licensekeys

command module
v0.0.0-...-1518e3e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2022 License: MIT Imports: 30 Imported by: 0

README

Licensekeys is a server for creating, and a package for verifying, keys that authorize use of a software application.

Overview

A license key is a securely signed text file containing data that, when validated, allows usage of an application.

At it's core, Licensekeys simply provides an easy method to work with public key authentication. Only the license key server, which stores the private key, can create authentic license keys. The matching public key is included in your software application's code to authenticate a signature generated by the private key.

Table of Contents:

Basic Operation

Licensekeys operates via two connected pieces:

  1. A server for creating and managing license keys that you then distribute.
  2. A golang package that is embedded into your software application to verify a license key.

The server side is very simple; it creates and managing license keys. Licenses are created by gathering and signing data using a private key. The data and signature are stored in a text file which is then distributed to, or with, your software application.

The client golang package is used to verify a license key. Verification is done by comparing a license key file's data and signature against a public key where the public key is the matching pair to the private key used to generate the signature. This package also provides tooling for easily accessing any data stored in the license you may need in your application.

License Key File Example

A license key is a human readable text file with a signature verifying its authenticity.

  • Human readability allows for people to understand what is "in" their license.
  • Text files are easy to distribute.
  • Signature ensures that if anything is changed in the file, the license will be invalid.
  • Standardized format with custom fields added as needed.
    LicenseID: 10023
    AppName: Example
    CompanyName: ACME Dynamite
    ContactName: Wyle E Coyote
    PhoneNumber: 123-555-1212
    Email: wyle@example.com
    IssueDate: "2022-05-07"
    IssueTimestamp: 1651958341
    ExpireDate: "2049-09-21"
    Extras:
      CF_String: Hello World!
      Custom Boolean: true
      Custom Field Integer: 5
      Decimal: 5.55
    Signature: GBDAEIIAYPGNFZPDUQHMJ2WDQ4NETOLA4EZZVJ2LWVXIRGBZ6SKGMULV3ESAEIIA2QXHQ2HXLSIF7CUWZVLILT4FNKKDXHOLALM5QV3HQV5K4QWMVICQ====

Details

  • Server is a webapp with very minimal requirements (1 CPU & 512 MB of RAM is plenty).
  • SQLite database.
  • Define any number of applications to generate licenses for.
  • Each application can have one or more public-private key pairs for key rotation, development versus production, etc.
  • Key pairs can be RSA, ECDSA, or ED25519.
  • Private keys can be encrypted at rest.
  • License key files can be either JSON or YAML formatted.
  • Customize each license with custom fields set when a license is created.
  • API to create and retrieve licenses.
  • User permissions and audit logging.

Installing

The server can be run by cloning this repo and running go run main.go. You may prefer to build with go build and then run with ./licensekeys. A default configuration file with be created and the database will be deployed upon first run.

To use the client package to verify a license key in your application, import github.com/c9845/licensekeys/licensefile in your .go file. See the client-app.go example in the _example directory at the root of this repo for an idea of how to get started.

Getting Values From A License Key

You can retrieve data from a license key in your software application as needed. For top-level, standard fields, just use f.LicenseID. For accessing custom data in the Extras field, use one of the ExtraAs...() funcs based on the field's value type.

Note that you should only access a license's data after you have verified the license first. You cannot trust the data has not been modified before the license key is verified.

How A License Key File is Created

  1. The data for a license key is gathered.
  2. The data is hashed.
  3. The hash is signed by a private key.
  4. The signature is encoded into a textual format.
  5. The data and signature are written to a file.

How a License Key File is Verified

  1. The license key file is read by a software application.
  2. The file's data is parsed and the signature is decoded.
  3. The data is hashed and compared against the decoded signature using a public key.
  4. The response tells you if the license key is authentic.

Development & Contributing

  • Client Side JS:
    • Code is located in in .ts files in the website/static/js/ directory.
    • Code is split into different files based on their usage to organize code better.
    • The .ts files must be combined into one script.js file as per the tsconfig.json file.
    • The script.js file must be minified per the gruntfile.js to script.min.js.
    • Note the tasks in .vscode/tasks.json to help automate this.
    • Cache busting is handled by the app itself at runtime.
    • Uses Vue 2.x but not single file components. Just imports the Vue .js file.
  • Client Side CSS:
    • Written in one big CSS file located at website/static/css/styles.css.
    • This file must be minified per the gruntfile.js to styles.min.css.
    • Cache busting is handled by the app itself at runtime.
  • HTML Templates:
    • Stored in website/templates/.
    • Use a combination of golang and Vue templating.
    • Most templates are simple HTML with little data. Vue loads data via API calls to populate the templates.
  • Backend Go code:
    • Broken apart into many sub-packages for better organization.
    • Database schema is defined in code to allow deploying of new databases as needed.
    • Each database table is stored in a separate file for better organization. These files hold most db queries as well.
    • Can be built into a static binary; CGO is not needed.
    • Embeds HTML, CSS, and JS files into binary for easier distribution of the app.

Documentation

Overview

This app creates and manages licence keys for software applications. Each license is signed by a private key where the matching public key is embedded in your application. This package also provides code for validating the license key in your applications (obviously, golang only apps).

Source Files

View all Source files

Directories

Path Synopsis
_tools
build
Build.go builds software releases.
 Build.go builds software releases.
build2
Package activitylog handles the logging of user actions performed within the app for diagnostic and auditing purposes.
 Package activitylog handles the logging of user actions performed within the app for diagnostic and auditing purposes.
Package apikeys handles generating, revoking, and listing data on api keys.
 Package apikeys handles generating, revoking, and listing data on api keys.
Package apps handles the apps that you want to create license keys for.
 Package apps handles the apps that you want to create license keys for.
Package appsettings handles settings that change the functionality of this app.
 Package appsettings handles settings that change the functionality of this app.
Package config handles configuration of the app.
 Package config handles configuration of the app.
Package customfields handles interacting with custom fields that you add to your licenses.
 Package customfields handles interacting with custom fields that you add to your licenses.
Package db handles interacting with the database.
 Package db handles interacting with the database.
Package keypairs handles the public-private keypairs defined for your apps that are used to sign your license data to create license keys.
 Package keypairs handles the public-private keypairs defined for your apps that are used to sign your license data to create license keys.
Package license handles creation and retrieval of license data.
 Package license handles creation and retrieval of license data.
Package licensefile defines the format for a license key file and tooling for creating, signing, reading, verifying, and interacting with a license key file.
 Package licensefile defines the format for a license key file and tooling for creating, signing, reading, verifying, and interacting with a license key file.
Package middleware handles authentication, user permissions, and any other tasks that occur with a request to this app.
 Package middleware handles authentication, user permissions, and any other tasks that occur with a request to this app.
Package pages is used to display the gui.
 Package pages is used to display the gui.
Package pwds implements functionality for creating a secure hash of a password and for verifying a password matches a stored hash.
 Package pwds implements functionality for creating a secure hash of a password and for verifying a password matches a stored hash.
Package timestamps holds helper functions for dates, times, and timestamps.
 Package timestamps holds helper functions for dates, times, and timestamps.
Package users handles interacting with users of the app.
 Package users handles interacting with users of the app.
Package utils implements helpful funcs that are reused throughout the app and provide some simply, yet redundantly coded, functionaly.
 Package utils implements helpful funcs that are reused throughout the app and provide some simply, yet redundantly coded, functionaly.
Package version store's the app's version for use in diagnostics.
 Package version store's the app's version for use in diagnostics.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.