search

NetSparkleUpdater / NetSparkle

NetSparkle is a C# cross-platform software update framework for .NET developers compatible with .NET 4.6.2/.NET 6+, WinForms, WPF, and Avalonia; uses Ed25519 or DSA signatures! View basic usage here in the README or visit our website for code docs.
https://netsparkleupdater.github.io/NetSparkle/
MIT License
585 stars 81 forks source link

License keys and ExtraJsonData #556

Closed wendallmartin closed 5 months ago

wendallmartin commented 5 months ago

I am using NetSparkleUpdater in a project and so far what I see is impressive. One problem tho, I would like to implement unique license keys for each user, and am not sure how to do this. I downloaded the source code, and there is a property called ExtraJsonData that looks promising, but it seams its not used. Can we expose that property? or maybe there is a better way to restrict downloads on a user by user basis?

Deadpikle commented 5 months ago

Hey @wendallmartin,

Good question. That param is used by the WebRequestAppCastDataDownloader for downloading the app cast, and you can change it via mySparkleUpdaterVar.AppCastDataDownloader.ExtraJsonData, assuming you have not changed the AppCastDataDownloader to your own custom object (which may be what you want to do anyway by implementing the IAppCastDataDownloader and/or the IUpdateDownloader interfaces to run whatever you want to do).

Other than that you could always attach the license key to the app cast URL or something (a GET param?) and have your server return data accordingly. Or something; that doesn't seem like the best idea but it would technically work. Anyway, you can either use that param or otherwise implement interfaces OR override CreateHttpClient accordingly to set up things how you like.

Does that help?

wendallmartin commented 5 months ago

Oh, right. I was expecting to see ExtraJsonData set somewhere, but I see now that the AppCastDataDownloader property itself is exposed, thanks!

I initially went the parameter route, but I wanted to hide the license key from the URL itself.

Also I wanted to send the license key to WebFileDownloader to verify on that side. The last thing I want is some open endpoints where the installer can be downloaded easily if someone does discover it. Thinking about it tho, I can handle security on our update server, so that a custom end point is returned for each appcast request that invalidates after a period of time. This could be a parameter or custom endpoint.

What I ended up doing is copying the NetSparkle project into my project, and adding an authorization header to the HttpClient. That works well for my case. I will have to think about the above solution, maybe I will back up and use your nuget package then.

Thanks for your time! @Deadpikle

Deadpikle commented 5 months ago

No problem! Glad you found a solution. I will go ahead and close this since you have a solution but feel free to comment again if needed or open a new issue. And down the road if there are changes needed for your use case just say so and/or send in a PR!