UNPKG

native-update

Version:

Foundation package for building a comprehensive update system for Capacitor apps. Provides architecture and interfaces but requires backend implementation.

native-update.web.app

204 lines (145 loc) 6.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# Known Limitations & Implementation Notes **Last Updated**: 2025-12-26 **Project Version**: 1.1.6 **Status**: Beta - Ready for Testing --- ## Overview This document tracks known limitations and platform-specific implementation notes that need attention before production deployment. These are intentional design decisions or platform limitations that cannot be fully resolved in the web/JavaScript layer. --- ## Web Platform Limitations ### 1. Storage Size Detection **Location**: `src/core/performance.ts:166-167` **Issue**: Accurate storage detection is not available via web APIs **Current Implementation**: ```typescript // Check storage (placeholder - implement per platform) const storage = 1000; // MB - placeholder ``` **Why This Exists**: - Web platform does not provide reliable storage size APIs - Navigator.storage.estimate() has limited support and accuracy - Actual storage depends on platform implementation (iOS/Android) **Resolution**: - Web: Use hardcoded reasonable value (1000MB) - iOS: Implement via native FileManager in Swift - Android: Implement via native StatFs in Kotlin **Status**: **ACCEPTABLE** - This is a web platform limitation, native implementations should override this --- ### 2. Certificate Pinning **Location**: `src/core/security.ts:363` **Issue**: Certificate pinning cannot be implemented on web platform **Current Implementation**: ```typescript /** * Validate certificate pinning * Note: This is a placeholder for web implementation as certificate pinning * is primarily a native platform feature and cannot be fully implemented in web */ async validateCertificatePin(hostname: string, certificate: string): Promise<boolean> { // Implementation for native platforms only // Web platform always returns true (no pinning available) } ``` **Why This Exists**: - Certificate pinning requires low-level network stack access - Web browsers do not expose certificate details to JavaScript - This is a security feature that MUST be implemented on native platforms **Resolution**: - Web: Document limitation, rely on HTTPS - iOS: Implement via URLSessionDelegate in Swift - Android: Implement via OkHttp CertificatePinner in Kotlin **Status**: **ACCEPTABLE** - This is intentional, native implementations exist --- ## iOS Native Implementation Notes ### 1. File Operations - Bundle Installation **Location**: `ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift:570` **Issue**: Simple file copy used instead of proper archive extraction **Current Implementation**: ```swift // For now, we'll use a simple file copy as placeholder // This works for development but production needs proper implementation ``` **Why This Exists**: - Full archive extraction requires additional Swift dependencies - Need to evaluate: ZIPFoundation vs SSZipArchive vs native solutions - Current implementation sufficient for basic testing **Resolution Options**: 1. Use ZIPFoundation (Swift Package Manager) 2. Use SSZipArchive (CocoaPods) 3. Implement custom using libcompression **Status**: **NEEDS IMPLEMENTATION** before production use --- ### 2. Archive Extraction **Location**: `ios/Plugin/LiveUpdate/LiveUpdatePlugin.swift:573` **Issue**: Proper unzip library needed for bundle extraction **Current Implementation**: ```swift // This is a placeholder - in real implementation, use a proper unzip library // such as ZIPFoundation or SSZipArchive ``` **Why This Exists**: - Bundles are distributed as compressed archives - Need secure, verified extraction process - Must handle corrupted archives gracefully **Resolution**: - Implement proper archive extraction with ZIPFoundation - Add checksum verification before extraction - Handle extraction errors with proper rollback **Status**: **NEEDS IMPLEMENTATION** before production use --- ## Android Native Implementation Notes ### Status - Android implementation is more complete than iOS - Uses standard Java/Kotlin APIs for file operations - Archive extraction via java.util.zip **No critical placeholders identified in Android code** --- ## Summary of Action Items ### Before Production Deployment 1. **iOS File Operations** (CRITICAL) - [ ] Replace file copy placeholder with proper implementation - [ ] Implement secure archive extraction with ZIPFoundation - [ ] Add comprehensive error handling - [ ] Test with corrupted/malicious archives 2. **Certificate Pinning** (OPTIONAL - only if using HTTPS pinning) - [ ] Document that web cannot support pinning - [ ] Ensure iOS implementation is complete - [ ] Ensure Android implementation is complete - [ ] Test pinning validation on both platforms 3. **Storage Detection** (LOW PRIORITY) - [ ] iOS: Implement via FileManager - [ ] Android: Implement via StatFs - [ ] Web: Keep current hardcoded value --- ## Development vs Production ### Development/Testing (Current State) - Placeholders are acceptable - Web implementation works for testing - Basic functionality available on all platforms ### Production Requirements - iOS file operations MUST be properly implemented - Certificate pinning should be implemented if using pinning strategy - ⚠️ Storage detection recommended but not critical --- ## Testing Recommendations ### Before Marking as Production-Ready 1. **iOS Testing** - Test bundle download and extraction on real device - Test with large bundles (50MB+) - Test with corrupted/invalid archives - Verify rollback works when extraction fails 2. **Android Testing** - Verify archive extraction works correctly - Test storage detection accuracy - Test certificate pinning if enabled 3. **Web Testing** - Document limitations clearly - Ensure graceful degradation - Test error handling --- ## Notes - These limitations are **intentional and documented** - The package is designed as a **foundation/framework** - Production implementations should address these based on needs - Not all limitations need fixing for every use case **This is NOT a complete production solution** - it's a foundation that requires platform-specific implementation for production use.