If the user is not authenticated, they should be redirected to the login screen. Ideally they should also be shown a snackbar telling them why they were redirected.

Since devconsole requires running go generate to generate protobuf code before compiling, Renovate has issues updating artifacts as seen in a recent dependency update. This may be why Renovate hasn't been updating packages such as golang.org/x/oauth2 and golang.org/x/exp lately.

Ideally this should be resolved without including the generated protobuf code in the repository.

Most users aren't reviewers or publishers and so don't need to load the review and publish components. These components should be split out into lazy-loaded feature modules to reduce load times for the majority of users who will never need them.

Relevant docs: https://angular.io/guide/lazy-loading-ngmodules

This will most likely take the form of an Ansible playbook.

As per https://developer.android.com/studio/publish/app-signing, debug certificates are insecure by design and should not be used for publishing. To reduce the risk of user error leading to a security compromise, we should reject all apps signed with a debug certificate and direct the developer to documentation explaining how to properly sign their app with a release certificate.

APK signature parsing should be implemented in apkstat as a prerequisite:

• accrescent/apkstat#5

As far as I know we could use Avast's apkverifier library without breaking the terms of the LGPL license but I need to look into it more to be sure (insight appreciated). Regardless, it would probably be better to implement signature parsing in apkstat so we can add newer features as we need them such as signature v3.1 parsing, so as of now that's the plan.

https://angular.io/guide/security#enforcing-trusted-types

Currently it's Lax. If not feasible (it should be), ensure other sufficient CSRF protections are in place.

As bundletool adds more features (such as app archiving support), we want to ensure those features are available across all apps in
Accrescent. One way we can do this is limiting the minimum bundletool version allowed for generating APK sets.

For the implementation, each APK set contains a file called toc.pb which is a protocol buffer of the type BuildApksResult. This message contains a Bundletool message which in turn contains the version string of the bundletool used to generate the split APKs. We should check this against a configured minimum and reject APK sets using an older version.

Theoretically a developer could use an outdated bundletool and modify the version string in toc.pb before uploading the APK set, but there isn't incentive for them to do so and as of now there would be no security impact, so I don't think this is an issue.

I'm going to tentatively set an arbitrary policy that the minimum allowed bundletool version will be the latest stable version one month after its release.

Currently we return driver-specific errors from methods in our data.DB interface. This isn't ideal since the underlying database can't be swapped out without updating the calling code to handle different errors. Instead, we should wrap driver-specific errors in our own error types so that a driver change could theoretically be seamless.

As part of implementing this change, wrapcheck should be added to .golangci.yaml (with some configuration to ignore other packages that might trigger the lint).

Relevant discussion to pull from: #1

Currently HTTP error codes are logged to the console without any UI indicator. We should show a somewhat pretty error dialog to the developer to let them know what went wrong.

Relevant discussion to pull from: #1

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

While usable as a proof-of-concept, the current codebase has certain deficiencies that make it unsuitable as an MVP. This issue is for tracking all necessary changes to reach MVP status that aren't already tracked in another issue.

All changes for this issue are in the refactor branch. If you want to work on one of the below items, please submit a PR to the refactor branch instead of main.

• Give reviewers emails
• Add authorization checks for app updates
• Allow multiple updates to exist for a given app
  • Update API to better reflect this
• Tie staging apps to gh_id instead of session_id so they can be saved and returned to in a different login session
• Rewrite frontend
  • Remove redirect return values from web server (i.e. remove unneeded HTTP 3XX return codes)
  • Remove all uses of html/template (most if not all of devportal/page module)
  • Change all frontend code to use Angular
    • Landing page w/link to log in w/GitHub
    • Registration page
    • Dashboard page
    • New app submission page
    • App list page
    • App update submission page
    • Publishing page
• Always require review for new apps
• Assign reviews to individual reviewers
• Don't rely on usable_emails cache - it should be just that, a cache
• Abstract all DB queries outside of routes (create DB-agnostic *sql.DB wrapper for routes to use)
• Prevent data races of config & OAuth2 config shared between routes

If an app has a review issue (say it uses the READ_CONTACTS permission), subsequent updates still including READ_CONTACTS should not require review by default.

Right now I'd need to manually delete a developer's account from the user database at their request. They should be able to delete their account themselves through their account settings.