Implement initial subscription-backed license flow

2026-04-17 21:19:52 -07:00
parent 37ec04ee44
commit 9bea006426
3 changed files with 261 additions and 52 deletions
--- a/src/licenseLogic.js
+++ b/src/licenseLogic.js
@@ -0,0 +1,88 @@
 import crypto from 'crypto';
 import { PREMIUM_FEATURES } from './plans.js';
 import { createOrUpdateLicenseBySubscription, findLicenseByKey, updateLicense } from './store.js';
 export function fingerprintMachine(payload = {}) {
  const parts = [
    payload.hostname || '',
    payload.platform || '',
    payload.arch || '',
    payload.cpu || '',
    payload.mac || ''
  ];
  return crypto.createHash('sha256').update(parts.join('|')).digest('hex').slice(0, 16);
 }
 export function syncLicenseFromSubscription({ subscriptionId, customerId, customerEmail, planCode, status, currentPeriodEnd }) {
  const premiumFeatures = Object.fromEntries(PREMIUM_FEATURES.map((f) => [f, true]));
  return createOrUpdateLicenseBySubscription(subscriptionId, {
    subscriptionId,
    customerId,
    customerEmail,
    planCode,
    status,
    expiresAt: currentPeriodEnd,
    active: ['active', 'trialing', 'past_due'].includes(status),
    premiumFeatures,
    machineFingerprint: null,
    deactivatedAt: null
  });
 }
 export function validateLicense({ code, machine }) {
  const license = findLicenseByKey(code);
  if (!license) {
    return { success: false, message: 'License not found' };
  }
  if (!license.active) {
    return { success: false, message: 'License is not active' };
  }
  const now = Date.now();
  if (license.expiresAt && new Date(license.expiresAt).getTime() < now) {
    return { success: false, message: 'License has expired' };
  }
  const fingerprint = fingerprintMachine(machine || {});
  if (license.machineFingerprint && license.machineFingerprint !== fingerprint) {
    return { success: false, message: 'License is already active on another machine' };
  }
  const updated = license.machineFingerprint
    ? license
    : updateLicense(license.id, { machineFingerprint: fingerprint, activatedAt: new Date().toISOString() });
  return {
    success: true,
    license: {
      code: updated.key,
      tier: 'premium',
      expiresAt: updated.expiresAt,
      features: updated.premiumFeatures,
      subscriptionStatus: updated.status,
      customerEmail: updated.customerEmail
    },
    message: updated === license ? 'License validated' : 'License activated on this machine'
  };
 }
 export function deactivateLicense({ code, machine }) {
  const license = findLicenseByKey(code);
  if (!license) {
    return { success: false, message: 'License not found' };
  }
  const fingerprint = fingerprintMachine(machine || {});
  if (license.machineFingerprint && license.machineFingerprint !== fingerprint) {
    return { success: false, message: 'License is active on a different machine' };
  }
  const updated = updateLicense(license.id, {
    machineFingerprint: null,
    deactivatedAt: new Date().toISOString()
  });
  return { success: true, message: 'License deactivated', license: updated };
 }
--- a/src/server.js
+++ b/src/server.js
@@ -2,9 +2,10 @@ import express from 'express';
 import { config } from './config.js';
 import { getPlan, listPlans, PREMIUM_FEATURES } from './plans.js';
 import { getStripe } from './stripe.js';
 import { getStoreSnapshot, upsertCustomer, upsertSubscription } from './store.js';
 import { syncLicenseFromSubscription, validateLicense, deactivateLicense } from './licenseLogic.js';
 const app = express();
 app.use('/api/stripe/webhook', express.raw({ type: 'application/json' }));
 app.use(express.json());
@@ -13,70 +14,43 @@ app.get('/health', (_req, res) => {
 });
 app.get('/api/public/config', (_req, res) => {
-  res.json({
+  res.json({ ok: true, publishableKeyPresent: Boolean(config.stripePublishableKey), websiteUrl: config.websiteUrl });
    ok: true,
    publishableKeyPresent: Boolean(config.stripePublishableKey),
    websiteUrl: config.websiteUrl
  });
 });
 app.get('/api/public/plans', (_req, res) => {
-  res.json({
+  res.json({ ok: true, tier: 'premium', features: PREMIUM_FEATURES, plans: listPlans() });
-    ok: true,
+});
-    tier: 'premium',
+
-    features: PREMIUM_FEATURES,
+app.get('/api/admin/debug/store', (_req, res) => {
-    plans: listPlans()
+  res.json({ ok: true, store: getStoreSnapshot() });
  });
 });
 app.post('/api/checkout/session', async (req, res) => {
  try {
    const { planCode, customerEmail } = req.body || {};
    const plan = getPlan(planCode);
-
+    if (!plan) return res.status(400).json({ ok: false, error: 'Invalid planCode' });
    if (!plan) {
      return res.status(400).json({ ok: false, error: 'Invalid planCode' });
    }
    const stripe = getStripe();
    const session = await stripe.checkout.sessions.create({
      mode: 'subscription',
      payment_method_types: ['card'],
-      line_items: [
+      line_items: [{
        {
        price_data: {
          currency: 'usd',
-            product_data: {
+          product_data: { name: plan.label, description: 'DashCaddy Premium subscription' },
-              name: plan.label,
+          recurring: { interval: plan.interval, interval_count: plan.intervalCount },
              description: 'DashCaddy Premium subscription'
            },
            recurring: {
              interval: plan.interval,
              interval_count: plan.intervalCount
            },
          unit_amount: plan.amountUsd * 100
        },
        quantity: 1
-        }
+      }],
      ],
      success_url: `${config.websiteUrl}/success?session_id={CHECKOUT_SESSION_ID}`,
      cancel_url: `${config.websiteUrl}/pricing`,
      allow_promotion_codes: true,
      billing_address_collection: 'required',
      customer_email: customerEmail || undefined,
-      metadata: {
+      metadata: { source: 'dashcaddy.net', planCode: plan.code, tier: plan.tier },
-        source: 'dashcaddy.net',
+      subscription_data: { metadata: { source: 'dashcaddy.net', planCode: plan.code, tier: plan.tier } }
        planCode: plan.code,
        tier: plan.tier
      },
      subscription_data: {
        metadata: {
          source: 'dashcaddy.net',
          planCode: plan.code,
          tier: plan.tier
        }
      }
    });
    return res.json({ ok: true, url: session.url, sessionId: session.id });
@@ -88,18 +62,89 @@ app.post('/api/checkout/session', async (req, res) => {
 app.post('/api/stripe/webhook', async (req, res) => {
  try {
-    return res.json({ ok: true, message: 'Webhook endpoint scaffolded, handler next' });
+    if (!config.stripeWebhookSecret) {
      return res.status(500).json({ ok: false, error: 'Missing STRIPE_WEBHOOK_SECRET' });
    }
    const signature = req.headers['stripe-signature'];
    if (!signature) {
      return res.status(400).json({ ok: false, error: 'Missing stripe-signature header' });
    }
    const stripe = getStripe();
    const event = stripe.webhooks.constructEvent(req.body, signature, config.stripeWebhookSecret);
    switch (event.type) {
      case 'checkout.session.completed': {
        const session = event.data.object;
        if (session.customer) {
          upsertCustomer({ id: String(session.customer), email: session.customer_email || null, checkoutSessionId: session.id });
        }
        break;
      }
      case 'customer.subscription.created':
      case 'customer.subscription.updated':
      case 'customer.subscription.deleted': {
        const subscription = event.data.object;
        const customerId = typeof subscription.customer === 'string' ? subscription.customer : subscription.customer?.id;
        const customerEmail = subscription.customer_email || null;
        const planCode = subscription.metadata?.planCode || 'premium_1m';
        const currentPeriodEnd = subscription.current_period_end
          ? new Date(subscription.current_period_end * 1000).toISOString()
          : null;
        upsertSubscription({
          id: subscription.id,
          customerId,
          status: subscription.status,
          planCode,
          currentPeriodEnd,
          cancelAtPeriodEnd: Boolean(subscription.cancel_at_period_end)
        });
        const license = syncLicenseFromSubscription({
          subscriptionId: subscription.id,
          customerId,
          customerEmail,
          planCode,
          status: subscription.status,
          currentPeriodEnd
        });
        console.log('License synced from subscription', { subscriptionId: subscription.id, licenseKey: license.key, status: license.status });
        break;
      }
      case 'invoice.payment_failed': {
        const invoice = event.data.object;
        console.warn('Payment failed', { invoiceId: invoice.id, customerId: invoice.customer });
        break;
      }
      default:
        console.log('Unhandled Stripe event', event.type);
    }
    return res.json({ ok: true });
  } catch (error) {
-    return res.status(500).json({ ok: false, error: error.message || 'Webhook failed' });
+    console.error('Webhook processing error:', error);
    return res.status(400).json({ ok: false, error: error.message || 'Webhook failed' });
  }
 });
-app.post('/api/license/validate', async (_req, res) => {
+app.post('/api/license/validate', async (req, res) => {
-  return res.status(501).json({ ok: false, error: 'License validation not implemented yet' });
+  const { code, machine } = req.body || {};
  if (!code) return res.status(400).json({ ok: false, error: 'License code is required' });
  const result = validateLicense({ code, machine });
  return res.status(result.success ? 200 : 400).json(result);
 });
-app.post('/api/license/deactivate', async (_req, res) => {
+app.post('/api/license/deactivate', async (req, res) => {
-  return res.status(501).json({ ok: false, error: 'License deactivation not implemented yet' });
+  const { code, machine } = req.body || {};
  if (!code) return res.status(400).json({ ok: false, error: 'License code is required' });
  const result = deactivateLicense({ code, machine });
  return res.status(result.success ? 200 : 400).json(result);
 });
 app.listen(config.port, () => {
--- a/src/store.js
+++ b/src/store.js
@@ -0,0 +1,76 @@
 import fs from 'fs';
 import path from 'path';
 import crypto from 'crypto';
 const DATA_DIR = process.env.DATA_DIR || path.resolve(process.cwd(), 'data');
 const DATA_FILE = path.join(DATA_DIR, 'db.json');
 function ensureStore() {
  fs.mkdirSync(DATA_DIR, { recursive: true });
  if (!fs.existsSync(DATA_FILE)) {
    fs.writeFileSync(DATA_FILE, JSON.stringify({ customers: {}, subscriptions: {}, licenses: {} }, null, 2));
  }
 }
 function readStore() {
  ensureStore();
  return JSON.parse(fs.readFileSync(DATA_FILE, 'utf8'));
 }
 function writeStore(db) {
  ensureStore();
  fs.writeFileSync(DATA_FILE, JSON.stringify(db, null, 2));
 }
 export function createLicenseKey() {
  const raw = crypto.randomBytes(16).toString('hex').toUpperCase();
  return `DC-${raw.slice(0,5)}-${raw.slice(5,10)}-${raw.slice(10,15)}-${raw.slice(15,20)}-${raw.slice(20,25)}`;
 }
 export function upsertCustomer(customer) {
  const db = readStore();
  db.customers[customer.id] = { ...(db.customers[customer.id] || {}), ...customer, updatedAt: new Date().toISOString() };
  writeStore(db);
  return db.customers[customer.id];
 }
 export function upsertSubscription(subscription) {
  const db = readStore();
  db.subscriptions[subscription.id] = { ...(db.subscriptions[subscription.id] || {}), ...subscription, updatedAt: new Date().toISOString() };
  writeStore(db);
  return db.subscriptions[subscription.id];
 }
 export function createOrUpdateLicenseBySubscription(subscriptionId, patch) {
  const db = readStore();
  const existing = Object.values(db.licenses).find((lic) => lic.subscriptionId === subscriptionId);
  const id = existing?.id || crypto.randomUUID();
  const next = {
    id,
    key: existing?.key || createLicenseKey(),
    createdAt: existing?.createdAt || new Date().toISOString(),
    ...existing,
    ...patch,
    updatedAt: new Date().toISOString()
  };
  db.licenses[id] = next;
  writeStore(db);
  return next;
 }
 export function findLicenseByKey(key) {
  const db = readStore();
  return Object.values(db.licenses).find((lic) => lic.key === key) || null;
 }
 export function updateLicense(id, patch) {
  const db = readStore();
  if (!db.licenses[id]) return null;
  db.licenses[id] = { ...db.licenses[id], ...patch, updatedAt: new Date().toISOString() };
  writeStore(db);
  return db.licenses[id];
 }
 export function getStoreSnapshot() {
  return readStore();
 }