Skip to content

feat: add HTTP/HTTPS compatibility and multiple authentication methods#15

Merged
JusterZhu merged 2 commits into
mainfrom
feat/http-auth-support
Jun 13, 2026
Merged

feat: add HTTP/HTTPS compatibility and multiple authentication methods#15
JusterZhu merged 2 commits into
mainfrom
feat/http-auth-support

Conversation

@JusterZhu

@JusterZhu JusterZhu commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds HTTP/HTTPS compatibility features (SSL validation, proxy, timeouts, retry) and multiple authentication methods (Bearer, Basic, ApiKey, HMAC) to GeneralUpdate.Avalonia.Android.

Changes

New files (6)

  • IHttpAuthProvider + ISslValidationPolicy interfaces
  • AuthScheme enum (Hmac/Bearer/ApiKey/Basic)
  • 5 auth providers (NoOp, BearerToken, ApiKey, Basic, Hmac) + HttpAuthProviderFactory
  • StrictSslValidationPolicy / AllowAllSslValidationPolicy
  • HttpDownloadOptions configuration record

Modified files (4)

  • UpdatePackageInfo.cs — 5 nullable auth fields for per-package authentication (overrides global)
  • HttpResumableApkDownloader.cs — Auth injection into HEAD/GET requests, exponential backoff retry, download timeout, IDisposable
  • GeneralUpdateBootstrap.cs — Optional HttpDownloadOptions parameter
  • AndroidBootstrap.cs — Disposes downloader if IDisposable

Design

  • Fully backward-compatible (all new params optional, default behavior identical)
  • Auth priority: per-package > global > none
  • Instance-based (no static global state)
  • No dependency on GeneralUpdate.Core

Related Issue

Closes #14

Verification

  • ✅ Library builds: 0 warnings, 0 errors
  • ✅ All 4 existing unit tests pass
  • ✅ Test project builds: 0 warnings, 0 errors

@JusterZhu @claude
feat: add HTTP/HTTPS compatibility and multiple authentication support
2ed4ec1 
Add authentication providers (Bearer, Basic, ApiKey, HMAC), SSL validation
policies, retry with exponential backoff, download timeout, and proxy
support. All new APIs are backward-compatible with existing code.

New:
- IHttpAuthProvider / ISslValidationPolicy interfaces
- AuthScheme enum (Hmac/Bearer/ApiKey/Basic)
- 5 auth providers + HttpAuthProviderFactory
- StrictSslValidationPolicy / AllowAllSslValidationPolicy
- HttpDownloadOptions configuration record
- Per-package auth fields on UpdatePackageInfo
- Auth injection, retry, and timeout in HttpResumableApkDownloader

Closes #14

Co-Authored-By: Claude <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 13, 2026 11:06
@JusterZhu JusterZhu added the enhancement New feature or request label Jun 13, 2026
Copilot AI reviewed Jun 13, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends GeneralUpdate.Avalonia.Android’s HTTP download pipeline to support configurable SSL validation, proxy, timeouts/retry behavior, and multiple authentication schemes (Bearer/Basic/ApiKey/HMAC), while keeping the existing API path working when no new options are provided.

Changes:

  • Added HTTP configuration model (HttpDownloadOptions) plus SSL validation and auth provider abstractions/implementations.
  • Updated HttpResumableApkDownloader to inject auth into requests, add retry logic, and support internal HttpClient ownership/disposal.
  • Extended GeneralUpdateBootstrap.CreateDefault(...) to accept optional HTTP options, and ensured downloader disposal from AndroidBootstrap.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
tests/GeneralUpdate.Avalonia.Android.Tests/GeneralUpdate.Avalonia.Android.Tests.csproj Links the new AuthScheme enum into the test project build.
src/GeneralUpdate.Avalonia.Android/Services/SslValidationPolicies.cs Adds strict and permissive SSL certificate validation policy implementations.
src/GeneralUpdate.Avalonia.Android/Services/HttpResumableApkDownloader.cs Adds auth injection, retry, download timeout handling, and IDisposable ownership of an internally-created HttpClient.
src/GeneralUpdate.Avalonia.Android/Services/AuthProviders.cs Introduces multiple auth providers and a factory to build them from configuration.
src/GeneralUpdate.Avalonia.Android/Services/AndroidBootstrap.cs Disposes downloader if it implements IDisposable.
src/GeneralUpdate.Avalonia.Android/Models/UpdatePackageInfo.cs Adds per-package authentication configuration fields.
src/GeneralUpdate.Avalonia.Android/Models/HttpDownloadOptions.cs Adds HTTP transport configuration (SSL, proxy, retry, timeouts, auth provider).
src/GeneralUpdate.Avalonia.Android/GeneralUpdateBootstrap.cs Adds optional HttpDownloadOptions parameter and wires it into downloader creation.
src/GeneralUpdate.Avalonia.Android/Enums/AuthScheme.cs Adds supported authentication scheme enum.
src/GeneralUpdate.Avalonia.Android/Abstractions/ISslValidationPolicy.cs Adds SSL validation policy abstraction.
src/GeneralUpdate.Avalonia.Android/Abstractions/IHttpAuthProvider.cs Adds HTTP auth provider abstraction.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/GeneralUpdate.Avalonia.Android/Services/HttpResumableApkDownloader.cs
Comment thread src/GeneralUpdate.Avalonia.Android/Services/HttpResumableApkDownloader.cs
Comment on lines +50 to +53
var handler = httpOptions.BuildHandler();
_httpClient = new HttpClient(handler, disposeHandler: true);
_globalAuthProvider = httpOptions.AuthProvider;
_ownsClient = true;
Comment thread src/GeneralUpdate.Avalonia.Android/Services/HttpResumableApkDownloader.cs
Comment on lines +241 to +261
IHttpAuthProvider? provider = null;

// Per-package auth takes precedence
if (packageInfo.AuthScheme.HasValue)
{
provider = HttpAuthProviderFactory.Create(
packageInfo.AuthScheme.Value,
packageInfo.AuthToken,
packageInfo.AuthSecretKey,
packageInfo.BasicUsername,
packageInfo.BasicPassword);
}
else if (_globalAuthProvider != null)
{
provider = _globalAuthProvider;
}

if (provider != null)
{
await provider.ApplyAuthAsync(request, cancellationToken).ConfigureAwait(false);
}
Comment thread src/GeneralUpdate.Avalonia.Android/Models/HttpDownloadOptions.cs
Comment on lines +25 to +29
/// <summary>
/// Timeout for individual HTTP requests (HEAD probes, etc.).
/// Default is 30 seconds.
/// </summary>
public TimeSpan RequestTimeout { get; init; } = TimeSpan.FromSeconds(30);
Comment thread src/GeneralUpdate.Avalonia.Android/Models/UpdatePackageInfo.cs Outdated
@JusterZhu @claude
fix: address Copilot review comments
1255603 
- Set _ownsClient = false in public constructor (prevents disposing external client)
- Set HttpClient.Timeout = InfiniteTimeSpan when created internally (timeout managed via CancellationTokenSource)
- Fall back to global auth provider when per-package AuthScheme has missing credentials + log warning
- Wire RequestTimeout into HEAD probe request (separate from DownloadTimeout)
- Simplify Enums.AuthScheme? to AuthScheme? (using already imported)

Co-Authored-By: Claude <noreply@anthropic.com>
@JusterZhu JusterZhu merged commit dbc7e55 into main Jun 13, 2026
2 checks passed
@JusterZhu JusterZhu deleted the feat/http-auth-support branch June 13, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: add HTTP/HTTPS compatibility and multiple authentication methods

2 participants

@JusterZhu