diff --git a/.changeset/good-scissors-listen.md b/.changeset/good-scissors-listen.md new file mode 100644 index 0000000000..777901edfb --- /dev/null +++ b/.changeset/good-scissors-listen.md @@ -0,0 +1,5 @@ +--- +"electron-updater": patch +--- + +fix: fixes for server auth for MacUpdater diff --git a/packages/electron-updater/src/MacUpdater.ts b/packages/electron-updater/src/MacUpdater.ts index a0bec46953..fe7ea2848a 100644 --- a/packages/electron-updater/src/MacUpdater.ts +++ b/packages/electron-updater/src/MacUpdater.ts @@ -8,7 +8,7 @@ import { ResolvedUpdateFileInfo, UpdateDownloadedEvent } from "./main" import { findFile } from "./providers/Provider" import AutoUpdater = Electron.AutoUpdater import { execFileSync } from "child_process" -import crypto from "crypto" +import { randomBytes } from "crypto" export class MacUpdater extends AppUpdater { private readonly nativeUpdater: AutoUpdater = require("electron").autoUpdater @@ -114,35 +114,36 @@ export class MacUpdater extends AppUpdater { } return await new Promise>((resolve, reject) => { - const pass = crypto.randomBytes(64).toString("base64").replace(/\//g, "_").replace(/\+/g, "-") - const authInfo = Buffer.from(`autoupdater:${pass}`, "base64") + const pass = randomBytes(64).toString("base64").replace(/\//g, "_").replace(/\+/g, "-") + const authInfo = Buffer.from(`autoupdater:${pass}`, "ascii") // insecure random is ok const fileUrl = `/${Date.now().toString(16)}-${Math.floor(Math.random() * 9999).toString(16)}.zip` this.server!.on("request", (request: IncomingMessage, response: ServerResponse) => { - // check for basic auth header - if (!request.headers.authorization || request.headers.authorization.indexOf("Basic ") === -1) { - response.statusCode = 401 - response.statusMessage = "Invalid Authentication Credentials" - response.end() - log.warn("No authenthication info") - } - - // verify auth credentials - const base64Credentials = request.headers.authorization!.split(" ")[1] - const credentials = Buffer.from(base64Credentials, "base64").toString("ascii") - const [username, password] = credentials.split(":") - if (username !== "autoupdater" || password !== pass) { - response.statusCode = 401 - response.statusMessage = "Invalid Authentication Credentials" - response.end() - log.warn("Invalid authenthication credentials") - return - } - const requestUrl = request.url! log.info(`${requestUrl} requested`) if (requestUrl === "/") { + // check for basic auth header + if (!request.headers.authorization || request.headers.authorization.indexOf("Basic ") === -1) { + response.statusCode = 401 + response.statusMessage = "Invalid Authentication Credentials" + response.end() + log.warn("No authenthication info") + return + } + + // verify auth credentials + const base64Credentials = request.headers.authorization.split(" ")[1] + const credentials = Buffer.from(base64Credentials, "base64").toString("ascii") + const [username, password] = credentials.split(":") + if (username !== "autoupdater" || password !== pass) { + response.statusCode = 401 + response.statusMessage = "Invalid Authentication Credentials" + response.end() + log.warn("Invalid authenthication credentials") + return + } + const data = Buffer.from(`{ "url": "${getServerUrl(this.server!)}${fileUrl}" }`) response.writeHead(200, { "Content-Type": "application/json", "Content-Length": data.length }) response.end(data) @@ -193,7 +194,7 @@ export class MacUpdater extends AppUpdater { url: getServerUrl(this.server!), headers: { "Cache-Control": "no-cache", - Authorization: `Basic ${authInfo.toString("ascii")}`, + Authorization: `Basic ${authInfo.toString("base64")}`, }, })