feat: Add "secure" branches to XLWebServices #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- New HashedKey param allows a SHA256 key to be declared. - New Visible param allows a branch to be hidden. - Add new `trackKey` param to VersionInfo endpoint - Validate this key if passed, or if the branch doesn't have a public key.
|
To note: secure keys not intended for patch-day beta tests or similar. They're designed to allow the Dalamud team to easily push specific branches out to select groups of testers without requiring said testers build code or download artifacts from GitHub. Examples of intended uses are, e.g. our much-anticipated april fools' branches. The author of this PR is well aware that any such hashed keys can be easily bypassed through minimal effort, so no attempt is being made to actually protect resources at that level. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request aims to add two capabilities to XLWebServices:
First, it allows beta keys to be validated server-side, which will simplify update eligibility checks on the client. Clients may pass in
?trackKey=foo, which will trigger checking the key against the recorded entry in declarative. This allows client code to not need to care about key management beyond passing things to the server.Second, it introduces two new concepts: a
HashedKey(used for tests where limited access is desirable), and aVisibleflag for branches (used for hiding a non-hashed branch from the Branch Selector). A branch withVisible = falsewill still show up when requested directly.