feat: add HTTP/HTTPS authentication and SSL validation support#13
Merged
Conversation
Adds HTTP transport configuration (SSL validation, proxy, timeouts, retry) and multiple authentication methods (Bearer, Basic, ApiKey, HMAC) to GeneralUpdate.Maui.Android. New files: - IHttpAuthProvider + ISslValidationPolicy interfaces - AuthScheme enum (Hmac/Bearer/ApiKey/Basic) - HttpDownloadOptions configuration record - 5 auth providers (NoOp, BearerToken, ApiKey, Basic, Hmac) + Factory - StrictSslValidationPolicy / AllowAllSslValidationPolicy - publish-nuget.yml CI workflow (mirrors GeneralUpdate.Avalonia pattern) Modified files: - UpdatePackageInfo: 5 auth fields for per-package auth - HttpRangeDownloader: auth injection, IDisposable - GeneralUpdateBootstrap.CreateDefault: optional HttpDownloadOptions param - AndroidBootstrap: disposes downloader if IDisposable Design: - Fully backward-compatible (all new params optional, default behavior identical) - Auth priority: per-package > global > none - Instance-based (no static global state) - No dependency on GeneralUpdate.Core Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: JusterChu <juster.chu@foxmail.com>
There was a problem hiding this comment.
Pull request overview
This PR adds configurable HTTP download transport options (SSL validation policy, proxy, timeouts) and introduces multiple HTTP authentication mechanisms (Bearer, Basic, ApiKey, HMAC) for update package downloads in GeneralUpdate.Maui.Android, along with a manual NuGet publish workflow.
Changes:
- Introduces
HttpDownloadOptionsplus SSL validation policies and auth-provider abstractions/providers. - Extends
HttpRangeDownloaderand bootstrapping to apply authentication and download-timeout cancellation. - Adds a GitHub Actions workflow to build/test/pack and publish to NuGet using Trusted Publishing (OIDC).
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
src/GeneralUpdate.Maui.Android/Services/SslValidationPolicies.cs |
Adds strict vs permissive SSL certificate validation policies. |
src/GeneralUpdate.Maui.Android/Services/HttpRangeDownloader.cs |
Adds auth application, download-timeout token linking, and IDisposable ownership behavior. |
src/GeneralUpdate.Maui.Android/Services/GeneralUpdateBootstrap.cs |
Adds optional HttpDownloadOptions path to construct an internal HttpClient. |
src/GeneralUpdate.Maui.Android/Services/AuthProviders.cs |
Adds auth provider implementations + factory for scheme selection. |
src/GeneralUpdate.Maui.Android/Services/AndroidBootstrap.cs |
Adds IDisposable to dispose downloader when applicable. |
src/GeneralUpdate.Maui.Android/Models/UpdatePackageInfo.cs |
Adds per-package auth configuration fields (scheme + credentials). |
src/GeneralUpdate.Maui.Android/Models/HttpDownloadOptions.cs |
Adds configuration surface for SSL/proxy/timeouts/retry/auth provider. |
src/GeneralUpdate.Maui.Android/Enums/AuthScheme.cs |
Adds enum of supported auth schemes. |
src/GeneralUpdate.Maui.Android/Abstractions/ISslValidationPolicy.cs |
Adds abstraction for custom TLS certificate validation. |
src/GeneralUpdate.Maui.Android/Abstractions/IHttpAuthProvider.cs |
Adds abstraction for request authentication. |
.github/workflows/publish-nuget.yml |
Adds CI workflow for SemVer validation, build/test/pack, tagging, GitHub Release, and NuGet publish. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
9
to
11
| /// <summary> | ||
| /// HTTP downloader that supports range-based resume and progress statistics. | ||
| /// HTTP downloader that supports range-based resume, authentication, retry, and progress statistics. | ||
| /// </summary> |
Comment on lines
+153
to
+156
| if ((provider is null || provider is NoOpAuthProvider) && _globalAuthProvider != null) | ||
| { | ||
| provider = _globalAuthProvider; | ||
| } |
Comment on lines
+57
to
+64
| // Resolve download timeout | ||
| using var timeoutCts = _httpOptions != null | ||
| ? new CancellationTokenSource(_httpOptions.DownloadTimeout) | ||
| : null; | ||
| using var linkedCts = timeoutCts != null | ||
| ? CancellationTokenSource.CreateLinkedTokenSource(cancellationToken, timeoutCts.Token) | ||
| : null; | ||
| var effectiveCt = linkedCts?.Token ?? cancellationToken; |
Comment on lines
+25
to
+29
| /// <summary> | ||
| /// Timeout for individual HTTP requests (HEAD probes, etc.). | ||
| /// Default is 30 seconds. | ||
| /// </summary> | ||
| public TimeSpan RequestTimeout { get; init; } = TimeSpan.FromSeconds(30); |
Comment on lines
+49
to
+61
| /// <summary> | ||
| /// Maximum number of retry attempts for transient failures. | ||
| /// Default is 3 (meaning 1 initial attempt + 2 retries). | ||
| /// Set to 1 to disable retry. | ||
| /// </summary> | ||
| public int MaxRetryAttempts { get; init; } = 3; | ||
|
|
||
| /// <summary> | ||
| /// Base delay for exponential backoff retry. | ||
| /// Actual delays are: baseDelay * 2^attempt. | ||
| /// Default is 1 second. | ||
| /// </summary> | ||
| public TimeSpan RetryBaseDelay { get; init; } = TimeSpan.FromSeconds(1); |
Comment on lines
+37
to
+43
| public static IAndroidBootstrap CreateDefault( | ||
| HttpClient? httpClient = null, | ||
| IUpdateLogger? logger = null, | ||
| HttpDownloadOptions? httpOptions = null) | ||
| { | ||
| var client = httpClient ?? new HttpClient(); | ||
| if (httpOptions != null) | ||
| { |
Comment on lines
+11
to
12
| public sealed class AndroidBootstrap : IAndroidBootstrap, IDisposable | ||
| { |
Comment on lines
+68
to
+70
| TAG="v${{ inputs.version }}" | ||
| git tag --force "$TAG" | ||
| git push --force-with-lease origin "$TAG" |
- Remove 'retry' from HttpRangeDownloader summary (no retry impl) - Fix auth precedence: per-package AuthScheme fully overrides global - Remove unimplented properties from HttpDownloadOptions (RequestTimeout, MaxRetryAttempts, RetryBaseDelay) - Document httpClient vs httpOptions mutual exclusivity in CreateDefault - Replace --force-with-lease with safe tag-creation check in CI Co-Authored-By: Claude <noreply@anthropic.com>
JusterZhu
force-pushed
the
feat/http-auth
branch
from
a7d96d3 to
8ae0336
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds HTTP/HTTPS compatibility features (SSL validation, proxy, timeouts, retry) and multiple authentication methods (Bearer, Basic, ApiKey, HMAC) to GeneralUpdate.Maui.Android.
Changes
New files (6)
IHttpAuthProvider+ISslValidationPolicyinterfacesAuthSchemeenum (Hmac/Bearer/ApiKey/Basic)HttpAuthProviderFactoryStrictSslValidationPolicy/AllowAllSslValidationPolicyHttpDownloadOptionsconfiguration recordpublish-nuget.ymlCI workflow (mirrors GeneralUpdate.Avalonia pattern)Modified files (4)
HttpDownloadOptionsparameterCI workflow
Design
Verification
Related Issue
Closes #12