feat: add 2-stage update system (asar swap + full installer)
This commit is contained in:
+72
-30
@@ -1,6 +1,6 @@
|
||||
import { app, BrowserWindow, Menu, clipboard, ipcMain, safeStorage, session, shell } from 'electron';
|
||||
import { join } from 'path';
|
||||
import { existsSync, mkdirSync, promises as fsp } from 'fs';
|
||||
import { join, dirname } from 'path';
|
||||
import { existsSync, mkdirSync, unlinkSync, promises as fsp } from 'fs';
|
||||
import { get as httpsGet } from 'https';
|
||||
import { execFile } from 'child_process';
|
||||
import * as os from 'os';
|
||||
@@ -10,7 +10,7 @@ import { initSwapperProtocol, registerSwapperFileProtocol, ResourceSwapper } fro
|
||||
import { UserscriptManager } from './userscripts';
|
||||
import { ALL_CLIENT_CSS } from './client-ui';
|
||||
import { electronLog, getLogPath, closeLogStreams } from './logger';
|
||||
import { checkForUpdate, downloadUpdate, installUpdate } from './updater';
|
||||
import { checkForUpdate, downloadUpdate, installUpdate, applyMinorUpdate } from './updater';
|
||||
import { showUpdateWindow } from './update-window';
|
||||
import { DiscordRPC } from './discord-rpc';
|
||||
import { listThemes, getThemeCSS, listLoadingThemes, getLoadingScreenCSS } from './css-themes';
|
||||
@@ -164,51 +164,93 @@ function saveWindowState(win: BrowserWindow): void {
|
||||
|
||||
app.whenReady().then(async () => {
|
||||
electronLog.log('[KCC] App ready');
|
||||
electronLog.log('[KCC] Minor update test — asar swap successful');
|
||||
|
||||
// ── Auto-update check (mandatory, Windows NSIS install only) ──
|
||||
// ── Auto-update check (2-stage: minor asar swap or major installer) ──
|
||||
const isPortable = !!process.env.PORTABLE_EXECUTABLE_DIR;
|
||||
const isAppImage = !!process.env.APPIMAGE;
|
||||
const isDev = !app.isPackaged;
|
||||
if (isDev || process.platform !== 'win32' || isPortable || isAppImage) {
|
||||
electronLog.log('[KCC] Skipping auto-update (portable or non-Windows)');
|
||||
const canMajorUpdate = process.platform === 'win32' && !isPortable;
|
||||
const canMinorUpdate = !isPortable && !isAppImage;
|
||||
|
||||
if (isDev || (!canMajorUpdate && !canMinorUpdate)) {
|
||||
electronLog.log('[KCC] Skipping auto-update');
|
||||
} else {
|
||||
// Clean up stale pending asar from a previous failed swap
|
||||
const resourcesDir = join(dirname(app.getPath('exe')), 'resources');
|
||||
const stalePending = join(resourcesDir, 'app-pending.asar');
|
||||
if (existsSync(stalePending)) {
|
||||
try { unlinkSync(stalePending); } catch { /* ignore */ }
|
||||
}
|
||||
|
||||
try {
|
||||
electronLog.log('[KCC] Checking for updates...');
|
||||
const update = await checkForUpdate(appVersion);
|
||||
if (update) {
|
||||
electronLog.log(`[KCC] Update available: v${update.version}`);
|
||||
electronLog.log(`[KCC] Update available: v${update.version} (${update.updateType})`);
|
||||
const { window: updateWin, sendProgress } = showUpdateWindow();
|
||||
sendProgress(`Update available (v${update.version})`, 0);
|
||||
|
||||
const tempDir = join(app.getPath('temp'), 'kcc-update');
|
||||
if (!existsSync(tempDir)) mkdirSync(tempDir, { recursive: true });
|
||||
const installerPath = join(tempDir, `KCC-${update.version}-Setup.exe`);
|
||||
let cancelled = false;
|
||||
updateWin.on('closed', () => { cancelled = true; });
|
||||
|
||||
let cancelled = false;
|
||||
updateWin.on('closed', () => { cancelled = true; });
|
||||
if (update.updateType === 'minor' && canMinorUpdate) {
|
||||
// Minor update: download app.asar, swap via external script, restart
|
||||
sendProgress(`Patch available (v${update.version})`, 0);
|
||||
const pendingPath = join(resourcesDir, 'app-pending.asar');
|
||||
|
||||
try {
|
||||
await downloadUpdate(update.downloadUrl, installerPath, (pct) => {
|
||||
if (!cancelled && !updateWin.isDestroyed()) {
|
||||
sendProgress(`Downloading update... ${pct}%`, pct);
|
||||
try {
|
||||
await downloadUpdate(update.downloadUrl, pendingPath, (pct) => {
|
||||
if (!cancelled && !updateWin.isDestroyed()) {
|
||||
sendProgress(`Downloading patch... ${pct}%`, pct);
|
||||
}
|
||||
}, update.sha256 || undefined);
|
||||
|
||||
if (!cancelled) {
|
||||
sendProgress('Applying patch...', 100);
|
||||
applyMinorUpdate(pendingPath);
|
||||
return;
|
||||
}
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC] Patch download failed:', err);
|
||||
// Clean up failed download
|
||||
if (existsSync(pendingPath)) {
|
||||
try { unlinkSync(pendingPath); } catch { /* ignore */ }
|
||||
}
|
||||
if (!updateWin.isDestroyed()) updateWin.close();
|
||||
}
|
||||
}, update.sha256);
|
||||
} else if (update.updateType === 'major' && canMajorUpdate) {
|
||||
// Major update: download Setup.exe, run installer
|
||||
sendProgress(`Update available (v${update.version})`, 0);
|
||||
const tempDir = join(app.getPath('temp'), 'kcc-update');
|
||||
if (!existsSync(tempDir)) mkdirSync(tempDir, { recursive: true });
|
||||
const installerPath = join(tempDir, `KCC-${update.version}-Setup.exe`);
|
||||
|
||||
if (!cancelled) {
|
||||
sendProgress('Installing update...', 100);
|
||||
installUpdate(installerPath);
|
||||
return; // app.quit() called by installUpdate
|
||||
try {
|
||||
await downloadUpdate(update.downloadUrl, installerPath, (pct) => {
|
||||
if (!cancelled && !updateWin.isDestroyed()) {
|
||||
sendProgress(`Downloading update... ${pct}%`, pct);
|
||||
}
|
||||
}, update.sha256 || undefined);
|
||||
|
||||
if (!cancelled) {
|
||||
sendProgress('Installing update...', 100);
|
||||
installUpdate(installerPath);
|
||||
return;
|
||||
}
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC] Update download failed:', err);
|
||||
if (!updateWin.isDestroyed()) updateWin.close();
|
||||
}
|
||||
} else {
|
||||
electronLog.log('[KCC] Update available but cannot auto-install on this platform');
|
||||
if (!updateWin.isDestroyed()) updateWin.close();
|
||||
}
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC] Update download failed:', err);
|
||||
if (!updateWin.isDestroyed()) updateWin.close();
|
||||
} else {
|
||||
electronLog.log('[KCC] No updates available');
|
||||
}
|
||||
} else {
|
||||
electronLog.log('[KCC] No updates available');
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC] Update check failed:', err);
|
||||
}
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC] Update check failed:', err);
|
||||
}
|
||||
}
|
||||
|
||||
await launchApp();
|
||||
|
||||
+487
-279
@@ -1,279 +1,487 @@
|
||||
import { get as httpsGet } from 'https';
|
||||
import { createReadStream, createWriteStream, renameSync, unlinkSync, existsSync } from 'fs';
|
||||
import { createHash } from 'crypto';
|
||||
import { spawn } from 'child_process';
|
||||
import { app } from 'electron';
|
||||
import { electronLog } from './logger';
|
||||
|
||||
export interface UpdateInfo {
|
||||
version: string;
|
||||
downloadUrl: string;
|
||||
fileSize: number;
|
||||
sha256: string;
|
||||
}
|
||||
|
||||
export type ProgressCallback = (percent: number) => void;
|
||||
|
||||
const UPDATE_CONFIG = {
|
||||
checkUrl: 'https://api.github.com/repos/bigjakk/Krunker-Civilian-Client/releases/latest',
|
||||
assetPattern: /Setup\.exe$/i,
|
||||
allowedHosts: ['github.com', 'githubusercontent.com'],
|
||||
};
|
||||
|
||||
const CHECK_TIMEOUT_MS = 10000;
|
||||
const DOWNLOAD_TIMEOUT_MS = 300000; // 5 minutes
|
||||
|
||||
/**
|
||||
* Validate that a redirect URL stays on an allowed host.
|
||||
*/
|
||||
function isAllowedRedirect(url: string): boolean {
|
||||
try {
|
||||
const parsed = new URL(url);
|
||||
return UPDATE_CONFIG.allowedHosts.some(h => parsed.hostname === h || parsed.hostname.endsWith('.' + h));
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Simple semver comparison: returns true if a < b.
|
||||
* Handles versions like "0.1.0", "1.2.3".
|
||||
*/
|
||||
function versionLessThan(a: string, b: string): boolean {
|
||||
const pa = a.split('.').map(Number);
|
||||
const pb = b.split('.').map(Number);
|
||||
const len = Math.max(pa.length, pb.length);
|
||||
for (let i = 0; i < len; i++) {
|
||||
const na = pa[i] || 0;
|
||||
const nb = pb[i] || 0;
|
||||
if (na < nb) return true;
|
||||
if (na > nb) return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
export function checkForUpdate(currentVersion: string): Promise<UpdateInfo | null> {
|
||||
return new Promise((resolve) => {
|
||||
electronLog.log('[KCC-Update] Checking for updates at:', UPDATE_CONFIG.checkUrl);
|
||||
electronLog.log('[KCC-Update] Current version:', currentVersion);
|
||||
|
||||
const req = httpsGet(UPDATE_CONFIG.checkUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient/' + currentVersion },
|
||||
}, (res) => {
|
||||
electronLog.log('[KCC-Update] Check response status:', res.statusCode);
|
||||
// Follow redirects (with domain validation)
|
||||
if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
|
||||
const redirectUrl = res.headers.location;
|
||||
electronLog.log('[KCC-Update] Redirected to:', redirectUrl);
|
||||
if (!isAllowedRedirect(redirectUrl)) {
|
||||
electronLog.error('[KCC-Update] Redirect to untrusted host blocked:', redirectUrl);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
httpsGet(redirectUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient/' + currentVersion },
|
||||
}, (redirectRes) => {
|
||||
electronLog.log('[KCC-Update] Redirect response status:', redirectRes.statusCode);
|
||||
handleResponse(redirectRes);
|
||||
}).on('error', (err) => {
|
||||
electronLog.error('[KCC-Update] Redirect error:', err);
|
||||
resolve(null);
|
||||
});
|
||||
return;
|
||||
}
|
||||
handleResponse(res);
|
||||
});
|
||||
|
||||
function handleResponse(res: import('http').IncomingMessage): void {
|
||||
if (res.statusCode !== 200) {
|
||||
electronLog.error('[KCC-Update] Check returned status', res.statusCode);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
let data = '';
|
||||
res.on('data', (chunk: string) => { data += chunk; });
|
||||
res.on('end', () => {
|
||||
try {
|
||||
const release = JSON.parse(data);
|
||||
const tagName: string = release.tag_name || '';
|
||||
const remoteVersion = tagName.replace(/^v/i, '');
|
||||
electronLog.log('[KCC-Update] Latest release:', remoteVersion, '| Current:', currentVersion);
|
||||
|
||||
if (!remoteVersion || !versionLessThan(currentVersion, remoteVersion)) {
|
||||
electronLog.log('[KCC-Update] Already up to date');
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
const assets: Array<{ name: string; browser_download_url: string; size: number; digest: string }> = release.assets || [];
|
||||
const setupAsset = assets.find((a) => UPDATE_CONFIG.assetPattern.test(a.name));
|
||||
if (!setupAsset) {
|
||||
electronLog.error('[KCC-Update] No Setup.exe asset found in release', remoteVersion);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
// Validate the download URL points to an allowed host
|
||||
if (!isAllowedRedirect(setupAsset.browser_download_url)) {
|
||||
electronLog.error('[KCC-Update] Download URL points to untrusted host:', setupAsset.browser_download_url);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
// Extract SHA-256 digest from GitHub API (format: "sha256:<hex>")
|
||||
const sha256 = (setupAsset.digest || '').replace(/^sha256:/i, '');
|
||||
if (!sha256) {
|
||||
electronLog.error('[KCC-Update] No SHA-256 digest found for asset');
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
electronLog.log('[KCC-Update] Update available:', remoteVersion, '| SHA-256:', sha256.substring(0, 16) + '...');
|
||||
resolve({
|
||||
version: remoteVersion,
|
||||
downloadUrl: setupAsset.browser_download_url,
|
||||
fileSize: setupAsset.size,
|
||||
sha256,
|
||||
});
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC-Update] Failed to parse release data:', err);
|
||||
resolve(null);
|
||||
}
|
||||
});
|
||||
res.on('error', (err) => {
|
||||
electronLog.error('[KCC-Update] Response error:', err);
|
||||
resolve(null);
|
||||
});
|
||||
}
|
||||
|
||||
req.setTimeout(CHECK_TIMEOUT_MS, () => {
|
||||
electronLog.error('[KCC-Update] Check timed out after', CHECK_TIMEOUT_MS, 'ms');
|
||||
req.destroy();
|
||||
resolve(null);
|
||||
});
|
||||
|
||||
req.on('error', (err) => {
|
||||
electronLog.error('[KCC-Update] Check error:', err);
|
||||
resolve(null);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function verifyChecksum(filePath: string, expectedSha256: string): Promise<boolean> {
|
||||
return new Promise((resolve, reject) => {
|
||||
const hash = createHash('sha256');
|
||||
const stream = createReadStream(filePath);
|
||||
stream.on('data', (chunk) => hash.update(chunk));
|
||||
stream.on('end', () => {
|
||||
const actual = hash.digest('hex');
|
||||
electronLog.log('[KCC-Update] SHA-256 expected:', expectedSha256);
|
||||
electronLog.log('[KCC-Update] SHA-256 actual: ', actual);
|
||||
resolve(actual === expectedSha256);
|
||||
});
|
||||
stream.on('error', reject);
|
||||
});
|
||||
}
|
||||
|
||||
export function downloadUpdate(url: string, destPath: string, onProgress: ProgressCallback, expectedSha256?: string): Promise<void> {
|
||||
return new Promise((resolve, reject) => {
|
||||
const tmpPath = destPath + '.tmp';
|
||||
|
||||
function doDownload(downloadUrl: string, redirectCount = 0): void {
|
||||
if (redirectCount > 5) {
|
||||
reject(new Error('Too many redirects'));
|
||||
return;
|
||||
}
|
||||
electronLog.log('[KCC-Update] Downloading from:', downloadUrl);
|
||||
const req = httpsGet(downloadUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient' },
|
||||
}, (res) => {
|
||||
// Follow redirects (with domain validation)
|
||||
if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
|
||||
const redirectUrl = res.headers.location;
|
||||
electronLog.log('[KCC-Update] Download redirected to:', redirectUrl);
|
||||
if (!isAllowedRedirect(redirectUrl)) {
|
||||
electronLog.error('[KCC-Update] Download redirect to untrusted host blocked:', redirectUrl);
|
||||
reject(new Error('Download redirect to untrusted host: ' + redirectUrl));
|
||||
return;
|
||||
}
|
||||
doDownload(redirectUrl, redirectCount + 1);
|
||||
return;
|
||||
}
|
||||
|
||||
if (res.statusCode !== 200) {
|
||||
electronLog.error('[KCC-Update] Download returned status', res.statusCode, 'from:', downloadUrl);
|
||||
reject(new Error('Download returned status ' + res.statusCode));
|
||||
return;
|
||||
}
|
||||
|
||||
const total = parseInt(res.headers['content-length'] || '0', 10);
|
||||
let received = 0;
|
||||
|
||||
const file = createWriteStream(tmpPath);
|
||||
res.on('data', (chunk: Buffer) => {
|
||||
received += chunk.length;
|
||||
if (total > 0) {
|
||||
onProgress(Math.round(100 * received / total));
|
||||
}
|
||||
});
|
||||
res.pipe(file);
|
||||
|
||||
file.on('finish', () => {
|
||||
file.close(async () => {
|
||||
try {
|
||||
if (expectedSha256) {
|
||||
const valid = await verifyChecksum(tmpPath, expectedSha256);
|
||||
if (!valid) {
|
||||
electronLog.error('[KCC-Update] Checksum mismatch — file may be corrupted or tampered');
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(new Error('SHA-256 checksum mismatch'));
|
||||
return;
|
||||
}
|
||||
electronLog.log('[KCC-Update] Checksum verified');
|
||||
}
|
||||
if (existsSync(destPath)) unlinkSync(destPath);
|
||||
renameSync(tmpPath, destPath);
|
||||
resolve();
|
||||
} catch (err) {
|
||||
reject(err);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
file.on('error', (err) => {
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(err);
|
||||
});
|
||||
|
||||
res.on('error', (err) => {
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(err);
|
||||
});
|
||||
});
|
||||
|
||||
req.setTimeout(DOWNLOAD_TIMEOUT_MS, () => {
|
||||
req.destroy();
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(new Error('Download timed out'));
|
||||
});
|
||||
|
||||
req.on('error', (err) => {
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(err);
|
||||
});
|
||||
}
|
||||
|
||||
doDownload(url);
|
||||
});
|
||||
}
|
||||
|
||||
export function installUpdate(installerPath: string): void {
|
||||
electronLog.log('[KCC-Update] Launching installer:', installerPath);
|
||||
const child = spawn(installerPath, [], {
|
||||
detached: true,
|
||||
stdio: 'ignore',
|
||||
});
|
||||
child.unref();
|
||||
app.quit();
|
||||
}
|
||||
import { get as httpsGet } from 'https';
|
||||
import { createReadStream, createWriteStream, writeFileSync, renameSync, unlinkSync, existsSync, mkdirSync } from 'fs';
|
||||
import { join, dirname } from 'path';
|
||||
import { createHash } from 'crypto';
|
||||
import { spawn } from 'child_process';
|
||||
import { app } from 'electron';
|
||||
import { electronLog } from './logger';
|
||||
|
||||
// ── Types ──
|
||||
|
||||
export type UpdateType = 'minor' | 'major';
|
||||
|
||||
export interface UpdateInfo {
|
||||
version: string;
|
||||
updateType: UpdateType;
|
||||
downloadUrl: string;
|
||||
fileSize: number;
|
||||
sha256: string;
|
||||
}
|
||||
|
||||
export type ProgressCallback = (percent: number) => void;
|
||||
|
||||
// ── Build-time update source (injected by Vite define) ──
|
||||
|
||||
declare const __UPDATE_SOURCE__: 'github' | 'gitea';
|
||||
|
||||
interface UpdateSourceConfig {
|
||||
checkUrl: string;
|
||||
allowedHosts: string[];
|
||||
checksumSource: 'digest' | 'file';
|
||||
}
|
||||
|
||||
const UPDATE_SOURCES: Record<string, UpdateSourceConfig> = {
|
||||
github: {
|
||||
checkUrl: 'https://api.github.com/repos/bigjakk/Krunker-Civilian-Client/releases/latest',
|
||||
allowedHosts: ['github.com', 'githubusercontent.com'],
|
||||
checksumSource: 'digest',
|
||||
},
|
||||
gitea: {
|
||||
checkUrl: 'https://gitea.crjlab.net/api/v1/repos/bigjakk/Krunker-Civilian-Client-Test/releases/latest',
|
||||
allowedHosts: ['gitea.crjlab.net'],
|
||||
checksumSource: 'file',
|
||||
},
|
||||
};
|
||||
|
||||
const sourceKey = typeof __UPDATE_SOURCE__ !== 'undefined' ? __UPDATE_SOURCE__ : 'github';
|
||||
const UPDATE_CONFIG = UPDATE_SOURCES[sourceKey] || UPDATE_SOURCES.github;
|
||||
|
||||
const ASSET_PATTERNS = {
|
||||
asar: /^app\.asar$/i,
|
||||
setup: /Setup\.exe$/i,
|
||||
checksums: /^checksums\.sha256$/i,
|
||||
};
|
||||
|
||||
const CHECK_TIMEOUT_MS = 10000;
|
||||
const DOWNLOAD_TIMEOUT_MS = 300000; // 5 minutes
|
||||
|
||||
// ── Swap scripts (embedded, written to temp at runtime) ──
|
||||
|
||||
const SWAP_SCRIPT_PS1 = `param(
|
||||
[int]$ProcessId,
|
||||
[string]$ResourcesDir,
|
||||
[string]$ExePath
|
||||
)
|
||||
|
||||
try {
|
||||
$proc = Get-Process -Id $ProcessId -ErrorAction SilentlyContinue
|
||||
if ($proc) { $proc.WaitForExit(30000) | Out-Null }
|
||||
} catch {}
|
||||
|
||||
Start-Sleep -Milliseconds 500
|
||||
|
||||
$asar = Join-Path $ResourcesDir "app.asar"
|
||||
$pending = Join-Path $ResourcesDir "app-pending.asar"
|
||||
$backup = Join-Path $ResourcesDir "app-backup.asar"
|
||||
|
||||
if (-not (Test-Path $pending)) { exit 1 }
|
||||
|
||||
try {
|
||||
if (Test-Path $backup) { Remove-Item $backup -Force }
|
||||
Rename-Item $asar $backup -Force
|
||||
Rename-Item $pending $asar -Force
|
||||
if (Test-Path $backup) { Remove-Item $backup -Force }
|
||||
} catch {
|
||||
if ((Test-Path $backup) -and -not (Test-Path $asar)) {
|
||||
Rename-Item $backup $asar -Force
|
||||
}
|
||||
exit 1
|
||||
}
|
||||
|
||||
Start-Process $ExePath
|
||||
`;
|
||||
|
||||
const SWAP_SCRIPT_BASH = `#!/bin/bash
|
||||
PID="$1"
|
||||
RESOURCES_DIR="$2"
|
||||
EXE_PATH="$3"
|
||||
|
||||
while kill -0 "$PID" 2>/dev/null; do sleep 0.2; done
|
||||
sleep 0.5
|
||||
|
||||
ASAR="$RESOURCES_DIR/app.asar"
|
||||
PENDING="$RESOURCES_DIR/app-pending.asar"
|
||||
BACKUP="$RESOURCES_DIR/app-backup.asar"
|
||||
|
||||
[ -f "$PENDING" ] || exit 1
|
||||
|
||||
rm -f "$BACKUP"
|
||||
mv "$ASAR" "$BACKUP" && mv "$PENDING" "$ASAR" && rm -f "$BACKUP" || {
|
||||
[ -f "$BACKUP" ] && [ ! -f "$ASAR" ] && mv "$BACKUP" "$ASAR"
|
||||
exit 1
|
||||
}
|
||||
|
||||
"$EXE_PATH" &
|
||||
`;
|
||||
|
||||
// ── Helpers ──
|
||||
|
||||
function isAllowedRedirect(url: string): boolean {
|
||||
try {
|
||||
const parsed = new URL(url);
|
||||
return UPDATE_CONFIG.allowedHosts.some(h => parsed.hostname === h || parsed.hostname.endsWith('.' + h));
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function versionLessThan(a: string, b: string): boolean {
|
||||
const pa = a.split('.').map(Number);
|
||||
const pb = b.split('.').map(Number);
|
||||
const len = Math.max(pa.length, pb.length);
|
||||
for (let i = 0; i < len; i++) {
|
||||
const na = pa[i] || 0;
|
||||
const nb = pb[i] || 0;
|
||||
if (na < nb) return true;
|
||||
if (na > nb) return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function simpleGet(url: string): Promise<string> {
|
||||
return new Promise((resolve, reject) => {
|
||||
function doGet(getUrl: string, redirectCount = 0): void {
|
||||
if (redirectCount > 5) {
|
||||
reject(new Error('Too many redirects'));
|
||||
return;
|
||||
}
|
||||
const req = httpsGet(getUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient' },
|
||||
}, (res) => {
|
||||
if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
|
||||
if (!isAllowedRedirect(res.headers.location)) {
|
||||
reject(new Error('Redirect to untrusted host: ' + res.headers.location));
|
||||
return;
|
||||
}
|
||||
doGet(res.headers.location, redirectCount + 1);
|
||||
return;
|
||||
}
|
||||
if (res.statusCode !== 200) {
|
||||
reject(new Error('HTTP ' + res.statusCode));
|
||||
return;
|
||||
}
|
||||
let data = '';
|
||||
res.on('data', (chunk: string) => { data += chunk; });
|
||||
res.on('end', () => resolve(data));
|
||||
res.on('error', reject);
|
||||
});
|
||||
req.setTimeout(CHECK_TIMEOUT_MS, () => {
|
||||
req.destroy();
|
||||
reject(new Error('Request timed out'));
|
||||
});
|
||||
req.on('error', reject);
|
||||
}
|
||||
doGet(url);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch and parse a checksums.sha256 file from a release asset URL.
|
||||
* Format: "<sha256> <filename>" per line.
|
||||
*/
|
||||
async function fetchChecksums(url: string): Promise<Map<string, string>> {
|
||||
const text = await simpleGet(url);
|
||||
const map = new Map<string, string>();
|
||||
for (const line of text.split('\n')) {
|
||||
const match = line.trim().match(/^([a-f0-9]{64})\s+(.+)$/i);
|
||||
if (match) map.set(match[2].trim(), match[1].toLowerCase());
|
||||
}
|
||||
return map;
|
||||
}
|
||||
|
||||
// ── Update check ──
|
||||
|
||||
interface ReleaseAsset {
|
||||
name: string;
|
||||
browser_download_url: string;
|
||||
size: number;
|
||||
digest?: string;
|
||||
}
|
||||
|
||||
export function checkForUpdate(currentVersion: string): Promise<UpdateInfo | null> {
|
||||
return new Promise((resolve) => {
|
||||
electronLog.log('[KCC-Update] Checking for updates at:', UPDATE_CONFIG.checkUrl);
|
||||
electronLog.log('[KCC-Update] Current version:', currentVersion);
|
||||
|
||||
const req = httpsGet(UPDATE_CONFIG.checkUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient/' + currentVersion },
|
||||
}, (res) => {
|
||||
electronLog.log('[KCC-Update] Check response status:', res.statusCode);
|
||||
if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
|
||||
const redirectUrl = res.headers.location;
|
||||
electronLog.log('[KCC-Update] Redirected to:', redirectUrl);
|
||||
if (!isAllowedRedirect(redirectUrl)) {
|
||||
electronLog.error('[KCC-Update] Redirect to untrusted host blocked:', redirectUrl);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
httpsGet(redirectUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient/' + currentVersion },
|
||||
}, (redirectRes) => {
|
||||
electronLog.log('[KCC-Update] Redirect response status:', redirectRes.statusCode);
|
||||
handleResponse(redirectRes);
|
||||
}).on('error', (err) => {
|
||||
electronLog.error('[KCC-Update] Redirect error:', err);
|
||||
resolve(null);
|
||||
});
|
||||
return;
|
||||
}
|
||||
handleResponse(res);
|
||||
});
|
||||
|
||||
async function handleResponse(res: import('http').IncomingMessage): Promise<void> {
|
||||
if (res.statusCode !== 200) {
|
||||
electronLog.error('[KCC-Update] Check returned status', res.statusCode);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
let data = '';
|
||||
res.on('data', (chunk: string) => { data += chunk; });
|
||||
res.on('end', async () => {
|
||||
try {
|
||||
const release = JSON.parse(data);
|
||||
const tagName: string = release.tag_name || '';
|
||||
const remoteVersion = tagName.replace(/^v/i, '');
|
||||
electronLog.log('[KCC-Update] Latest release:', remoteVersion, '| Current:', currentVersion);
|
||||
|
||||
if (!remoteVersion || !versionLessThan(currentVersion, remoteVersion)) {
|
||||
electronLog.log('[KCC-Update] Already up to date');
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
const assets: ReleaseAsset[] = release.assets || [];
|
||||
|
||||
// Determine update type: prefer minor (asar) over major (setup)
|
||||
const asarAsset = assets.find((a) => ASSET_PATTERNS.asar.test(a.name));
|
||||
const setupAsset = assets.find((a) => ASSET_PATTERNS.setup.test(a.name));
|
||||
const chosenAsset = asarAsset || setupAsset;
|
||||
const updateType: UpdateType = asarAsset ? 'minor' : 'major';
|
||||
|
||||
if (!chosenAsset) {
|
||||
electronLog.error('[KCC-Update] No app.asar or Setup.exe asset found in release', remoteVersion);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!isAllowedRedirect(chosenAsset.browser_download_url)) {
|
||||
electronLog.error('[KCC-Update] Download URL points to untrusted host:', chosenAsset.browser_download_url);
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
|
||||
// Resolve SHA-256 checksum
|
||||
let sha256 = '';
|
||||
if (UPDATE_CONFIG.checksumSource === 'digest') {
|
||||
sha256 = (chosenAsset.digest || '').replace(/^sha256:/i, '');
|
||||
if (!sha256) {
|
||||
electronLog.error('[KCC-Update] No SHA-256 digest found for asset');
|
||||
resolve(null);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
// Fetch checksums.sha256 companion file
|
||||
const checksumAsset = assets.find((a) => ASSET_PATTERNS.checksums.test(a.name));
|
||||
if (checksumAsset) {
|
||||
try {
|
||||
const checksums = await fetchChecksums(checksumAsset.browser_download_url);
|
||||
sha256 = checksums.get(chosenAsset.name) || '';
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC-Update] Failed to fetch checksums:', err);
|
||||
}
|
||||
}
|
||||
if (!sha256) {
|
||||
electronLog.warn('[KCC-Update] No checksum available — proceeding without verification');
|
||||
}
|
||||
}
|
||||
|
||||
electronLog.log('[KCC-Update] Update available:', remoteVersion,
|
||||
'| Type:', updateType,
|
||||
'| SHA-256:', sha256 ? sha256.substring(0, 16) + '...' : 'none');
|
||||
|
||||
resolve({
|
||||
version: remoteVersion,
|
||||
updateType,
|
||||
downloadUrl: chosenAsset.browser_download_url,
|
||||
fileSize: chosenAsset.size,
|
||||
sha256,
|
||||
});
|
||||
} catch (err) {
|
||||
electronLog.error('[KCC-Update] Failed to parse release data:', err);
|
||||
resolve(null);
|
||||
}
|
||||
});
|
||||
res.on('error', (err) => {
|
||||
electronLog.error('[KCC-Update] Response error:', err);
|
||||
resolve(null);
|
||||
});
|
||||
}
|
||||
|
||||
req.setTimeout(CHECK_TIMEOUT_MS, () => {
|
||||
electronLog.error('[KCC-Update] Check timed out after', CHECK_TIMEOUT_MS, 'ms');
|
||||
req.destroy();
|
||||
resolve(null);
|
||||
});
|
||||
|
||||
req.on('error', (err) => {
|
||||
electronLog.error('[KCC-Update] Check error:', err);
|
||||
resolve(null);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
// ── Download ──
|
||||
|
||||
function verifyChecksum(filePath: string, expectedSha256: string): Promise<boolean> {
|
||||
return new Promise((resolve, reject) => {
|
||||
const hash = createHash('sha256');
|
||||
const stream = createReadStream(filePath);
|
||||
stream.on('data', (chunk) => hash.update(chunk));
|
||||
stream.on('end', () => {
|
||||
const actual = hash.digest('hex');
|
||||
electronLog.log('[KCC-Update] SHA-256 expected:', expectedSha256);
|
||||
electronLog.log('[KCC-Update] SHA-256 actual: ', actual);
|
||||
resolve(actual === expectedSha256);
|
||||
});
|
||||
stream.on('error', reject);
|
||||
});
|
||||
}
|
||||
|
||||
export function downloadUpdate(url: string, destPath: string, onProgress: ProgressCallback, expectedSha256?: string): Promise<void> {
|
||||
return new Promise((resolve, reject) => {
|
||||
const tmpPath = destPath + '.tmp';
|
||||
|
||||
function doDownload(downloadUrl: string, redirectCount = 0): void {
|
||||
if (redirectCount > 5) {
|
||||
reject(new Error('Too many redirects'));
|
||||
return;
|
||||
}
|
||||
electronLog.log('[KCC-Update] Downloading from:', downloadUrl);
|
||||
const req = httpsGet(downloadUrl, {
|
||||
headers: { 'User-Agent': 'KrunkerCivilianClient' },
|
||||
}, (res) => {
|
||||
if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
|
||||
const redirectUrl = res.headers.location;
|
||||
electronLog.log('[KCC-Update] Download redirected to:', redirectUrl);
|
||||
if (!isAllowedRedirect(redirectUrl)) {
|
||||
electronLog.error('[KCC-Update] Download redirect to untrusted host blocked:', redirectUrl);
|
||||
reject(new Error('Download redirect to untrusted host: ' + redirectUrl));
|
||||
return;
|
||||
}
|
||||
doDownload(redirectUrl, redirectCount + 1);
|
||||
return;
|
||||
}
|
||||
|
||||
if (res.statusCode !== 200) {
|
||||
electronLog.error('[KCC-Update] Download returned status', res.statusCode, 'from:', downloadUrl);
|
||||
reject(new Error('Download returned status ' + res.statusCode));
|
||||
return;
|
||||
}
|
||||
|
||||
const total = parseInt(res.headers['content-length'] || '0', 10);
|
||||
let received = 0;
|
||||
|
||||
const file = createWriteStream(tmpPath);
|
||||
res.on('data', (chunk: Buffer) => {
|
||||
received += chunk.length;
|
||||
if (total > 0) {
|
||||
onProgress(Math.round(100 * received / total));
|
||||
}
|
||||
});
|
||||
res.pipe(file);
|
||||
|
||||
file.on('finish', () => {
|
||||
file.close(async () => {
|
||||
try {
|
||||
if (expectedSha256) {
|
||||
const valid = await verifyChecksum(tmpPath, expectedSha256);
|
||||
if (!valid) {
|
||||
electronLog.error('[KCC-Update] Checksum mismatch — file may be corrupted or tampered');
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(new Error('SHA-256 checksum mismatch'));
|
||||
return;
|
||||
}
|
||||
electronLog.log('[KCC-Update] Checksum verified');
|
||||
}
|
||||
if (existsSync(destPath)) unlinkSync(destPath);
|
||||
renameSync(tmpPath, destPath);
|
||||
resolve();
|
||||
} catch (err) {
|
||||
reject(err);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
file.on('error', (err) => {
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(err);
|
||||
});
|
||||
|
||||
res.on('error', (err) => {
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(err);
|
||||
});
|
||||
});
|
||||
|
||||
req.setTimeout(DOWNLOAD_TIMEOUT_MS, () => {
|
||||
req.destroy();
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(new Error('Download timed out'));
|
||||
});
|
||||
|
||||
req.on('error', (err) => {
|
||||
try { unlinkSync(tmpPath); } catch { /* ignore */ }
|
||||
reject(err);
|
||||
});
|
||||
}
|
||||
|
||||
doDownload(url);
|
||||
});
|
||||
}
|
||||
|
||||
// ── Install / Apply ──
|
||||
|
||||
export function installUpdate(installerPath: string): void {
|
||||
electronLog.log('[KCC-Update] Launching installer:', installerPath);
|
||||
const child = spawn(installerPath, [], {
|
||||
detached: true,
|
||||
stdio: 'ignore',
|
||||
});
|
||||
child.unref();
|
||||
app.quit();
|
||||
}
|
||||
|
||||
export function applyMinorUpdate(pendingAsarPath: string): void {
|
||||
const resourcesDir = dirname(pendingAsarPath);
|
||||
const exePath = app.getPath('exe');
|
||||
const tempDir = join(app.getPath('temp'), 'kcc-update');
|
||||
if (!existsSync(tempDir)) mkdirSync(tempDir, { recursive: true });
|
||||
|
||||
electronLog.log('[KCC-Update] Applying minor update via swap script');
|
||||
electronLog.log('[KCC-Update] Resources dir:', resourcesDir);
|
||||
electronLog.log('[KCC-Update] Exe path:', exePath);
|
||||
electronLog.log('[KCC-Update] PID:', process.pid);
|
||||
|
||||
if (process.platform === 'win32') {
|
||||
const scriptPath = join(tempDir, 'swap-asar.ps1');
|
||||
writeFileSync(scriptPath, SWAP_SCRIPT_PS1);
|
||||
const child = spawn('powershell.exe', [
|
||||
'-ExecutionPolicy', 'Bypass',
|
||||
'-File', scriptPath,
|
||||
'-ProcessId', String(process.pid),
|
||||
'-ResourcesDir', resourcesDir,
|
||||
'-ExePath', exePath,
|
||||
], { detached: true, stdio: 'ignore' });
|
||||
child.unref();
|
||||
} else {
|
||||
const scriptPath = join(tempDir, 'swap-asar.sh');
|
||||
writeFileSync(scriptPath, SWAP_SCRIPT_BASH, { mode: 0o755 });
|
||||
const child = spawn('bash', [
|
||||
scriptPath, String(process.pid), resourcesDir, exePath,
|
||||
], { detached: true, stdio: 'ignore' });
|
||||
child.unref();
|
||||
}
|
||||
|
||||
app.quit();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user