Implementing an auto updater/notifier?



  • I'm pondering the possibilities for adding an update system to my plugins. Have any of you attempted this yet?

    If multiple instances of the plugin is used in a DAW I don't want every instance to be checking for updates since that's a waste of resources and could cause confusion.

    Any request to a server will send the user's IP to the server which could be misused for tracking the user's activity, how can this be avoided/minimized?



  • Save the time of the last update request and make sure to only call it once a day.

    Any request to a server will send the user's IP to the server which could be misused for tracking the user's activity, how can this be avoided/minimized?

    Allow the user to turn of auto update notifications, but a simple API call to fetch the latest version shouldn't be too intrusive...



  • @Christoph-Hart

    Save the time of the last update request and make sure to only call it once a day.

    Do you mean save the timestamp on the user's machine?

    What about when the user loads an existing DAW session that has multiple instances, will the plugins all trigger the check for updates at the same time, before the timestamp has been recorded?



  • The project takes a few seconds between instantiating multiple instances, so it should be fine. Worst case would be that you end up with two calls.



  • @Christoph-Hart Perfect, thanks. And should I use @ustk new time API additions or is there an alternative method for recording the time stamp?



  • @d-healey Have you made any progress on the auto-updater? I'm looking into this functionality as well and I'm curious if it's working for you.



  • @Lunacy-Audio I haven't started yet, been too busy with other projects.



  • Gotcha, I'll report back if I make any progress.



  • @d-healey Can confirm the updater is possible with the current Server API!

    Working Example

    With WooCommerce you can set a product attribute that contains the current version of your product. Once you retrieve this in HISE, you can compare it to the current local version. If there's a newer version, you just download the file directly from the server.

    However, the download API still needs some work. I posted about this elsewhere, but some things still need to be worked out before it can be used in production I think.



  • @Lunacy-Audio so whats the URL string you are using to get the version number product attribute from woocommerce? I cant seem to get the REST API to work...



  • @Lindon My call looks something like this:

    Server.setBaseURL("https://lunacy.audio");
    const var woocommerceCallParameters = {
    	"consumer_key": YOUR_KEY,
            "consumer_secret": YOUR_SECRET
    };
    
    // This gets all of the data for the product (ID #20)
    Server.callWithGET("wp-json/wc/v3/products/20", woocommerceCallParameters, function(status, response) {});
    

    The response will contain an object with a key called attributes, which is an array of attribute objects. In my case it looks like this:

    Screen Shot 2021-01-16 at 11.04.52 AM.png



  • @Lunacy-Audio

    Looks great. What about the security? Can R2R team or others hack the website with this? Is it secure? 🙂



  • @orange Right On Time 👏

    Not A Good Idea At All, If One Of Your Plugins Get Hijacked By Those Teams, They Will Get Life Time Access, And In Other Hand The Download Rate Can Break Your Aws Sever And Your Bank ⚡️ Think Twice Guys.



  • @orange said in Implementing an auto updater/notifier?:

    Looks great. What about the security? Can R2R team or others hack the website with this? Is it secure?

    That's a good question. Everything is sent over https, so I think the only way it could be hacked is if someone gets a hold of your API keys. I'll need to do some more research though. This is no less secure than any other plugin that uses an external API, and it seems lots of companies are beginning to do this (see PercX 😉 )

    @Natan There's always going to be a trade off between security and convenience, but you're right that there's a risk. However, the AWS Server is not a real concern. It's no different than someone going to your site to download the update, and you want your customers to always be on the most up to date version anyway.



  • Also, it's worth mentioning that if someone does get a hold of your API keys, you can immediately revoke the keys.



  • @Lunacy-Audio There is a woocommerce plugin called License Manager.

    It has an API key. So the connection between plugin and server should be done with that? Or do we need to modify woocommerce anyway?



  • There's a free and super robust Woocommerce License Manager with all 5-star reviews that I use. I'm still in alpha testing for my plugin, but the license API has been tested on probably 20 different machines with varied operating systems without any issues. You have to set up your API keys with that plugin and I'd strongly suggest you make your keys Read-Only. I don't think there's ever a reason to Write from the HISE plugin in this case.

    For the actual server file downloads, that's a separate API. You interact directly with the Woocommerce REST API, so you need a different pair of keys, which you make through the Woocommerce Settings.



  • @Lunacy-Audio said in Implementing an auto updater/notifier?:

    wp-json/wc/v3/products/20

    Thanks Casey, it turned out mine was a postman issue...so having sorted it to work there I will now try in HISE



    • hmm, I can get a lot of data back from this call.....very very useful....for expansions...


  • Definitely! And once the download function is improved, I think it would super easy to set up preset packs to be downloaded right from the plugin without the user ever needing to restart


Log in to reply
 

11
Online

955
Users

3.4k
Topics

28.9k
Posts