fix: fixes for server auth for MacUpdater (#6587)

.changeset/good-scissors-listen.md

@@ -0,0 +1,5 @@
+---
+"electron-updater": patch
+---
+
+fix: fixes for server auth for MacUpdater

packages/electron-updater/src/MacUpdater.ts

@@ -8,7 +8,7 @@ import { ResolvedUpdateFileInfo, UpdateDownloadedEvent } from "./main"
 import { findFile } from "./providers/Provider"
 import AutoUpdater = Electron.AutoUpdater
 import { execFileSync } from "child_process"
-import crypto from "crypto"
+import { randomBytes } from "crypto"
 
 export class MacUpdater extends AppUpdater {
   private readonly nativeUpdater: AutoUpdater = require("electron").autoUpdater
@@ -114,35 +114,36 @@ export class MacUpdater extends AppUpdater {
     }
 
     return await new Promise<Array<string>>((resolve, reject) => {
-      const pass = crypto.randomBytes(64).toString("base64").replace(/\//g, "_").replace(/\+/g, "-")
-      const authInfo = Buffer.from(`autoupdater:${pass}`, "base64")
+      const pass = randomBytes(64).toString("base64").replace(/\//g, "_").replace(/\+/g, "-")
+      const authInfo = Buffer.from(`autoupdater:${pass}`, "ascii")
 
       // insecure random is ok
       const fileUrl = `/${Date.now().toString(16)}-${Math.floor(Math.random() * 9999).toString(16)}.zip`
       this.server!.on("request", (request: IncomingMessage, response: ServerResponse) => {
-        // check for basic auth header
-        if (!request.headers.authorization || request.headers.authorization.indexOf("Basic ") === -1) {
-          response.statusCode = 401
-          response.statusMessage = "Invalid Authentication Credentials"
-          response.end()
-          log.warn("No authenthication info")
-        }
-
-        // verify auth credentials
-        const base64Credentials = request.headers.authorization!.split(" ")[1]
-        const credentials = Buffer.from(base64Credentials, "base64").toString("ascii")
-        const [username, password] = credentials.split(":")
-        if (username !== "autoupdater" || password !== pass) {
-          response.statusCode = 401
-          response.statusMessage = "Invalid Authentication Credentials"
-          response.end()
-          log.warn("Invalid authenthication credentials")
-          return
-        }
-
         const requestUrl = request.url!
         log.info(`${requestUrl} requested`)
         if (requestUrl === "/") {
+          // check for basic auth header
+          if (!request.headers.authorization || request.headers.authorization.indexOf("Basic ") === -1) {
+            response.statusCode = 401
+            response.statusMessage = "Invalid Authentication Credentials"
+            response.end()
+            log.warn("No authenthication info")
+            return
+          }
+
+          // verify auth credentials
+          const base64Credentials = request.headers.authorization.split(" ")[1]
+          const credentials = Buffer.from(base64Credentials, "base64").toString("ascii")
+          const [username, password] = credentials.split(":")
+          if (username !== "autoupdater" || password !== pass) {
+            response.statusCode = 401
+            response.statusMessage = "Invalid Authentication Credentials"
+            response.end()
+            log.warn("Invalid authenthication credentials")
+            return
+          }
+
           const data = Buffer.from(`{ "url": "${getServerUrl(this.server!)}${fileUrl}" }`)
           response.writeHead(200, { "Content-Type": "application/json", "Content-Length": data.length })
           response.end(data)
@@ -193,7 +194,7 @@ export class MacUpdater extends AppUpdater {
           url: getServerUrl(this.server!),
           headers: {
             "Cache-Control": "no-cache",
-            Authorization: `Basic ${authInfo.toString("ascii")}`,
+            Authorization: `Basic ${authInfo.toString("base64")}`,
           },
         })