Release v0.2.0 - Security and integrity features

- Add REST API response signing using HMAC-SHA256 - Add SHA256 hash validation for version file uploads - Add ResponseSigner class for automatic API response signing - Add file_hash column to database schema - Remove external URL support from version uploads - Update translations with all fuzzy strings resolved Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 16:57:54 +01:00
parent 8420734f37
commit 23bbc24c5f
14 changed files with 789 additions and 75 deletions
--- a/src/Product/ProductVersion.php
+++ b/src/Product/ProductVersion.php
@@ -23,6 +23,7 @@ class ProductVersion
    private ?string $releaseNotes;
    private ?string $downloadUrl;
    private ?int $attachmentId;
+    private ?string $fileHash;
    private bool $isActive;
    private \DateTimeInterface $releasedAt;
    private \DateTimeInterface $createdAt;
@@ -42,6 +43,7 @@ class ProductVersion
        $version->releaseNotes = $data['release_notes'] ?: null;
        $version->downloadUrl = $data['download_url'] ?: null;
        $version->attachmentId = !empty($data['attachment_id']) ? (int) $data['attachment_id'] : null;
+        $version->fileHash = $data['file_hash'] ?? null;
        $version->isActive = (bool) $data['is_active'];
        $version->releasedAt = new \DateTimeImmutable($data['released_at']);
        $version->createdAt = new \DateTimeImmutable($data['created_at']);
@@ -137,15 +139,20 @@ class ProductVersion
        return $this->attachmentId;
    }

+    public function getFileHash(): ?string
+    {
+        return $this->fileHash;
+    }
+
    /**
-     * Get the effective download URL (from attachment or direct URL)
+     * Get the download URL from attachment
     */
    public function getEffectiveDownloadUrl(): ?string
    {
        if ($this->attachmentId) {
            return wp_get_attachment_url($this->attachmentId) ?: null;
        }
-        return $this->downloadUrl;
+        return null;
    }

    /**
@@ -156,9 +163,6 @@ class ProductVersion
        if ($this->attachmentId) {
            return wp_basename(get_attached_file($this->attachmentId) ?: '');
        }
-        if ($this->downloadUrl) {
-            return wp_basename($this->downloadUrl);
-        }
        return null;
    }

@@ -192,6 +196,7 @@ class ProductVersion
            'release_notes' => $this->releaseNotes,
            'download_url' => $this->downloadUrl,
            'attachment_id' => $this->attachmentId,
+            'file_hash' => $this->fileHash,
            'is_active' => $this->isActive,
            'released_at' => $this->releasedAt->format('Y-m-d H:i:s'),
            'created_at' => $this->createdAt->format('Y-m-d H:i:s'),