Release v0.2.0 - Security and integrity features

- Add REST API response signing using HMAC-SHA256 - Add SHA256 hash validation for version file uploads - Add ResponseSigner class for automatic API response signing - Add file_hash column to database schema - Remove external URL support from version uploads - Update translations with all fuzzy strings resolved Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 16:57:54 +01:00
parent 8420734f37
commit 23bbc24c5f
14 changed files with 789 additions and 75 deletions
--- a/assets/js/versions.js
+++ b/assets/js/versions.js
@@ -78,14 +78,14 @@
                $('#selected_file_name').text(attachment.filename);
                $('#remove-version-file-btn').show();

+                // Show SHA256 hash field
+                $('#sha256-hash-row').show();
+
                // Try to extract version from filename
                var extractedVersion = self.extractVersionFromFilename(attachment.filename);
                if (extractedVersion && !$('#new_version').val().trim()) {
                    $('#new_version').val(extractedVersion);
                }
-
-                // Clear external URL when file is selected
-                $('#new_download_url').val('');
            });

            this.mediaFrame.open();
@@ -100,6 +100,10 @@
            $('#new_attachment_id').val('');
            $('#selected_file_name').text('');
            $('#remove-version-file-btn').hide();
+
+            // Hide and clear SHA256 hash field
+            $('#sha256-hash-row').hide();
+            $('#new_file_hash').val('');
        },

        /**
@@ -134,9 +138,9 @@
            var $spinner = $btn.siblings('.spinner');
            var productId = $btn.data('product-id');
            var version = $('#new_version').val().trim();
-            var downloadUrl = $('#new_download_url').val().trim();
            var releaseNotes = $('#new_release_notes').val().trim();
            var attachmentId = $('#new_attachment_id').val();
+            var fileHash = $('#new_file_hash').val().trim();

            // Validate version
            if (!version) {
@@ -160,9 +164,9 @@
                    nonce: wcLicensedProductVersions.nonce,
                    product_id: productId,
                    version: version,
-                    download_url: downloadUrl,
                    release_notes: releaseNotes,
-                    attachment_id: attachmentId
+                    attachment_id: attachmentId,
+                    file_hash: fileHash
                },
                success: function(response) {
                    if (response.success) {
@@ -174,11 +178,12 @@

                        // Clear form
                        $('#new_version').val('');
-                        $('#new_download_url').val('');
                        $('#new_release_notes').val('');
                        $('#new_attachment_id').val('');
                        $('#selected_file_name').text('');
                        $('#remove-version-file-btn').hide();
+                        $('#sha256-hash-row').hide();
+                        $('#new_file_hash').val('');
                    } else {
                        alert(response.data.message || wcLicensedProductVersions.strings.error);
                    }