Merge pull request #11 from doyoonkim12345/feature/code-signing

Feature/code signing

Author: doyoonkim12345

apps/client/app.config.ts

@@ -11,7 +11,7 @@ export default ({ config }: ConfigContext): ExpoConfig => ({
 		policy: "appVersion",
 	},
 	orientation: "portrait",
-	icon: "./assets/icon.png",
+	icon: "./assets/cloud-push-logo.png",
 	userInterfaceStyle: "light",
 	newArchEnabled: true,
 	splash: {
@@ -21,12 +21,18 @@ export default ({ config }: ConfigContext): ExpoConfig => ({
 	},
 	ios: {
 		supportsTablet: true,
+		bundleIdentifier: "com.durun-onout.client",
 	},
 	updates: {
 		url: sharedConfig.updateBundleUrl,
 		requestHeaders: {
 			"expo-channel-name": sharedConfig.channel,
 		},
+		codeSigningMetadata: {
+			alg: "rsa-v1_5-sha256",
+			keyid: "main",
+		},
+		codeSigningCertificate: sharedConfig.certificatePath,
 	},
 	android: {
 		adaptiveIcon: {

apps/client/cloud-push.config.ts

@@ -1,28 +1,26 @@
-import { SupabaseStorageClient, SupabaseDbClient } from "@cloud-push/cloud";
 import { defineConfig } from "@cloud-push/cli";
-import sharedConfig from "./sharedConfig";
+import { SupabaseStorageClient, SupabaseDbClient } from "@cloud-push/cloud";
 
 export default defineConfig(() => ({
 	loadClients: () => {
-		const storageClient = new SupabaseStorageClient({
-			bucketName: process.env.SUPABASE_BUCKET_NAME,
-			supabaseUrl: process.env.SUPABASE_URL,
-			supabaseKey: process.env.SUPABASE_KEY,
-		});
-
-		const dbClient = new SupabaseDbClient({
-			tableName: process.env.SUPABASE_TABLE_NAME!,
-			supabaseUrl: process.env.SUPABASE_URL!,
-			supabaseKey: process.env.SUPABASE_KEY!,
-		});
+		
+const storageClient = new SupabaseStorageClient({
+    bucketName: process.env.SUPABASE_BUCKET_NAME,
+    supabaseUrl: process.env.SUPABASE_URL,
+    supabaseKey: process.env.SUPABASE_KEY,
+});
+            
+		
+const dbClient = new SupabaseDbClient({
+    tableName: process.env.SUPABASE_TABLE_NAME!,
+    supabaseUrl: process.env.SUPABASE_URL!,
+    supabaseKey: process.env.SUPABASE_KEY!,
+});
+            
 
 		return {
 			storage: storageClient,
 			db: dbClient,
 		};
 	},
-	envSource: "file",
-	runtimeVersion: sharedConfig.runtimeVersion,
-	channel: sharedConfig.channel,
-	environment: "development",
 }));

apps/client/metro.config.js

@@ -1,7 +1,7 @@
 import React from "react";
 import * as Updates from "expo-updates";
 import { getUpdateStatus } from "@cloud-push/expo";
-import { Alert, View, Button, Text } from "react-native";
+import { Alert, View, Button, Text, Image } from "react-native";
 
 export default function HomeScreen() {
 	const handlePress = async () => {
@@ -24,9 +24,10 @@ export default function HomeScreen() {
 	return (
 		<View style={{ flex: 1, justifyContent: "center", alignItems: "center" }}>
 			<Text>{Updates.updateId}</Text>
-			<Text style={{ fontSize: 40, fontWeight: "bold", color: "#ff0000" }}>
-				Cloud Push
-			</Text>
+			<Image
+				style={{ width: 100, height: 100 }}
+				source={require("../assets/cloud-push-logo.png")}
+			/>
 			<Button title="test force update" onPress={handlePress} />
 			<Button title="fetch & reload" onPress={handleFetchAndReloadClick} />
 		</View>

apps/client/screens/HomeScreen.tsx

@@ -1,6 +1,7 @@
 module.exports = {
 	runtimeVersion: "1.0.0",
 	channel: "development",
-	updateBundleUrl: "http://192.168.0.10:3000/api/updates/manifest",
-	currentBundleUrl: "http://192.168.0.10:3000/api/updates/status",
+	updateBundleUrl: "http://192.168.0.190:3000/api/updates/manifest",
+	currentBundleUrl: "http://192.168.0.190:3000/api/updates/status",
+	certificatePath: "./certs/certificate.pem",
 };

apps/client/sharedConfig.js

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0i7/YxTrEpch4KH28ouXt/870OUK9rKi2/aaSujSkwd66Oyo
+EU6ljLhi5gHKp8sxqAnFNTX7r5Rr0WcPWBwwImNXev2UpSrPSECwoUH9Km8L1v9D
+oIYUfC3ue5Yk123UTAM9SzBpKk+KJECv07i7idf9ViaaJ4n3w1QzjSTI8NDU0tjL
+RZ9VH2CfuTfUk9evLtR4R+4PxbKu0rnSSMaKmLnHlZ/2n4JKlmNpPM9l56Msjc0Y
+Vjk5iQ50zrtrZeN4y/Hp2qKPCfQ7yhMYGMQwii5T7I8Kf4Zp6nOie1Bcb48FRVE8
+zGOH8gh+eKSfMl2+Of8buB/OVxy/8sHwUqGmUwIDAQABAoIBAA0QAK0+upFQNTnJ
+txhB1q8HvMbxxSmp1ndHLzWinJuoplndg2B3+8/wEa1rxRWCilaALPJupXK3DbBY
+8FowfklU1TX+loNhUrqR0qhi+oHtntXAzYonaxSAokaqASYmXEBRHzkSDCcmBFbW
+clb9LyKU+tik04XLjEtma0HFXHui0gDnVsBzvNbnIKweBbv0pfLUhqChDu176oT6
+UfanMMlX8X2XvIfqdt/fbUaE2pIELK3fQksybT99XFNNoAVnoI1w+KHaepwDvfGo
+Zsh9QeAkI9osUtEEIoaqZVn/YKYN5obznxlu46nTfNCigyQVBW4PR/2Po+MEOyUi
+7WVG46ECgYEA+FebTMQbxeRD4Zn76Ow/tQh9BoI3sTED+Gm1gBtXOG1IXHAozs8u
+HlQqpt1oM3wIkZsJuYVvne13SpOwNF+zpvnGxIjG5+Gki41njkg/TpGsIcTCkT9y
+H24t833j7e95LNwK96gThHSn6WTIYEhtqvfvT3dtgwt63dlNfhYpOlECgYEA2Kor
+eh6NeNCkN6oIU92/tMr8h8LXRPcuzn1UFccJqP+24ac+E8kZ28kl5OHgr6GsaWrQ
+76m16Cr7jX8d3KPH/T9/7gUroroLjvZxDrFHU6WKrnV5UeIN6KLOUyMW6TmXuc+n
+D3ZGA5IL4Q8gNDEDpzVySQaUqYiXoMWq1+tfSWMCgYBxLxRjp1l1FrTtZE3QeaQL
+cSPyTHTveAR0OlFzYoKdAAmjv6aJoxlEz11lEbHFDTmmiv+iozMcyja9MZR0Ok3Z
+wysZNbFZy5g/1iGlUj4wI+pMta1rn3v24TNmLzErpyIWFO+Wse67RqOklr9QSpJZ
+Aoj6Mdcii5/i7oAIADeoEQKBgHAhGWEZAMRezi4UrDyjDXzGdIzaNEh32Fx7FhIz
+MPeqZ34+7GyW7fAGGLtsfrjGZhEke78cyIy/+fHPsKeoh26z90Q6nsuXlzXEqtwc
+uTo7+RqypzfOUr5ry3XROiE3ciNyqRXicveUFNvD1TnNiAN4MI5EfpmCnF5TDkiy
+glzbAoGBAMflKsc0ddclJiRQBXy9qsq31zQx/GRcgOx5X6pMZWSPqMnyB4SjKCOn
+LkGQRl7pyRSImTpHWm8L4F4IMIouVriX5WrcR5q6N3JVFsqxCSJ0erx/rjlFFt6A
+VtaRmKwKDjuomf7Z4Lex9gi5I41p4ivuFUVQ8LaMaxTsVvADGeS5
+-----END RSA PRIVATE KEY-----

apps/keys/private-key.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i7/YxTrEpch4KH28ouX
+t/870OUK9rKi2/aaSujSkwd66OyoEU6ljLhi5gHKp8sxqAnFNTX7r5Rr0WcPWBww
+ImNXev2UpSrPSECwoUH9Km8L1v9DoIYUfC3ue5Yk123UTAM9SzBpKk+KJECv07i7
+idf9ViaaJ4n3w1QzjSTI8NDU0tjLRZ9VH2CfuTfUk9evLtR4R+4PxbKu0rnSSMaK
+mLnHlZ/2n4JKlmNpPM9l56Msjc0YVjk5iQ50zrtrZeN4y/Hp2qKPCfQ7yhMYGMQw
+ii5T7I8Kf4Zp6nOie1Bcb48FRVE8zGOH8gh+eKSfMl2+Of8buB/OVxy/8sHwUqGm
+UwIDAQAB
+-----END PUBLIC KEY-----

apps/keys/public-key.pem

@@ -1,7 +1,10 @@
 import type { NextRequest } from "next/server";
 import type { Bundle } from "@cloud-push/cloud";
-import { dbNodeClient, storageNodeClient } from "@/cloud-push.server";
-import { createManifest } from "@cloud-push/next/node";
+import cloudPushConfig, {
+	dbNodeClient,
+	storageNodeClient,
+} from "@/cloud-push.server";
+import { createManifest, createSignature } from "@cloud-push/next/node";
 import {
 	type Directive,
 	ErrorResponse,
@@ -21,6 +24,7 @@ export async function GET(request: NextRequest) {
 			platform,
 			protocolVersion,
 			runtimeVersion,
+			expectSignature,
 		} = parseHeaders({
 			headers: request.headers,
 			url: new URL(request.url),
@@ -76,14 +80,41 @@ export async function GET(request: NextRequest) {
 			}
 		}
 
-		if (!nextBundle) {
+		if (!currentBundle && !nextBundle) {
 			const directive: Directive = {
 				type: "rollBackToEmbedded",
+				parameters: {
+					commitTime: new Date().toISOString(),
+				},
 			};
-			return UpdateResponse({ bundleId: embeddedUpdateId, directive });
+			console.log("rollBackToEmbedded");
+
+			const sig =
+				cloudPushConfig.codeSigningPrivateKey && expectSignature
+					? createSignature(
+							expectSignature.alg,
+							JSON.stringify(directive),
+							cloudPushConfig.codeSigningPrivateKey,
+						)
+					: undefined;
+
+			return UpdateResponse({
+				bundleId: embeddedUpdateId,
+				directive,
+				signature:
+					sig && expectSignature?.keyid
+						? { sig, keyid: expectSignature.keyid }
+						: undefined,
+			});
+		}
+
+		if (!nextBundle) {
+			console.log("NoUpdateResponse");
+			return NoUpdateResponse();
 		}
 
 		if (nextBundle.bundleId === currentBundle?.bundleId) {
+			console.log("NoUpdateResponse");
 			return NoUpdateResponse();
 		}
 
@@ -94,9 +125,27 @@ export async function GET(request: NextRequest) {
 			storageClient: storageNodeClient,
 			channel,
 		});
+		console.log("UpdateResponse");
+
+		const sig =
+			cloudPushConfig.codeSigningPrivateKey && expectSignature
+				? createSignature(
+						expectSignature.alg,
+						JSON.stringify(manifest),
+						cloudPushConfig.codeSigningPrivateKey,
+					)
+				: undefined;
 
-		return UpdateResponse({ manifest, bundleId: nextBundle.bundleId });
+		return UpdateResponse({
+			manifest,
+			bundleId: nextBundle.bundleId,
+			signature:
+				sig && expectSignature?.keyid
+					? { sig, keyid: expectSignature.keyid }
+					: undefined,
+		});
 	} catch (error) {
+		console.error(error);
 		return ErrorResponse(error as Error);
 	}
 }

apps/server/app/api/updates/manifest/route.ts

@@ -1,3 +1,4 @@
+import type { CloudPushConfig } from "@cloud-push/next";
 
 import { SupabaseStorageClient, SupabaseDbClient } from "@cloud-push/cloud";
 
@@ -14,3 +15,10 @@ export const dbNodeClient = new SupabaseDbClient({
   supabaseUrl: process.env.SUPABASE_URL!,
   supabaseKey: process.env.SUPABASE_KEY!,
 });
+
+
+const cloudPushConfig: CloudPushConfig = {
+	codeSigningPrivateKey: process.env.CLOUD_PUSH_PRIVATE_KEY,
+};
+
+export default cloudPushConfig;

apps/server/cloud-push.server.ts

@@ -21,19 +21,19 @@ export function BundleCard({
 	const isIosLatestBundle = iosLatestBundle?.bundleId === bundle.bundleId;
 
 	return (
-		<div className="bg-white rounded-xl shadow-md p-6 border border-gray-200 hover:shadow-lg transition">
-			<div className="flex justify-between items-start mb-4">
-				<div>
-					<h3 className="font-semibold text-gray-800 flex items-center gap-4">
+		<div className="bg-white rounded-xl shadow-md p-4 sm:p-6 border border-gray-200 hover:shadow-lg transition w-full max-w-full">
+			<div className="flex flex-col sm:flex-row sm:justify-between sm:items-start gap-4 mb-4">
+				<div className="flex-1">
+					<h3 className="font-semibold text-gray-800 flex flex-wrap items-center gap-2 text-base sm:text-lg">
 						<span className="text-blue-600">#{index + 1}</span> Bundle ID
-						<div className="flex gap-2">
+						<div className="flex flex-wrap gap-1">
 							{isAndroidLatestBundle && (
-								<span className="px-2 py-1 text-xs font-medium text-white bg-green-500 rounded">
+								<span className="px-2 py-0.5 text-xs font-medium text-white bg-green-500 rounded">
 									Android Latest
 								</span>
 							)}
 							{isIosLatestBundle && (
-								<span className="px-2 py-1 text-xs font-medium text-white bg-green-500 rounded">
+								<span className="px-2 py-0.5 text-xs font-medium text-white bg-green-500 rounded">
 									iOS Latest
 								</span>
 							)}
@@ -44,15 +44,15 @@ export function BundleCard({
 					</p>
 				</div>
 
-				<div className="space-y-2">
+				<div className="flex flex-wrap gap-2">
 					{(
 						["FORCE_UPDATE", "NORMAL_UPDATE", "ROLLBACK"] as UpdatePolicy[]
 					).map((policy) => (
 						<button
 							type="button"
 							key={policy}
 							onClick={() => onUpdatePolicyChange(bundle, policy)}
-							className={`px-4 py-1 rounded-md text-xs font-medium transition ${
+							className={`px-3 py-1 rounded-md text-xs font-medium transition ${
 								bundle.updatePolicy === policy
 									? "bg-blue-600 text-white"
 									: "bg-gray-200 text-gray-700 hover:bg-gray-300"
@@ -90,14 +90,13 @@ export function BundleCard({
 					rel="noreferrer"
 				>
 					<strong>Commit:</strong>{" "}
-					<span className="underline">{bundle.gitHash}</span>
+					<span className="underline break-all">{bundle.gitHash}</span>
 				</a>
-				{/* ✅ 수정된 부분: <p> 태그 밖에 <ul> 위치 */}
 				<div>
 					<p className="mb-1">
 						<strong>Policy Target:</strong>
 					</p>
-					<ul className="ml-4 list-disc text-xs">
+					<ul className="ml-4 list-disc text-xs sm:text-sm">
 						{bundle.updatePolicy === "ROLLBACK" ? (
 							<>
 								{bundle.supportAndroid && (