99 @@ electronWithUpdater({
 
 ### Types
 
+#### Updater
+
+```ts
+export interface UpdaterOption {
+  /**
+   * public key of signature, which will be auto generated by plugin,
+   * generate by `selfsigned` if not set
+   */
+  SIGNATURE_CERT?: string
+  /**
+   * repository url, e.g. `https://github.com/electron/electron`
+   *
+   * you can use the `repository` in `package.json`
+   *
+   * if `updateJsonURL` or `releaseAsarURL` are absent,
+   * `repository` will be used to determine the url
+   */
+  repository?: string
+  /**
+   * URL of version info json
+   * @default `${repository.replace('github.com', 'raw.githubusercontent.com')}/master/version.json`
+   * @throws if `updateJsonURL` and `repository` are all not set
+   */
+  updateJsonURL?: string
+  /**
+   * URL of release asar.gz
+   * @default `${repository}/releases/download/v${version}/${app.name}-${version}.asar.gz`
+   * @throws if `releaseAsarURL` and `repository` are all not set
+   */
+  releaseAsarURL?: string
+  /**
+   * whether to receive beta update
+   */
+  receiveBeta?: boolean
+  overrideFunctions?: UpdaterOverrideFunctions
+  downloadConfig?: UpdaterDownloadConfig
+}
+export type Logger = {
+  info: (msg: string) => void
+  debug: (msg: string) => void
+  warn: (msg: string) => void
+  error: (msg: string, e?: Error) => void
+}
+
+export type UpdaterOverrideFunctions = {
+  /**
+   * custom version compare function
+   * @param version1 old version string
+   * @param version2 new version string
+   * @returns if version1 < version2
+   */
+  isLowerVersion?: (version1: string, version2: string) => boolean | Promise<boolean>
+  /**
+   * custom verify signature function
+   * @param buffer file buffer
+   * @param signature signature
+   * @param cert certificate
+   * @returns if signature is valid, returns the version or `true` , otherwise returns `false`
+   */
+  verifySignaure?: (buffer: Buffer, signature: string, cert: string) => string | false | Promise<string | false>
+  /**
+   * custom download JSON function
+   * @param url download url
+   * @param header download header
+   * @returns `UpdateJSON`
+   */
+  downloadJSON?: (url: string, headers: Record<string, any>) => Promise<UpdateJSON>
+  /**
+   * custom download buffer function
+   * @param url download url
+   * @param headers download header
+   * @param total precaculated file total size
+   * @param onDownloading on downloading callback
+   * @returns `Buffer`
+   */
+  downloadBuffer?: (url: string, headers: Record<string, any>, total: number, onDownloading?: (progress: DownloadingInfo) => void) => Promise<Buffer>
+}
+
+export type UpdaterDownloadConfig = {
+  /**
+   * download user agent
+   * @default 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36'
+   */
+  userAgent?: string
+  /**
+   * extra download header, `accept` and `user-agent` is set by default
+   */
+  extraHeader?: Record<string, string>
+}
+```
+
+#### Plugin
+
 ```ts
 type ElectronWithUpdaterOptions = {
   /**

package/dist/chunk-RSLOPAIZ.js

@@ -0,0 +1,247 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/utils/electron.ts
+import { existsSync, mkdirSync, readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { app } from "electron";
+var isDev = __EIU_IS_DEV__;
+var isWin = process.platform === "win32";
+var isMac = process.platform === "darwin";
+var isLinux = process.platform === "linux";
+function getPathFromAppNameAsar(...path) {
+  return isDev ? "DEV.asar" : join(dirname(app.getAppPath()), `${app.name}.asar`, ...path);
+}
+function getAppVersion() {
+  return isDev ? getEntryVersion() : readFileSync(getPathFromAppNameAsar("version"), "utf-8");
+}
+function getEntryVersion() {
+  return app.getVersion();
+}
+function requireNative(moduleName) {
+  return __require(join(app.getAppPath(), __EIU_ENTRY_DIST_PATH__, moduleName));
+}
+function restartApp() {
+  app.relaunch();
+  app.quit();
+}
+function setAppUserModelId(id) {
+  isWin && app.setAppUserModelId(id ?? `org.${app.name}`);
+}
+function disableHWAccForWin7() {
+  if (__require("node:os").release().startsWith("6.1")) {
+    app.disableHardwareAcceleration();
+  }
+}
+function singleInstance(window) {
+  const result = app.requestSingleInstanceLock();
+  result ? app.on("second-instance", () => {
+    if (window) {
+      window.show();
+      if (window.isMinimized()) {
+        window.restore();
+      }
+      window.focus();
+    }
+  }) : app.quit();
+  return result;
+}
+function setPortableAppDataPath(dirName = "data") {
+  const portablePath = join(dirname(app.getPath("exe")), dirName);
+  if (!existsSync(portablePath)) {
+    mkdirSync(portablePath);
+  }
+  app.setPath("appData", portablePath);
+}
+function waitAppReady(timeout = 1e3) {
+  return app.isReady() ? Promise.resolve() : new Promise((resolve, reject) => {
+    const _ = setTimeout(() => {
+      reject(new Error("app is not ready"));
+    }, timeout);
+    app.whenReady().then(() => {
+      clearTimeout(_);
+      resolve();
+    });
+  });
+}
+function loadPage(win, htmlFilePath = "index.html") {
+  isDev ? win.loadURL(process.env.VITE_DEV_SERVER_URL + htmlFilePath) : win.loadFile(getPathFromAppNameAsar("renderer", htmlFilePath));
+}
+function getPathFromPreload(...paths) {
+  return isDev ? join(app.getAppPath(), __EIU_ELECTRON_DIST_PATH__, "preload", ...paths) : getPathFromAppNameAsar("preload", ...paths);
+}
+function getPathFromPublic(...paths) {
+  return isDev ? join(app.getAppPath(), "public", ...paths) : getPathFromAppNameAsar("renderer", ...paths);
+}
+function getPathFromEntryAsar(...paths) {
+  return join(app.getAppPath(), __EIU_ENTRY_DIST_PATH__, ...paths);
+}
+
+// src/utils/zip.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync } from "node:fs";
+import { brotliCompress } from "node:zlib";
+async function zipFile(filePath, targetFilePath = `${filePath}.gz`) {
+  if (!existsSync2(filePath)) {
+    throw new Error(`path to be zipped not exist: ${filePath}`);
+  }
+  const buffer = readFileSync2(filePath);
+  return new Promise((resolve, reject) => {
+    brotliCompress(buffer, (err, buffer2) => {
+      if (err) {
+        reject(err);
+      }
+      writeFileSync(targetFilePath, buffer2);
+      resolve(null);
+    });
+  });
+}
+
+// src/utils/unzip.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, rmSync, writeFileSync as writeFileSync2 } from "node:fs";
+import { brotliDecompress } from "node:zlib";
+async function unzipFile(gzipPath, targetFilePath = gzipPath.slice(0, -3)) {
+  if (!existsSync3(gzipPath)) {
+    throw new Error(`path to zipped file not exist: ${gzipPath}`);
+  }
+  const compressedBuffer = readFileSync3(gzipPath);
+  return new Promise((resolve, reject) => {
+    brotliDecompress(compressedBuffer, (err, buffer) => {
+      rmSync(gzipPath);
+      if (err) {
+        reject(err);
+      }
+      writeFileSync2(targetFilePath, buffer);
+      resolve(null);
+    });
+  });
+}
+
+// src/utils/version.ts
+function handleUnexpectedErrors(callback) {
+  process.on("uncaughtException", callback);
+  process.on("unhandledRejection", callback);
+}
+function parseVersion(version) {
+  const match = /^(\d+)\.(\d+)\.(\d+)(?:-([a-z0-9.-]+))?/i.exec(version);
+  if (!match) {
+    throw new TypeError(`invalid version: ${version}`);
+  }
+  const [major, minor, patch] = match.slice(1, 4).map(Number);
+  const ret = {
+    major,
+    minor,
+    patch,
+    stage: "",
+    stageVersion: -1
+  };
+  if (match[4]) {
+    let [stage, _v] = match[4].split(".");
+    ret.stage = stage;
+    ret.stageVersion = Number(_v) || -1;
+  }
+  if (Number.isNaN(major) || Number.isNaN(minor) || Number.isNaN(patch) || Number.isNaN(ret.stageVersion)) {
+    throw new TypeError(`invalid version: ${version}`);
+  }
+  return ret;
+}
+function isLowerVersionDefault(oldVer, newVer) {
+  const oldV = parseVersion(oldVer);
+  const newV = parseVersion(newVer);
+  function compareStrings(str1, str2) {
+    if (str1 === "") {
+      return str2 !== "";
+    } else if (str2 === "") {
+      return true;
+    }
+    return str1 < str2;
+  }
+  for (let key of Object.keys(oldV)) {
+    if (key === "stage" && compareStrings(oldV[key], newV[key])) {
+      return true;
+    } else if (oldV[key] !== newV[key]) {
+      return oldV[key] < newV[key];
+    }
+  }
+  return false;
+}
+function isUpdateJSON(json) {
+  const is = (j) => !!(j && j.minimumVersion && j.signature && j.size && j.version);
+  return is(json) && is(json?.beta);
+}
+
+// src/utils/crypto/decrypt.ts
+import { createDecipheriv, createVerify } from "node:crypto";
+
+// src/utils/crypto/utils.ts
+import { createHash } from "node:crypto";
+function hashString(data, length) {
+  const hash = createHash("SHA256").update(data).digest("binary");
+  return Buffer.from(hash).subarray(0, length);
+}
+
+// src/utils/crypto/decrypt.ts
+function decrypt(encryptedText, key, iv) {
+  const decipher = createDecipheriv("aes-256-cbc", key, iv);
+  let decrypted = decipher.update(encryptedText, "base64url", "utf8");
+  decrypted += decipher.final("utf8");
+  return decrypted;
+}
+function verifySignatureDefault(buffer, signature2, cert) {
+  try {
+    const [sig, version] = decrypt(signature2, hashString(cert, 32), hashString(buffer, 16)).split("%");
+    const result = createVerify("RSA-SHA256").update(buffer).verify(cert, sig, "base64");
+    return result ? version : void 0;
+  } catch (error) {
+    return void 0;
+  }
+}
+
+// src/utils/crypto/encrypt.ts
+import { createCipheriv, createPrivateKey, createSign } from "node:crypto";
+function encrypt(plainText, key, iv) {
+  const cipher = createCipheriv("aes-256-cbc", key, iv);
+  let encrypted = cipher.update(plainText, "utf8", "base64url");
+  encrypted += cipher.final("base64url");
+  return encrypted;
+}
+function signature(buffer, privateKey, cert, version) {
+  const sig = createSign("RSA-SHA256").update(buffer).sign(createPrivateKey(privateKey), "base64");
+  return encrypt(`${sig}%${version}`, hashString(cert, 32), hashString(buffer, 16));
+}
+
+export {
+  __require,
+  handleUnexpectedErrors,
+  parseVersion,
+  isLowerVersionDefault,
+  isUpdateJSON,
+  isDev,
+  isWin,
+  isMac,
+  isLinux,
+  getPathFromAppNameAsar,
+  getAppVersion,
+  getEntryVersion,
+  requireNative,
+  restartApp,
+  setAppUserModelId,
+  disableHWAccForWin7,
+  singleInstance,
+  setPortableAppDataPath,
+  waitAppReady,
+  loadPage,
+  getPathFromPreload,
+  getPathFromPublic,
+  getPathFromEntryAsar,
+  unzipFile,
+  zipFile,
+  hashString,
+  decrypt,
+  verifySignatureDefault,
+  encrypt,
+  signature
+};

package/dist/decrypt-BNBcodiO.d.cts

@@ -0,0 +1,4 @@
+declare function decrypt(encryptedText: string, key: Buffer, iv: Buffer): string;
+declare function verifySignatureDefault(buffer: Buffer, signature: string, cert: string): string | undefined | Promise<string | undefined>;
+
+export { decrypt as d, verifySignatureDefault as v };

package/dist/decrypt-BNBcodiO.d.ts

@@ -0,0 +1,4 @@
+declare function decrypt(encryptedText: string, key: Buffer, iv: Buffer): string;
+declare function verifySignatureDefault(buffer: Buffer, signature: string, cert: string): string | undefined | Promise<string | undefined>;
+
+export { decrypt as d, verifySignatureDefault as v };