Add installApp API

[weilu]

Following are options I can think of:

1. bitcoin.installApp(""https://github.com/author/app_repo.git")
2. bitcoin.installApp(""http://github.com/author/releases/package-name.hiveapp")

Option 1 has dependency on git and osx client will have to integrate with git so will be more complex. But upgrade could be easier and signing the app can be as simple as signing git release tags.

Option 2 provides more flexibility and is probably much simpler to implement on the osx client side. App upgrade can rely on the combined json file produced by our Hive App Registry Worker/Server (at http://hive-app-registry.herokuapp.com/index.json for now) Git dependency is pushed up the chain. So osx doesn't have to worry about it.

@jsuder @nschum @tgerring @w-hive Thoughts?

[mackuba]

You know my thoughts :) I'm against integrating git client in the app and doing a sequence of git pulls on every startup (while also forcing app developers to develop apps in a very specific way), if we can instead just do one or more HTTP requests for JSON files and compare the version fields in the returned records.

[weilu]

@jsuder so does option 2 work for you?

[mackuba]

Actually, we might not even need a method for this. It should be possible to intercept downloads of hiveapp files and handle them as app installation, i.e. you'd create a link <a href="...hiveapp">install</a> and clicking it would show the confirmation alert. If I can do that then I think this would be the cleanest solution.

[weilu]

@jsuder Good point! I'll try that. Will close this & release a new version of app store if this works.

[mackuba]

No, I take that back, this will need to be an API method:

• you'll probably want some indication if the app was successfully downloaded and installed, and there's no way to do that with a link
• in the JS wallets (and other wallets if they use our platform) this will have to be implemented differently anyway (perhaps with apps hosted on the server, and "installation" only as adding a URL to the list in the profile?)

BTW, you can use a link with target="_blank" as a fallback, then the .hiveapp will just be downloaded in the default browser.

[mackuba]

Added first version of bitcoin.installApp. I'm thinking how the callback(s) should look... there are basically 3 possible outcomes: installed, user cancelled installation, couldn't download the app for some reason.

So it could be e.g.:

bitcoin.installApp(url, function(wasInstalled, [error]) { ... })

[nschum]

Do we want all apps to have the permission to install other apps? At the very least, apps installed via HTTP should be somewhat sandboxed in this regard.

And shouldn't we add a hash argument to validate the downloaded zip, in order to prevent someone from modifying the zip on the way?

[mackuba]

You can always make a link that opens in an external browser that leads to a hiveapp, which will be immediately downloaded, and then you're only one click away from the same confirmation dialog. So I don't think limiting access to this method would help that much.

As for modifying zips on the way, I guess we could make this method reject downloads that use unencrypted http.

[mackuba]

Done. https://github.com/hivewallet/hive-osx/wiki/API#wiki-installing-other-hive-apps