shm-open / code-push-server Goto Github PK

Hi,

We started using your code-push-server and code-push-cli with capacitor plugin https://github.com/mapiacompany/capacitor-codepush and we found some problems. I believe that these problems are not present when used with the react-native release/plugins.

Most serious one is that second release will fail all the time if the output folder is not named CodePush. So "partial" release functionality is broken.

Steps to reproduce:

1. prepare code push: code-push app add test-android android cordova
2. create new folder and file with some content: echo "version 1" > ./test_folder/test_file
3. create release: code-push release test-android ./test_folder "*"
4. change file: echo "version 2" > ./test_folder/test_file
5. release it again: code-push release test-android ./test_folder "*"

there is error on the server, and server instance will stop! (we are not using pm2, just simple node process)

Error: ENOENT: no such file or directory, stat 'C:\....\code-push-demo\workDir\codepush_Ye3hArNTWWsMkBtBAsGeLMEV04BID9dM\e592ede40edcc1a367b8c19d67de83811848f9345b682c39a2efff199a2f8a37\dataCenter\CodePush\test_file'
Emitted 'error' event on ZipFile instance at:
    at C:\...\code-push-demo\node_modules\yazl\index.js:31:26

I tried to investigate and found two problems:

First, this error should not kill whole node process. This is caused by improper error handling on zip file creation: on https://github.com/shm-open/code-push-server/blob/master/src/core/services/package-manager.ts#L233 it is not sufficient to add error handler to zipFile.outputStream.on('error'...).

If we check how ZipFile is throwing exeption https://github.com/thejoshwolfe/yazl/blob/master/index.js
we can see it used like: if (err) return self.emit("error", err); and util.inherits(ZipFile, EventEmitter);. So to catch these exeptions we need to add error handler on the zipFile instance: zipFile.on('error', (error)=>{ reject(error);}).

After this, the error will not kill whole server. Also after restart of the server everything looks ok-ish, because even if partial release failed to be created, the full release is used as fallback. So if someone is using for example pm2 this error could be unnoticed.

Second problem is error itself. The problem is that on https://github.com/shm-open/code-push-server/blob/master/src/core/utils/security.ts#L186-L189, when you are creating manifest file, the root folder is renamed to CodePush. So in my example of test_folder/test_file, the created manifest would contain something like this:

{
  'CodePush/test_file': 'b03d44cd60d71de68a4aca7808c6f768802f6d6c414430ff8ccea10c1aa57b4c'  
}

Then on the https://github.com/shm-open/code-push-server/blob/master/src/core/services/package-manager.ts#L287 in the generateOneDiffPackage function there is comparison of old and new manifest files. The result in my example run is ['CodePush/test_file']. Then this path is used to create zip file containing only changed files. On line https://github.com/shm-open/code-push-server/blob/master/src/core/services/package-manager.ts#L241 there is zipFile.addFile(path.join(baseDirectoryPath, file), slash(file)); but this file does not exist. In my example path is C:\....\code-push-demo\workDir\codepush_Ye3hArNTWWsMkBtBAsGeLMEV04BID9dM\e592ede40edcc1a367b8c19d67de83811848f9345b682c39a2efff199a2f8a37\dataCenter\CodePush\test_file. But without renaming it would be: C:\....\code-push-demo\workDir\codepush_Ye3hArNTWWsMkBtBAsGeLMEV04BID9dM\e592ede40edcc1a367b8c19d67de83811848f9345b682c39a2efff199a2f8a37\dataCenter\test_folder\test_file which exists.

I think if works for you only because during code-push release-react you are writing files to the folder named CodePush. From cli console: node node_modules\react-native\local-cli\cli.js bundle --assets-dest C:\***\Temp\CodePush\CodePush --bundle-output C:\***\Temp\CodePush\CodePush\index.android.bundle .....

But also react native apps do not need the renaming, in that case the renaming is: CodePush->CodePush (if code-push release-react is used or bundle/asset outpus is in CodePush folder). I think the correct fix should be to remove lines https://github.com/shm-open/code-push-server/blob/master/src/core/utils/security.ts#L186-L189.

In real word scenario the cordova builds have builded files in www folder and ionic capacitor .../public folder. In both cases the rename of the folder to CodePush in the manifest paths will result in error on second release.

I found this issue mentioned few times:
#75 (comment) They "fixed" issue by replacing rename.
the same thing here: lisong#319

The rename code originate from this PR: https://github-com.translate.goog/lisong/code-push-server/pull/236?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Where they created react native build, but not in CodePush folder. I think the proper solution was either to change output folder, or fix hardcoded CodePush folder in the ios plugin. But still I do not understand how it was possible that they did not get the same error that we have now.

Just to double check if the partial update feature was not destroyed after I removed rename code. I tried it and it works without problems on our capacitor app: (note only one src_app_pages_profile_profile_module_ts file was changed)

VM3:192 result Filesystem.readdir (#100067870)
VM3:203 Objectfiles: (2) ['src_app_pages_profile_profile_module_ts.js', 'src_app_pages_profile_profile_module_ts.js.map'][[Prototype]]: Object
VM3:218 native Filesystem.stat (#100067871)
VM3:225 ObjectcallbackId: "100067871"methodName: "stat"options: {directory: 'DATA', path: 'codepush/download/unzipped/public/src_app_pages_profile_profile_module_ts.js'}pluginId: "Filesystem"[[Prototype]]: Object
VM3:192 result Filesystem.stat (#100067871)
....
VM3:192 result Filesystem.readFile (#100067875)
src_app_pages_profile_profile_module_ts.js:1088 [CodePush] Applying diff update

Thanks!
(I can create pull request if you accept, but I don't know how to test react-native/ios part)

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Hi. The code push is now running on my personal server which does not have so much space. How do I view / delete the update packages from the server? I do not want to keep more than 3 update packages in history and delete the older ones to save space.

Hello, there was a fork from your repo a few months ago:
IllusionVK/ReplaceAppCenter#3

And using this forks - i've got errors on app updates.
IllusionVK/ReplaceAppCenter#3 (comment)

Now I see you make some changes since then.
Can it fix mentioned problems or maybe do you faced them before and know how to resolve?

• refactor to ts
• add detailed logging for production
• test coverage
• simplify Promise based code (async - await)
• use cookie based auth, so we can render more info (apps, deployments and etc) with views

点击更新后，app直接空白了，应该是加载新js包 出错了，有遇到过的么

https://github.com/shm-open/code-push-server/blob/master/docs/install-server-by-docker.cn.md

我看这个文档里面写的修改配置的地方就列出了两个，一个是download_url，一个是jwt.tokenSecret
那请问mysql和redis这两个地方的配置不需要修改吗？

你提到不支持is_use_diff_text，意思是没有增量更新哦，那针对弱网热更新问题，比如jsbundle在项目后期20M，这个多次热更新，那在弱网环境下面更新一次就全量下载，请问有好的解决方案吗，

When I use Redis with Cluster Mode, I can not log in.
The server can not parser the MOVED, and returns 500 Internal Server Error.

Error log:

17:50:14 0|--  | level=info, time=2024-01-04 17:50:14.566, msg=try login, path=/auth/login, method=POST, requestId=3f6fc8c56bbc84d009b3dbcf668a25b1, account=admin
17:50:14 0|--  | level=error, time=2024-01-04 17:50:14.608, msg=MOVED 5285 [x.y.z.42:6379](http://x.y.z.42:6379/), path=/auth/login, method=POST, requestId=3f6fc8c56bbc84d009b3dbcf668a25b1, name=ReplyError, stack=ReplyError: MOVED5285 [x.y.z.42:6379](http://x.y.z.42:6379/)
17:50:14 0|--  |     at parseError (/data/node_modules/redis-parser/lib/parser.js:179:12)
17:50:14 0|--  |     at parseType (/data/node_modules/redis-parser/lib/parser.js:302:14)

Package version:
"redis": "4.2.0"

If release an update with Code Signing the package_hash stored in database have to be equal the hash inside JWT token (.codepushrelease). What is calculated by the server mismatch the hash inside JWT of the bundle.

Steps to reproduce:

• Generate public and private key
• Add the public key to config.xml <preference name="CodePushPublicKey" value="MIIBIjANB..."> (without ----BEGIN--- and without breaklines)
• Release update with --privateKeyPath pointing to private key file.
• Try update from the App.
• You'll receive: The update contents failed the data integrity check.. StackTrace: packageHashSuccess

To fix:

• Copy the bundle file from the server to your machine, add .zip to filename and extract.
• Open the www/.codepushrelease and copy the content (this is a JWT).
• Paste on https://jwt.io and copy the contentHash
• Replace the column packages.update_hash with contentHash value.
• Make sure refresh packages cache from server.
• Try update again, and works.

1. When I run code-push register http://localhost:3000 my browser opens the login page, but I think it's supposed to open the register page.
2. Both auth/login and auth/register have no action defined on their forms, and thus the JavaScript code doesn't POST the data anywhere.
3. I added /users/registerCode as the action to the register form, but it does not return the token that is expected.

I am happy to help complete the implementation of this, but I don't want to duplicate efforts if you've already done it, and I want to make sure I'm doing the right thing. Thanks.

在RN最新版本0.73中，没有了MainApplication.java文件，在MainApplication.kt如何配置CodePush?

override fun getPackages(): List<ReactPackage> = PackageList(this).packages.apply { add(CodePush( getResources().getString(R.string.CodePushDeploymentKey), getApplicationContext(), BuildConfig.DEBUG, getResources().getString(R.string.CodePushServerURL) )) }
这样配置会报错

It does not look like the VERSION is being populated correctly when doing the docker build. I believe is is working because npm install package@just installs the latest version available.

With the currently release, it's not possible to patch the binary version.

I believe this line:

Should be (removing !):

if (v1 && _.eq(v1.id, v2.id)) { 

关于code-push-server 使用问题，可以使用appcenter-cli客户端吗？我看目前是code-push-cli才行。我要怎么替换成appcenter-cli

接口报错304.

The mandatory parameter is officially considered as: The mandatory attribute is unique because the server will dynamically modify it as necessary in order to ensure that the semantics of your releases are maintained for your end-users.

In code, the server now just returns the mandatory parameter as-is instead of deciding it dynamically.

Is this intentional, or do we have plans to implement that? Thank you in advance.

Hello,

We currently use AppCenter codepush.
We want to change to have our own codepush server.

Even configuring this library, what is the correct process for changing server settings on the client side?
I'm using React Native.

Thanks.

Env:

• server: shmopen/code-push-server:1.1.1
• cli: 2.5.3
• native plugin: capacitor-codepush

My issue steps:

1. build project to $FOLDER
2. release $FOLDER to $ANDROID_APP with $ANDROID_PRIVATE_KEY
3. release $FOLDER to $IOS_APP with $IOS_PRIVATE_KEY
4. open Android App, hot update success
5. open iOS App, wrong signature

Have been checked:

• Not cli problem. I checked table's 'packages/blob_url' two record's local file, thire '.codepushrelease' all have right content hash (they are diff with their signature)
• So not native plugin problem
• I found server update-info returnd download file all are 'packages_diff/diff_blob' record, and I checked diff_blob's local file, thire '.codepushrelease' content are same, so one of app must be got 'wrong signature'
• So maybe the problem be 'code-push-server/diff-feature' related?

我在项目里面使用的是[email protected]，然后本地调试的时候配置的地址是http://127.0.0.1:3000

准备工作我已经都做好了，app也能正常跑起来。热更新的patch包也已经成功创建，我在数据库里面也能看到。但是在打开app的时候没有任何效果。也不知道到底请求了没有，也没有报错。

像这种情况我应该怎么排查可能是哪里的问题呢？包版本太高了？还是什么别的问题？

请大佬指教一下。万分感谢！

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Datasource	Name	Replacement PR?
npm	standard-version

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): replace dependency standard-version with commit-and-tag-version 9.5.0
• chore(deps): update dependency @types/bcryptjs to v2.4.6
• chore(deps): update dependency @types/cookie-parser to v1.4.7
• chore(deps): update dependency @types/yazl to v2.4.5
• fix(deps): update dependency pug to v3.0.3
• fix(deps): update dependency recursive-readdir to v2.2.3 (recursive-readdir, @types/recursive-readdir)
• chore(deps): update dependency @types/lodash to v4.17.7
• chore(deps): update dependency concurrently to v7.6.0
• chore(deps): update dependency mocha to v10.6.0
• chore(deps): update dependency supertest to v6.3.4
• fix(deps): update dependency cos-nodejs-sdk-v5 to v2.14.3
• fix(deps): update dependency formidable to v2.1.2 (formidable, @types/formidable)
• fix(deps): update dependency node-fetch to v2.7.0 (node-fetch, @types/node-fetch)
• fix(deps): update dependency qiniu to v7.12.0
• fix(deps): update dependency validator to v13.12.0 (validator, @types/validator)
• fix(deps): update dependency yargs to v17.7.2
• chore(deps): update actions/checkout action to v4
• chore(deps): update actions/setup-node action to v4
• chore(deps): update dependency concurrently to v8
• chore(deps): update dependency nyc to v17
• chore(deps): update dependency supertest to v7
• chore(deps): update dependency typescript to v5
• fix(deps): update dependency formidable to v3 (formidable, @types/formidable)
• fix(deps): update dependency fs-extra to v11 (fs-extra, @types/fs-extra)
• fix(deps): update dependency helmet to v7
• fix(deps): update dependency jsonwebtoken to v9 (jsonwebtoken, @types/jsonwebtoken)
• fix(deps): update dependency mysql2 to v3
• fix(deps): update dependency slash to v5
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update dependency aliyun-sdk to v1.12.10
• fix(deps): update dependency body-parser to v1.20.2 (body-parser, @types/body-parser)
• fix(deps): update dependency helmet to v5.1.1
• fix(deps): update dependency i18n to v0.15.1 (i18n, @types/i18n)
• fix(deps): update dependency aws-sdk to v2.1659.0
• fix(deps): update dependency express to v4.19.2
• fix(deps): update dependency moment to v2.30.1
• fix(deps): update dependency nodemailer to v6.9.14 (nodemailer, @types/nodemailer)
• fix(deps): update dependency redis to v4.6.15
• fix(deps): update dependency sequelize to v6.37.3
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• fix(deps): update dependency node-fetch to v3

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

HI, I installed the latest version as docker but when I tried to access via the web nothing happened. In the logs I see
code-push-server-server-1 | Error: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?
I'm trying with user: admin and password: 123456