🐛 fix(desktop): ensure allowPrerelease is set correctly for updater (#11566)

* 🐛 fix(desktop): ensure allowPrerelease is set correctly for updater

- Add explicit allowPrerelease check before each update check
- Ensure allowPrerelease is re-applied after setFeedURL call
- Guard against potential internal state resets by electron-updater

* ✨ feat(updater): Enhance prerelease handling for update checks

- Ensure `allowPrerelease` is set correctly before and after update checks to accommodate internal state resets by `electron-updater`.
- Added logging to indicate the configuration of the GitHub update URL and the `allowPrerelease` status.

Signed-off-by: Innei <tukon479@gmail.com>

---------

Signed-off-by: Innei <tukon479@gmail.com>

apps/desktop/src/main/core/infrastructure/BackendProxyProtocolManager.ts

@@ -31,7 +31,24 @@ export class BackendProxyProtocolManager {
   private readonly handledSessions = new WeakSet<Session>();
   private readonly logger = createLogger('core:BackendProxyProtocolManager');
 
+  /**
+   * Debounce timer for authorization required notifications.
+   * Prevents multiple rapid 401 responses from triggering duplicate notifications.
+   */
+  // eslint-disable-next-line no-undef
+  private authRequiredDebounceTimer: NodeJS.Timeout | null = null;
+  private static readonly AUTH_REQUIRED_DEBOUNCE_MS = 1000;
+
   private notifyAuthorizationRequired() {
+    // Debounce: skip if a notification is already scheduled
+    if (this.authRequiredDebounceTimer) {
+      return;
+    }
+
+    this.authRequiredDebounceTimer = setTimeout(() => {
+      this.authRequiredDebounceTimer = null;
+    }, BackendProxyProtocolManager.AUTH_REQUIRED_DEBOUNCE_MS);
+
     const allWindows = BrowserWindow.getAllWindows();
     for (const win of allWindows) {
       if (!win.isDestroyed()) {
@@ -146,7 +163,12 @@ export class BackendProxyProtocolManager {
         responseHeaders.set('Access-Control-Allow-Headers', '*');
         responseHeaders.set('X-Src-Url', rewrittenUrl);
 
-        if (!token && upstreamResponse.status === 401) {
+        // Handle 401 Unauthorized: notify authorization required regardless of token presence
+        // This covers cases where:
+        // 1. No token exists
+        // 2. Token has expired
+        // 3. Token has been revoked server-side
+        if (upstreamResponse.status === 401) {
           this.notifyAuthorizationRequired();
         }
 

apps/desktop/src/main/core/infrastructure/UpdaterManager.ts

@@ -104,6 +104,13 @@ export class UpdaterManager {
 
     this.checking = true;
     this.isManualCheck = manual;
+
+    // Ensure allowPrerelease is correctly set before each check
+    // This guards against any internal state reset by electron-updater
+    if (!isStableChannel) {
+      autoUpdater.allowPrerelease = true;
+    }
+
     logger.info(`${manual ? 'Manually checking' : 'Auto checking'} for updates...`);
 
     // If manual check, notify renderer process about check start
@@ -340,13 +347,22 @@ export class UpdaterManager {
       logger.info(`Configuring GitHub provider for ${channel} channel ${reason}`);
       logger.info(`Channel set to: latest (will look for latest-mac.yml)`);
 
+      // For beta/nightly channels, we need prerelease versions
+      const needPrerelease = channel !== 'stable';
+
       autoUpdater.setFeedURL({
         owner: githubConfig.owner,
         provider: 'github',
         repo: githubConfig.repo,
       });
 
-      logger.info(`GitHub update URL configured: ${githubConfig.owner}/${githubConfig.repo}`);
+      // Ensure allowPrerelease is set correctly after setFeedURL
+      // setFeedURL may reset some internal states
+      autoUpdater.allowPrerelease = needPrerelease;
+
+      logger.info(
+        `GitHub update URL configured: ${githubConfig.owner}/${githubConfig.repo}, allowPrerelease=${needPrerelease}`,
+      );
     }
   }