Server app integrity check

[Narenvaran]

Hi @duddu ,
Can I Share the hash generated by plugin to server and check integrity in ajax call.
If so i wanted to know where will the generated hash keys be stored to verify?

[duddu]

hello @Narenvaran, at this moment the verification occurs on the app native side: the hash for the assets are generated at compile time and bundled as part of the application code; then compared at launch time with the current ones.
in order to enable integrity check on your server-side the easiest way is to get the generated hash from the cordova compile logs (using verbose you will see all the operations made by this plugin), and store them (associating them with the version of the app) in any data-store form you like, and then implement a service that the native code will call at launch, which would compare the has that the plugin generated at compile time with the ones that sends at app launch. This call do cannot be an ajax call from javascript: it must occur from native code, or all the assets have already been loaded and there is no point in checking the integrity anymore!

Enabling a server-side integrity check as described above wouldn't be hard, but I wasn't originally keen to put this in this plugin since it would require (and dictate) a server-side implementation to couple with the native one.
But feel free to give it a go in a PR if you are interested, happy to consider it.

[oxr463]

Enabling a server-side integrity check as described above wouldn't be hard, but I wasn't originally keen to put this in this plugin since it would require (and dictate) a server-side implementation to couple with the native one.

Or simply create a separate plugin for that.