From dc0114e4b77928e03aa05349c513b1c68f7e2d35 Mon Sep 17 00:00:00 2001 From: djuka Date: Wed, 4 Mar 2026 07:42:25 +0000 Subject: [PATCH] Inicijalni commit: kompletna implementacija + dokumentacija + testovi - Kompletna Go implementacija licencnog servera (19 Go fajlova) - Klijentski API: activate, deactivate, validate - Admin API: CRUD licence, stats, audit log - Admin dashboard: htmx + Go templates - RSA-2048 potpisivanje licencnih podataka - Rate limiting i API key autentifikacija - MySQL migracije i seed podaci (ESIR, ARV, LIGHT_TICKET) - Unit testovi: keygen, crypto, model, middleware (24 testa) - Dokumentacija: SPEC.md, ARCHITECTURE.md, SETUP.md, API.md, TESTING.md, README.md Co-Authored-By: Claude Opus 4.6 --- .claude/feedback/idx_counter.json | 3 + .claude/project.json | 8 + .env.example | 19 + .gitignore | 6 + API.md | 272 +++++++++ CLAUDE.md | 744 ++++++++++++++++++++++++ README.md | 58 ++ TESTING.md | 105 ++++ cmd/server/main.go | 89 +++ crypto/public.pem | 9 + docs/ARCHITECTURE.md | 158 +++++ docs/SETUP.md | 162 ++++++ docs/SPEC.md | 99 ++++ go.mod | 7 + go.sum | 4 + internal/config/config.go | 80 +++ internal/handler/admin_handler.go | 162 ++++++ internal/handler/client_handler.go | 69 +++ internal/handler/dashboard_handler.go | 283 +++++++++ internal/handler/helpers.go | 41 ++ internal/middleware/auth.go | 20 + internal/middleware/auth_test.go | 65 +++ internal/middleware/ratelimit.go | 64 ++ internal/middleware/ratelimit_test.go | 91 +++ internal/model/activation.go | 20 + internal/model/audit.go | 19 + internal/model/license.go | 129 ++++ internal/model/license_test.go | 221 +++++++ internal/model/request.go | 116 ++++ internal/repository/activation_repo.go | 85 +++ internal/repository/audit_repo.go | 66 +++ internal/repository/license_repo.go | 221 +++++++ internal/router/router.go | 78 +++ internal/service/activation_service.go | 178 ++++++ internal/service/crypto_service.go | 63 ++ internal/service/crypto_service_test.go | 147 +++++ internal/service/keygen.go | 26 + internal/service/keygen_test.go | 81 +++ internal/service/license_service.go | 195 +++++++ migrations/001_create_tables.sql | 67 +++ migrations/002_seed_products.sql | 10 + static/css/style.css | 89 +++ static/js/htmx.min.js | 1 + templates/layout/base.html | 28 + templates/pages/audit.html | 30 + templates/pages/dashboard.html | 54 ++ templates/pages/license-detail.html | 77 +++ templates/pages/license-new.html | 66 +++ templates/pages/licenses.html | 55 ++ templates/pages/login.html | 22 + 50 files changed, 4762 insertions(+) create mode 100644 .claude/feedback/idx_counter.json create mode 100644 .claude/project.json create mode 100644 .env.example create mode 100644 .gitignore create mode 100644 API.md create mode 100644 CLAUDE.md create mode 100644 README.md create mode 100644 TESTING.md create mode 100644 cmd/server/main.go create mode 100644 crypto/public.pem create mode 100644 docs/ARCHITECTURE.md create mode 100644 docs/SETUP.md create mode 100644 docs/SPEC.md create mode 100644 go.mod create mode 100644 go.sum create mode 100644 internal/config/config.go create mode 100644 internal/handler/admin_handler.go create mode 100644 internal/handler/client_handler.go create mode 100644 internal/handler/dashboard_handler.go create mode 100644 internal/handler/helpers.go create mode 100644 internal/middleware/auth.go create mode 100644 internal/middleware/auth_test.go create mode 100644 internal/middleware/ratelimit.go create mode 100644 internal/middleware/ratelimit_test.go create mode 100644 internal/model/activation.go create mode 100644 internal/model/audit.go create mode 100644 internal/model/license.go create mode 100644 internal/model/license_test.go create mode 100644 internal/model/request.go create mode 100644 internal/repository/activation_repo.go create mode 100644 internal/repository/audit_repo.go create mode 100644 internal/repository/license_repo.go create mode 100644 internal/router/router.go create mode 100644 internal/service/activation_service.go create mode 100644 internal/service/crypto_service.go create mode 100644 internal/service/crypto_service_test.go create mode 100644 internal/service/keygen.go create mode 100644 internal/service/keygen_test.go create mode 100644 internal/service/license_service.go create mode 100644 migrations/001_create_tables.sql create mode 100644 migrations/002_seed_products.sql create mode 100644 static/css/style.css create mode 100644 static/js/htmx.min.js create mode 100644 templates/layout/base.html create mode 100644 templates/pages/audit.html create mode 100644 templates/pages/dashboard.html create mode 100644 templates/pages/license-detail.html create mode 100644 templates/pages/license-new.html create mode 100644 templates/pages/licenses.html create mode 100644 templates/pages/login.html diff --git a/.claude/feedback/idx_counter.json b/.claude/feedback/idx_counter.json new file mode 100644 index 0000000..acdac88 --- /dev/null +++ b/.claude/feedback/idx_counter.json @@ -0,0 +1,3 @@ +{ + "next": 1 +} \ No newline at end of file diff --git a/.claude/project.json b/.claude/project.json new file mode 100644 index 0000000..da3f657 --- /dev/null +++ b/.claude/project.json @@ -0,0 +1,8 @@ +{ + "name": "dal-license-server", + "description": "Univerzalni licencni server za sve DAL proizvode (ESIR, ARV, Light-Ticket).", + "binary": "dal-license-server", + "start_cmd": "", + "work_dir": "/root/projects/dal-license-server", + "ports": {} +} \ No newline at end of file diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..4a7eb58 --- /dev/null +++ b/.env.example @@ -0,0 +1,19 @@ +APP_PORT=8090 +APP_ENV=development + +DB_HOST=localhost +DB_PORT=3306 +DB_NAME=dal_license_db +DB_USER=license +DB_PASS=OBAVEZNO-PROMENITI + +ADMIN_API_KEY=OBAVEZNO-GENERISATI-MIN-32-CHARS +ADMIN_PASSWORD=OBAVEZNO-PROMENITI +SESSION_SECRET=OBAVEZNO-PROMENITI + +RSA_PRIVATE_KEY_PATH=./crypto/private.pem + +RATE_LIMIT_ACTIVATE=10 +RATE_LIMIT_VALIDATE=60 + +LOG_LEVEL=info diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..939f2a5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +.env +*.exe +dal-license-server +crypto/private.pem +log/*.log +data/ diff --git a/API.md b/API.md new file mode 100644 index 0000000..3c4b69b --- /dev/null +++ b/API.md @@ -0,0 +1,272 @@ +# DAL License Server — API Dokumentacija + +Bazni URL: `http://localhost:8090` + +## Health + +### GET /api/v1/health + +Provera da li server radi. + +**Response 200:** +```json +{"status": "ok"} +``` + +--- + +## Klijentski API + +Endpointi za klijentske aplikacije (ESIR, ARV, Light-Ticket). Bez autentifikacije, zastiteni rate limiting-om. + +### POST /api/v1/activate + +Aktivacija licence na konkretnom racunaru. + +**Request:** +```json +{ + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "machine_fingerprint": "sha256:a1b2c3d4e5f6...", + "app_version": "1.0.0", + "os": "windows", + "hostname": "FIRMA-PC" +} +``` + +**Response 200:** +```json +{ + "license": { + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "product": "LIGHT_TICKET", + "license_type": "MONTHLY", + "issued_at": "2026-03-01T00:00:00Z", + "expires_at": "2026-04-01T00:00:00Z", + "activated_at": "2026-03-03T10:00:00Z", + "machine_fingerprint": "sha256:a1b2c3d4e5f6...", + "grace_days": 30, + "limits": { + "max_operators": 3 + }, + "features": ["TICKET_VALIDATION", "REPORTS", "EXCEL_EXPORT", "LIVE_FEED"], + "customer": { + "name": "Firma DOO", + "email": "admin@firma.rs" + } + }, + "signature": "RSA-SHA256:base64encodedSignature..." +} +``` + +**Error kodovi:** + +| Kod | Opis | +|-----|------| +| INVALID_KEY | Licencni kljuc ne postoji | +| ALREADY_ACTIVATED | Licenca vec aktivirana na drugom racunaru | +| KEY_EXPIRED | Licenca istekla | +| KEY_REVOKED | Licenca opozvana | +| PRODUCT_MISMATCH | Proizvod ne odgovara | + +**Error response 400:** +```json +{ + "error": { + "code": "ALREADY_ACTIVATED", + "message": "Licenca je već aktivirana na drugom računaru", + "details": { + "activated_on": "DRUGA-PC", + "activated_at": "2026-02-15T08:00:00Z" + } + } +} +``` + +### POST /api/v1/deactivate + +Deaktivacija licence (za transfer na drugi racunar). + +**Request:** +```json +{ + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "machine_fingerprint": "sha256:a1b2c3d4e5f6..." +} +``` + +**Response 200:** +```json +{ + "message": "Licenca uspešno deaktivirana", + "can_reactivate": true +} +``` + +### POST /api/v1/validate + +Opciona online provera validnosti licence. + +**Request:** +```json +{ + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "machine_fingerprint": "sha256:a1b2c3d4e5f6..." +} +``` + +**Response 200:** +```json +{ + "valid": true, + "expires_at": "2026-04-01T00:00:00Z", + "revoked": false +} +``` + +--- + +## Admin API + +Svi admin endpointi zahtevaju `X-API-Key` header. + +``` +X-API-Key: vas-api-kljuc +``` + +### GET /api/v1/admin/products + +Lista svih proizvoda. + +**Response 200:** +```json +[ + { + "id": 1, + "code": "ESIR", + "name": "ESIR Fiskalizacija", + "key_prefix": "ESIR-", + "default_limits": {"max_installations": 1}, + "available_features": ["FISCALIZATION", "REPORTS"], + "active": true + } +] +``` + +### GET /api/v1/admin/licenses + +Lista licenci. Podrzava filter po proizvodu. + +**Query parametri:** +- `product` — Filter po product code (ESIR, ARV, LIGHT_TICKET) + +**Response 200:** +```json +[ + { + "id": 1, + "product_code": "LIGHT_TICKET", + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "license_type": "MONTHLY", + "customer_name": "Firma DOO", + "expires_at": "2026-04-01T00:00:00Z", + "active": true, + "revoked": false + } +] +``` + +### POST /api/v1/admin/licenses + +Kreiranje nove licence. + +**Request:** +```json +{ + "product_code": "LIGHT_TICKET", + "license_type": "MONTHLY", + "customer_name": "Firma DOO", + "customer_pib": "123456789", + "customer_email": "admin@firma.rs", + "limits": {"max_operators": 10}, + "features": ["TICKET_VALIDATION", "REPORTS", "EXCEL_EXPORT", "LIVE_FEED"], + "grace_days": 30, + "notes": "Pro paket" +} +``` + +**Response 201:** +```json +{ + "id": 1, + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "message": "Licenca kreirana" +} +``` + +### GET /api/v1/admin/licenses/{id} + +Detalji jedne licence. + +### PUT /api/v1/admin/licenses/{id} + +Izmena licence. + +### POST /api/v1/admin/licenses/{id}/revoke + +Opozivanje licence. + +**Request:** +```json +{ + "reason": "Klijent nije platio" +} +``` + +### POST /api/v1/admin/licenses/{id}/release + +Force release aktivacije (kada je racunar klijenta nedostupan). + +### GET /api/v1/admin/licenses/{id}/activations + +Lista aktivacija za licencu. + +### GET /api/v1/admin/audit + +Audit log. Lista svih akcija. + +### GET /api/v1/admin/stats + +Statistike po proizvodima. + +--- + +## Dashboard rute (htmx) + +| Metoda | Putanja | Opis | +|--------|---------|------| +| GET | /login | Login stranica | +| POST | /login | Login submit | +| POST | /logout | Logout | +| GET | /dashboard | Pocetna — statistike | +| GET | /licenses | Lista licenci | +| GET | /licenses/new | Forma za novu licencu | +| POST | /licenses | Kreiranje licence | +| GET | /licenses/{id} | Detalji licence | +| POST | /licenses/{id}/revoke | Opozivanje | +| POST | /licenses/{id}/release | Force release | +| GET | /audit | Audit log | + +--- + +## Rate limiting + +| Endpoint | Limit | +|----------|-------| +| POST /api/v1/activate | 10 req/min per IP | +| POST /api/v1/deactivate | 10 req/min per IP | +| POST /api/v1/validate | 60 req/min per IP | + +--- + +*Mart 2026* diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..1031468 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,744 @@ +# DAL License Server — CLAUDE.md + +## Pregled + +Univerzalni licencni server za **sve DAL proizvode**: ESIR, ARV, Light-Ticket, i buduće aplikacije. + +Zamenjuje stari `esir-license-server` (koji niko ne koristi u produkciji). Arhitektura prema ARV licencnoj dokumentaciji (`/root/projects/arv/TASKS/Licenciranje-Starter.md`), ali univerzalna — podržava N proizvoda. + +**Princip:** License Server je jedini koji ima RSA private key. Klijentske aplikacije imaju samo public key. Server potpisuje licence, klijenti verifikuju potpis. Niko osim servera ne može da kreira validnu licencu. + +**KRITIČNO — Testiranje:** Ova aplikacija je osnova budućeg poslovanja DAL-a. Mora biti **rigorozno testirana** svim poznatim tipovima testova: +- **Unit testovi** — svaki servis, model, helper, middleware +- **Integration testovi** — kompletni API flow-ovi (activate → validate → deactivate → re-activate) +- **Security testovi** — SQL injection, brute force, API key bypass, tampered signatures, invalid inputs +- **Edge case testovi** — expired licence, grace period granice, perpetual licence, race conditions +- **Regression testovi** — svaki bug fix mora imati test koji potvrdjuje ispravku +- **Load testovi** — rate limiting pod pritiskom, konkurentni zahtevi +- Nikad ne smanjivati pokrivenost testovima. Svaka nova funkcionalnost MORA imati test pre merge-a. + +--- + +## Kako radi + +``` +┌─────────────────────────────────────────────────────┐ +│ DAL LICENSE SERVER │ +│ port: 8090 │ +│ │ +│ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ +│ │ Admin API │ │ Klijent │ │ Admin Dashboard │ │ +│ │ (CRUD) │ │ API │ │ (htmx) │ │ +│ └──────────┘ └──────────┘ └──────────────────┘ │ +│ │ │ │ │ +│ └──────────────┼───────────────┘ │ +│ │ │ +│ ┌────────┴────────┐ │ +│ │ MySQL baza │ │ +│ │ license_db │ │ +│ └─────────────────┘ │ +│ │ +│ RSA-2048 Private Key (samo ovde, nikad ne izlazi) │ +└─────────────────────────────────────────────────────┘ + ▲ ▲ ▲ + │ HTTPS │ HTTPS │ HTTPS + │ │ │ + ┌────┴────┐ ┌────┴────┐ ┌────┴────────┐ + │ ESIR │ │ ARV │ │ Light-Ticket │ + │ klijent │ │ klijent │ │ klijent │ + └─────────┘ └─────────┘ └──────────────┘ + Svaki ima RSA public key ugrađen u binary + Svaki čuva license.enc lokalno +``` + +--- + +## Tok — od kupovine do rada + +### 1. Admin kreira licencu +``` +Admin → Dashboard → Nova licenca + → Bira proizvod (ESIR / ARV / LIGHT_TICKET) + → Unosi: firma, email, tip (MONTHLY/ANNUAL/PERPETUAL), limiti + → Server generiše ključ: {PREFIX}-XXXX-XXXX-XXXX-XXXX + → Ključ se šalje klijentu (email ili ručno) +``` + +### 2. Klijent aktivira +``` +Klijent instalira aplikaciju + → Unese licencni ključ u Settings + → Aplikacija šalje serveru: ključ + machine_fingerprint + app_version + OS + → Server proverava: ključ validan? nije aktiviran drugde? nije istekao? + → Server potpisuje licencne podatke RSA private key-em + → Vraća: licencni JSON + RSA potpis + → Klijent kreira license.enc (AES-256-GCM + RSA potpis) + → Aplikacija radi OFFLINE dok licenca važi +``` + +### 3. Svakodnevni rad (offline) +``` +Aplikacija se pokrene + → Čita license.enc sa diska + → Dekriptuje (AES sa machine fingerprint) + → Proverava RSA potpis (public key ugrađen u binary) + → Proverava fingerprint (isti računar?) + → Proverava rok (nije istekao?) + → SVE OK → normalan rad + → Internet NIJE potreban za svakodnevni rad +``` + +### 4. Opciona online provera +``` +Jednom dnevno (ako ima internet): + → Aplikacija šalje: ključ + fingerprint + → Server proverava: nije revocirana? + → Ako je revocirana na serveru → klijent invalidira lokalnu licencu + → Ako nema interneta → preskače, radi sa lokalnim fajlom +``` + +--- + +## Tech stack + +| Komponenta | Tehnologija | +|------------|-------------| +| Backend | Go + net/http (Go 1.22+ routing) | +| Admin UI | htmx + Go html/template | +| Baza | MySQL 8.0 | +| Kripto | RSA-2048 (potpis), AES-256-GCM (enkripcija na klijentima) | +| Auth | API key za admin API, session za dashboard | + +--- + +## Go struktura projekta + +``` +dal-license-server/ +├── cmd/ +│ └── server/ +│ └── main.go +├── internal/ +│ ├── config/ +│ │ └── config.go # .env konfiguracija +│ ├── model/ +│ │ ├── license.go # License, Product, LicenseType +│ │ ├── activation.go # Activation model +│ │ ├── audit.go # Audit log model +│ │ └── request.go # Request/Response structs +│ ├── repository/ +│ │ ├── license_repo.go # License CRUD +│ │ ├── activation_repo.go # Activation CRUD +│ │ └── audit_repo.go # Audit log +│ ├── service/ +│ │ ├── license_service.go # Poslovna logika +│ │ ├── activation_service.go # Aktivacija/deaktivacija +│ │ ├── crypto_service.go # RSA potpisivanje +│ │ └── keygen.go # Generisanje ključeva +│ ├── handler/ +│ │ ├── client_handler.go # API za klijentske app-e (activate, deactivate, validate) +│ │ ├── admin_handler.go # Admin CRUD API +│ │ ├── dashboard_handler.go # Admin dashboard (htmx) +│ │ └── helpers.go # JSON/error helpers +│ ├── middleware/ +│ │ ├── auth.go # API key + session auth +│ │ └── ratelimit.go # Rate limiting +│ └── router/ +│ └── router.go +├── templates/ +│ ├── layout/ +│ │ └── base.html +│ ├── pages/ +│ │ ├── login.html +│ │ ├── dashboard.html # Statistike po proizvodu +│ │ ├── licenses.html # Lista licenci + CRUD +│ │ ├── license-detail.html # Detalji licence + aktivacije +│ │ └── audit.html # Audit log pregled +│ └── partials/ +│ ├── license-row.html +│ └── stats.html +├── crypto/ +│ ├── private.pem # RSA private key (NIKAD u git-u!) +│ └── public.pem # RSA public key (deli se sa klijentima) +├── migrations/ +│ ├── 001_create_tables.sql +│ └── 002_seed_products.sql +├── .env.example +├── .gitignore +├── go.mod +├── README.md +├── TESTING.md +└── CLAUDE.md +``` + +--- + +## Baza podataka (MySQL) + +### Tabele + +#### `products` +| Kolona | Tip | Opis | +|--------|-----|------| +| id | BIGINT PK AUTO_INCREMENT | | +| code | VARCHAR(20) UNIQUE | ESIR, ARV, LIGHT_TICKET | +| name | VARCHAR(100) | Puno ime proizvoda | +| key_prefix | VARCHAR(10) | ESIR-, ARV-, LT- | +| default_limits | JSON | Default limiti za taj proizvod | +| available_features | JSON | Sve moguće features za taj proizvod | +| active | BOOLEAN DEFAULT TRUE | | +| created_at | TIMESTAMP | | + +**Seed podaci:** +```sql +INSERT INTO products (code, name, key_prefix, default_limits, available_features) VALUES +('ESIR', 'ESIR Fiskalizacija', 'ESIR-', + '{"max_installations": 1}', + '["FISCALIZATION", "REPORTS"]'), +('ARV', 'ARV Evidencija RV', 'ARV-', + '{"max_employees": 50, "max_readers": 4}', + '["TIME_ATTENDANCE", "BASIC_REPORTS", "EMPLOYEE_MANAGEMENT", "SHIFTS", "HR_MODULE", "ACCESS_CONTROL"]'), +('LIGHT_TICKET', 'Light-Ticket', 'LT-', + '{"max_operators": 3}', + '["TICKET_VALIDATION", "REPORTS", "EXCEL_EXPORT", "LIVE_FEED"]'); +``` + +**Light-Ticket paketi licenci (odlučeno 03.03.2026):** +- Admin ručno upisuje `max_operators` prilikom kreiranja licence +- Nema eksplicitnog `edition` polja — paketi su samo konvencija: + +| Paket | max_operators | Tip licence | Features | +|-------|--------------|-------------|----------| +| Starter | 3 | MONTHLY ili PERPETUAL | Sve | +| Pro | 10 | MONTHLY ili PERPETUAL | Sve | +| Enterprise | 0 (neograničeno) | MONTHLY ili PERPETUAL | Sve | + +- Default u seed-u je `max_operators: 3` (Starter) +- Sve features su iste za sve pakete — razlikuje se SAMO `max_operators` +- Tipovi licence za LT: MONTHLY (mesečna) i PERPETUAL (trajna). TRIAL i ANNUAL nisu predviđeni za V1. + +#### `licenses` +| Kolona | Tip | Opis | +|--------|-----|------| +| id | BIGINT PK AUTO_INCREMENT | | +| product_id | BIGINT FK(products.id) | Koji proizvod | +| license_key | VARCHAR(25) UNIQUE | {PREFIX}-XXXX-XXXX-XXXX-XXXX | +| license_type | VARCHAR(20) NOT NULL | TRIAL / MONTHLY / ANNUAL / PERPETUAL | +| customer_name | VARCHAR(255) NOT NULL | Naziv firme | +| customer_pib | VARCHAR(20) | PIB (opciono) | +| customer_email | VARCHAR(255) | Email | +| limits | JSON NOT NULL | {"max_employees": 50, "max_readers": 4} | +| features | JSON NOT NULL | ["TIME_ATTENDANCE", "BASIC_REPORTS"] | +| issued_at | TIMESTAMP DEFAULT NOW() | | +| expires_at | TIMESTAMP NULL | NULL = neograničena (PERPETUAL) | +| grace_days | INT DEFAULT 30 | Koliko dana grace period | +| active | BOOLEAN DEFAULT TRUE | | +| revoked | BOOLEAN DEFAULT FALSE | | +| revoked_at | TIMESTAMP NULL | | +| revoked_reason | TEXT | | +| notes | TEXT | Interne beleške | +| created_at | TIMESTAMP | | +| updated_at | TIMESTAMP | | + +**Indeksi:** +- `idx_licenses_key` na (license_key) — UNIQUE +- `idx_licenses_product` na (product_id) +- `idx_licenses_customer` na (customer_name) +- `idx_licenses_expires` na (expires_at) + +#### `activations` +| Kolona | Tip | Opis | +|--------|-----|------| +| id | BIGINT PK AUTO_INCREMENT | | +| license_id | BIGINT FK(licenses.id) | | +| machine_fingerprint | VARCHAR(100) NOT NULL | sha256:... | +| hostname | VARCHAR(100) | Ime računara | +| os_info | VARCHAR(50) | windows / linux | +| app_version | VARCHAR(20) | Verzija aplikacije | +| ip_address | VARCHAR(45) | IP pri aktivaciji | +| activated_at | TIMESTAMP DEFAULT NOW() | | +| deactivated_at | TIMESTAMP NULL | NULL = aktivna | +| is_active | BOOLEAN DEFAULT TRUE | | +| last_seen_at | TIMESTAMP | Poslednja online provera | + +**Indeksi:** +- `idx_activations_license` na (license_id) +- `idx_activations_fingerprint` na (machine_fingerprint) +- `idx_activations_active` na (license_id, is_active) + +#### `audit_log` +| Kolona | Tip | Opis | +|--------|-----|------| +| id | BIGINT PK AUTO_INCREMENT | | +| license_id | BIGINT FK(licenses.id) NULL | | +| action | VARCHAR(30) NOT NULL | ACTIVATE, DEACTIVATE, VALIDATE, REVOKE, FORCE_RELEASE, CREATE, UPDATE | +| ip_address | VARCHAR(45) | | +| details | JSON | Dodatni podaci (fingerprint, hostname, error, itd.) | +| created_at | TIMESTAMP DEFAULT NOW() | | + +**Indeksi:** +- `idx_audit_license` na (license_id) +- `idx_audit_action` na (action) +- `idx_audit_created` na (created_at) + +--- + +## API endpointi + +### Klijentski API (za ESIR, ARV, Light-Ticket aplikacije) + +| Metoda | Putanja | Auth | Opis | +|--------|---------|------|------| +| POST | `/api/v1/activate` | - | Aktivacija licence | +| POST | `/api/v1/deactivate` | - | Deaktivacija (transfer) | +| POST | `/api/v1/validate` | - | Opciona online provera | +| GET | `/api/v1/check-update` | - | Provera za update aplikacije | + +#### POST `/api/v1/activate` +```json +// Request (od klijentske aplikacije) +{ + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "machine_fingerprint": "sha256:a1b2c3d4e5f6...", + "app_version": "1.0.0", + "os": "windows", + "hostname": "FIRMA-PC" +} + +// Response 200 +{ + "license": { + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "product": "LIGHT_TICKET", + "license_type": "MONTHLY", + "issued_at": "2026-03-01T00:00:00Z", + "expires_at": "2026-04-01T00:00:00Z", + "activated_at": "2026-03-03T10:00:00Z", + "machine_fingerprint": "sha256:a1b2c3d4e5f6...", + "grace_days": 30, + "limits": { + "max_operators": 3 + }, + "features": ["TICKET_VALIDATION", "REPORTS", "EXCEL_EXPORT", "LIVE_FEED"], + "customer": { + "name": "Firma DOO", + "email": "admin@firma.rs" + } + }, + "signature": "RSA-SHA256:base64encodedSignature..." +} + +// Response 400 +{ + "error": { + "code": "ALREADY_ACTIVATED", + "message": "Licenca je već aktivirana na drugom računaru", + "details": { + "activated_on": "DRUGA-PC", + "activated_at": "2026-02-15T08:00:00Z" + } + } +} +``` + +**Error kodovi:** INVALID_KEY, ALREADY_ACTIVATED, KEY_EXPIRED, KEY_REVOKED, PRODUCT_MISMATCH + +#### POST `/api/v1/deactivate` +```json +// Request +{ + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "machine_fingerprint": "sha256:a1b2c3d4e5f6..." +} + +// Response 200 +{ + "message": "Licenca uspešno deaktivirana", + "can_reactivate": true +} +``` + +#### POST `/api/v1/validate` +```json +// Request +{ + "license_key": "LT-K7M2-9P4N-R3W8-J6T1", + "machine_fingerprint": "sha256:a1b2c3d4e5f6..." +} + +// Response 200 +{ + "valid": true, + "expires_at": "2026-04-01T00:00:00Z", + "revoked": false +} +``` + +### Admin API + +| Metoda | Putanja | Auth | Opis | +|--------|---------|------|------| +| GET | `/api/v1/admin/products` | API key | Lista proizvoda | +| GET | `/api/v1/admin/licenses` | API key | Lista licenci (filter po proizvodu) | +| POST | `/api/v1/admin/licenses` | API key | Kreiraj licencu | +| GET | `/api/v1/admin/licenses/{id}` | API key | Detalji licence | +| PUT | `/api/v1/admin/licenses/{id}` | API key | Izmeni licencu | +| POST | `/api/v1/admin/licenses/{id}/revoke` | API key | Opozovi licencu | +| POST | `/api/v1/admin/licenses/{id}/release` | API key | Force release (računar crkao) | +| GET | `/api/v1/admin/licenses/{id}/activations` | API key | Aktivacije za licencu | +| GET | `/api/v1/admin/audit` | API key | Audit log | +| GET | `/api/v1/admin/stats` | API key | Statistike | + +### Admin Dashboard (htmx) + +| Metoda | Putanja | Auth | Opis | +|--------|---------|------|------| +| GET | `/login` | - | Login | +| POST | `/login` | - | Login submit | +| GET | `/dashboard` | Session | Početna — statistike po proizvodu | +| GET | `/licenses` | Session | Tabela licenci + filteri | +| GET | `/licenses/new` | Session | Forma za novu licencu | +| POST | `/licenses` | Session | Kreiraj licencu | +| GET | `/licenses/{id}` | Session | Detalji + aktivacije | +| POST | `/licenses/{id}/revoke` | Session | Opozovi | +| POST | `/licenses/{id}/release` | Session | Force release | +| GET | `/audit` | Session | Audit log | + +--- + +## RSA ključevi + +### Generisanje (jednom, čuva se zauvek) +```bash +# Generiši private key (ČUVAJ TAJNO) +openssl genrsa -out crypto/private.pem 2048 + +# Izvuci public key (deli se sa klijentima) +openssl rsa -in crypto/private.pem -pubout -out crypto/public.pem +``` + +### Korišćenje +- **License Server:** koristi `private.pem` za potpisivanje licenci pri aktivaciji +- **Klijenti (ARV, ESIR, LT):** imaju `public.pem` ugrađen u Go binary (`embed`) za verifikaciju potpisa +- **Isti par ključeva** za sve proizvode — jedan server, jedan ključ + +### Šta se potpisuje +``` +Server prima activate request + → Kreira licencni JSON (bez signature polja) + → Potpisuje JSON sa RSA-SHA256 (private key) + → Dodaje potpis u response + → Klijent prima JSON + potpis + → Klijent verifikuje potpis (public key) + → Klijent enkriptuje JSON sa AES-256-GCM (ključ = machine_fingerprint + app_secret) + → Klijent sačuva kao license.enc +``` + +--- + +## Licencni ključ — format + +``` +{PREFIX}-XXXX-XXXX-XXXX-XXXX + +Primeri: + ESIR-K7M2-9P4N-R3W8-J6T1 + ARV-A3B5-C8D2-E7F4-G9H6 + LT-M4N8-P2Q6-R5S3-T7U9 +``` + +- Prefix po proizvodu: čita se iz `products.key_prefix` +- 4 grupe po 4 alfanumerička karaktera +- Karakteri: A-H, J-N, P-Y, 2-9 (bez O/0/I/1 konfuzije) +- Generisanje: crypto/rand + +--- + +## Tipovi licenci + +| Tip | Trajanje | Obnova | Primer | +|-----|----------|--------|--------| +| TRIAL | 30 dana | Nema | Besplatno testiranje | +| MONTHLY | 30 dana | Automatski ili ručno | Light-Ticket | +| ANNUAL | 365 dana | Ručno | ARV, ESIR | +| PERPETUAL | Zauvek | Nema (expires_at = NULL) | Kupljena zauvek | + +### Grace period +- Default: 30 dana posle isteka +- Konfigurisano per licenca (`grace_days` kolona) +- Tokom grace perioda: pun rad + upozorenje na klijentskoj app +- Posle grace-a: read-only režim (GET dozvoljen, POST/PUT/DELETE blokiran) + +--- + +## Dashboard — šta prikazuje + +### Početna strana +- **Po proizvodu:** broj aktivnih / isteklih / u grace-u / trial +- **Ukupno:** sve licence, aktivne aktivacije +- **Alarm:** licence koje ističu u narednih 7 dana +- **Poslednja aktivnost:** zadnjih 10 akcija iz audit loga + +### Lista licenci +- **Filter:** proizvod, status (active/expired/revoked/trial), pretraga po firmi +- **Kolone:** ključ, firma, proizvod, tip, ističe, aktivacija, status +- **Sortiranje:** po datumu isteka (najhitnije prvo) + +### Detalji licence +- Sve informacije o licenci +- Lista aktivacija (hostname, OS, verzija, IP, poslednji put viđen) +- Audit log za tu licencu +- Akcije: produži, opozovi, force release + +--- + +## Migracija sa ESIR License Server-a + +Pošto stari server niko ne koristi u produkciji, migracija je jednostavna: + +1. Kreiraj novi `dal-license-server` projekat +2. Kopiraj korisnu logiku iz `esir-license-server` (keygen, verify flow, helpers) +3. Proširi model (product, features, limits, RSA) +4. Zameni port 8090 (isti port, drop-in replacement) +5. Stari `esir-license-server` → arhiviraj + +--- + +## Implementacioni taskovi + +### Faza 0: Priprema +- **T0-01:** Go projekat (go mod init, struktura foldera) +- **T0-02:** .env.example, .gitignore, README.md +- **T0-03:** Git repo na Gitea +- **T0-04:** Generisanje RSA ključeva (private.pem, public.pem) + +### Faza 1: Baza +- **T1-01:** Config modul (.env) +- **T1-02:** MySQL konekcija +- **T1-03:** Migracija 001_create_tables.sql (products, licenses, activations, audit_log) +- **T1-04:** Migracija 002_seed_products.sql (ESIR, ARV, LIGHT_TICKET) +- **T1-05:** Repository sloj (license_repo, activation_repo, audit_repo) + +### Faza 2: Core servis +- **T2-01:** Keygen — generisanje ključa sa prefix-om po proizvodu +- **T2-02:** Crypto service — RSA potpisivanje licencnog JSON-a +- **T2-03:** License service — CRUD, validacija, revoke +- **T2-04:** Activation service — activate, deactivate, force release, validate +- **T2-05:** Audit logging — svaka akcija se loguje + +### Faza 3: Klijentski API +- **T3-01:** POST /api/v1/activate +- **T3-02:** POST /api/v1/deactivate +- **T3-03:** POST /api/v1/validate +- **T3-04:** Rate limiting na klijentske endpointe + +### Faza 4: Admin API +- **T4-01:** Auth middleware (API key) +- **T4-02:** CRUD endpointi za licence +- **T4-03:** Revoke + Force release endpointi +- **T4-04:** Aktivacije i audit endpointi +- **T4-05:** Statistike endpoint + +### Faza 5: Admin Dashboard (htmx) +- **T5-01:** Login stranica + session auth +- **T5-02:** Dashboard — statistike po proizvodu +- **T5-03:** Lista licenci — tabela, filteri, pretraga +- **T5-04:** Nova licenca — forma sa izborom proizvoda +- **T5-05:** Detalji licence — info, aktivacije, audit, akcije +- **T5-06:** Audit log stranica + +### Faza 6: Testovi +- **T6-01:** Unit — keygen (format, prefix, uniqueness) +- **T6-02:** Unit — crypto (RSA sign/verify, tampered data) +- **T6-03:** Unit — license service (create, expire, grace, revoke) +- **T6-04:** Unit — activation service (activate, deactivate, already_activated, force_release) +- **T6-05:** Integration — activate flow (full roundtrip) +- **T6-06:** Integration — deactivate flow +- **T6-07:** Integration — expired license +- **T6-08:** Integration — revoked license +- **T6-09:** Security — SQL injection na svim inputima +- **T6-10:** Security — rate limiting (brute force key) +- **T6-11:** Security — API key validation +- **T6-12:** TESTING.md + +### Faza 7: DevOps +- **T7-01:** Gitea CI workflow +- **T7-02:** Systemd service fajl +- **T7-03:** Backup skripta za bazu + +--- + +## Konfiguracija (.env) + +```env +# Server +APP_PORT=8090 +APP_ENV=development + +# MySQL +DB_HOST=localhost +DB_PORT=3306 +DB_NAME=dal_license_db +DB_USER=license +DB_PASS=OBAVEZNO-PROMENITI + +# Auth +ADMIN_API_KEY=OBAVEZNO-GENERISATI +SESSION_SECRET=OBAVEZNO-PROMENITI + +# RSA +RSA_PRIVATE_KEY_PATH=./crypto/private.pem + +# Rate limiting +RATE_LIMIT_ACTIVATE=10/min +RATE_LIMIT_VALIDATE=60/min + +# Logging +LOG_LEVEL=info +LOG_FILE=./log/server.log +``` + +--- + +## Konvencije + +- Go net/http (bez framework-a, isto kao ESIR) +- Go 1.22+ method routing (`POST /api/v1/activate`) +- database/sql + raw SQL (bez ORM-a) +- RSA-2048 za potpis, SHA-256 za fingerprint +- API key u `X-API-Key` header-u za admin +- Sve akcije se loguju u audit_log +- Error wrapping: `fmt.Errorf("activate: %w", err)` +- Licencni ključ se NIKAD ne loguje ceo — samo prefix + poslednja 4 karaktera + +--- + +## Bezbednost + +- `private.pem` NIKAD u git-u (u .gitignore) +- `private.pem` permisije: 600 (samo owner čita) +- Admin API key min 32 karaktera +- Rate limiting na activate/validate (zaštita od brute force) +- Audit log za svaku akciju +- HTTPS u produkciji (TLS termination na reverse proxy) +- Licencni ključ u logovima maskiran: `LT-K7M2-****-****-J6T1` + +--- + +## Status implementacije (mart 2026) + +**Kompletno implementiran** — server je funkcionalan, testiran (22/22 testova prošlo). + +### Implementirano + +- ✅ Go projekat inicijalizovan (go.mod, go.sum) +- ✅ MySQL baza `dal_license_db` kreirana, user `license` +- ✅ Migracije (001_create_tables.sql, 002_seed_products.sql) +- ✅ RSA-2048 ključevi generisani (crypto/private.pem, crypto/public.pem) +- ✅ Seed podaci: 3 proizvoda (ESIR, ARV, LIGHT_TICKET) +- ✅ Client API: activate, deactivate, validate +- ✅ Admin API: CRUD licence, stats, audit log +- ✅ Dashboard: login, pregled licenci, kreiranje, detalji, audit log +- ✅ Rate limiting (in-memory sliding window) +- ✅ API key autentifikacija (X-API-Key header) +- ✅ RSA-SHA256 potpisivanje licencnih podataka +- ✅ Audit log za sve akcije +- ✅ Specifikacija kompletna (ovaj CLAUDE.md) + +### Struktura fajlova + +``` +cmd/server/main.go — Entry point, MySQL konekcija, migracije, wire-up +internal/config/config.go — .env loading, DSN builder (multiStatements=true) +internal/model/ + license.go — Product, License, LicenseWithActivation modeli + activation.go — Activation model + audit.go — AuditEntry model + request.go — Request/Response strukture (API) +internal/repository/ + license_repo.go — License CRUD, product queries, stats + activation_repo.go — Activation CRUD, deactivate, force release + audit_repo.go — Audit log insert/list +internal/service/ + license_service.go — License CRUD biznis logika, expiry kalkulacija + activation_service.go — Activate, Deactivate, Validate, ForceRelease + crypto_service.go — RSA-2048 potpisivanje (SHA-256, PKCS1v15) + keygen.go — Generisanje ključeva: {PREFIX}-XXXX-XXXX-XXXX-XXXX +internal/handler/ + client_handler.go — POST /api/v1/activate, deactivate, validate + admin_handler.go — Admin CRUD API endpointi + dashboard_handler.go — Dashboard stranice, in-memory sesije + helpers.go — writeJSON, writeError, clientIP +internal/middleware/ + auth.go — API key auth (X-API-Key header) + ratelimit.go — In-memory sliding window rate limiter +internal/router/router.go — Sve rute (client, admin, dashboard) +migrations/ + 001_create_tables.sql — products, licenses, activations, audit_log + 002_seed_products.sql — ESIR, ARV, LIGHT_TICKET +templates/ + layout/base.html — Glavni layout sa navbar-om + pages/login.html — Login stranica + pages/dashboard.html — Dashboard sa statistikama + pages/licenses.html — Lista licenci sa filterima + pages/license-new.html — Forma za novu licencu + pages/license-detail.html — Detalji licence, aktivacije, audit + pages/audit.html — Globalni audit log +static/css/style.css — Kompletni CSS +static/js/htmx.min.js — htmx biblioteka +crypto/private.pem — RSA-2048 privatni ključ (chmod 600) +crypto/public.pem — RSA javni ključ +``` + +### Konfiguracija (.env) + +``` +APP_PORT=8090 +DB_HOST=localhost / DB_PORT=3306 +DB_NAME=dal_license_db +DB_USER=license / DB_PASS=license_pass_2026 +ADMIN_API_KEY=dal-admin-key-2026-supersecret-change-me +ADMIN_PASSWORD=DalAdmin2026! +RSA_PRIVATE_KEY_PATH=./crypto/private.pem +``` + +### DSN napomena + +DSN sadrži `multiStatements=true` — neophodno za izvršavanje migracija sa više SQL naredbi u jednom `db.Exec()` pozivu. + +### Testirano (22/22) + +1. Health endpoint +2. Products list +3. Create license (sva 3 proizvoda) +4. List licenses +5. License detail +6. Activate license +7. Already activated (drugi hardver) +8. Deactivate license +9. Re-activate (novi hardver) +10. Validate license +11. Revoke license +12. Validate revoked (odbijeno) +13. Invalid license key +14. API key auth (401 bez ključa) +15. Stats endpoint +16. Audit log +17. Dashboard login +18. Dashboard index +19. Licenses page +20. New license form +21. License detail page +22. Audit page + +### Sledeći koraci + +- Faza 8 (Light-Ticket): Integracija sa license serverom +- ARV: Integracija sa license serverom +- ESIR: Integracija sa license serverom + +--- + +*Kreirano: mart 2026* +*Ažurirano: 04.03.2026 — Kompletna implementacija, 22/22 testova* +*Autor: Nenad Đukić / DAL d.o.o.* diff --git a/README.md b/README.md new file mode 100644 index 0000000..4392149 --- /dev/null +++ b/README.md @@ -0,0 +1,58 @@ +# DAL License Server + +Univerzalni licencni server za sve DAL proizvode (ESIR, ARV, Light-Ticket). + +## Funkcionalnosti + +- Kreiranje i upravljanje licencama za N proizvoda +- RSA-2048 potpisivanje licencnih podataka +- Aktivacija/deaktivacija licenci sa machine fingerprint-om +- Admin dashboard (htmx) za upravljanje +- REST API za klijentske aplikacije i admin operacije +- Audit log svih akcija +- Rate limiting na klijentskim endpointima + +## Tech stack + +- **Backend:** Go 1.22+ (net/http, bez framework-a) +- **Baza:** MySQL 8.0 +- **Admin UI:** htmx + Go html/template +- **Kripto:** RSA-2048 (potpis), AES-256-GCM (enkripcija na klijentima) + +## Brzi start + +```bash +# 1. Kopiraj konfiguraciju +cp .env.example .env +# Uredi .env sa pravim vrednostima + +# 2. Kreiraj MySQL bazu +mysql -u root -e "CREATE DATABASE dal_license_db CHARACTER SET utf8mb4;" +mysql -u root -e "CREATE USER 'license'@'localhost' IDENTIFIED BY 'TVOJA_LOZINKA';" +mysql -u root -e "GRANT ALL ON dal_license_db.* TO 'license'@'localhost';" + +# 3. Generiši RSA ključeve (ako ne postoje) +openssl genrsa -out crypto/private.pem 2048 +openssl rsa -in crypto/private.pem -pubout -out crypto/public.pem +chmod 600 crypto/private.pem + +# 4. Pokreni server +go run cmd/server/main.go +# Server dostupan na http://localhost:8090 +``` + +## Dokumentacija + +- [Specifikacija](docs/SPEC.md) +- [Arhitektura](docs/ARCHITECTURE.md) +- [Setup i deployment](docs/SETUP.md) +- [API dokumentacija](API.md) +- [Test checklista](TESTING.md) + +## Port + +Server radi na portu **8090** (konfigurisano u `.env`). + +--- + +*DAL d.o.o. | Mart 2026* diff --git a/TESTING.md b/TESTING.md new file mode 100644 index 0000000..850115c --- /dev/null +++ b/TESTING.md @@ -0,0 +1,105 @@ +# DAL License Server — Test Checklista + +## Health +- [ ] GET /api/v1/health vraca {"status":"ok"} + +## Proizvodi +- [ ] GET /api/v1/admin/products vraca 3 proizvoda (ESIR, ARV, LIGHT_TICKET) + +## Kreiranje licence +- [ ] Kreiranje ESIR licence sa svim poljima +- [ ] Kreiranje ARV licence sa svim poljima +- [ ] Kreiranje LIGHT_TICKET licence sa svim poljima +- [ ] Kreiranje bez customer_name → error +- [ ] Kreiranje sa nepostojecim proizvodom → error +- [ ] Generisani kljuc ima pravilan prefix (ESIR-, ARV-, LT-) +- [ ] Generisani kljuc ima format XXXX-XXXX-XXXX-XXXX + +## Lista licenci +- [ ] GET /api/v1/admin/licenses vraca sve licence +- [ ] Filter po proizvodu radi ispravno + +## Detalji licence +- [ ] GET /api/v1/admin/licenses/{id} vraca sve podatke +- [ ] Nepostojeci ID → 404 + +## Aktivacija +- [ ] Aktivacija sa validnim kljucem i fingerprint-om → 200 + potpis +- [ ] Response sadrzi RSA-SHA256 potpis +- [ ] Response sadrzi sve licencne podatke (limits, features, customer) +- [ ] Ponovna aktivacija istog fingerprint-a → 200 (isti racunar) +- [ ] Aktivacija sa drugog racunara (drugi fingerprint) → ALREADY_ACTIVATED error +- [ ] Aktivacija sa nepostojecim kljucem → INVALID_KEY error +- [ ] Aktivacija opozvane licence → KEY_REVOKED error + +## Deaktivacija +- [ ] Deaktivacija aktivne licence → 200 +- [ ] Deaktivacija vec deaktivirane → error +- [ ] Deaktivacija sa pogresnim fingerprint-om → error + +## Ponovna aktivacija +- [ ] Posle deaktivacije, aktivacija sa novim fingerprint-om → 200 + +## Online validacija +- [ ] Validacija aktivne licence → valid: true +- [ ] Validacija opozvane licence → valid: false / revoked: true +- [ ] Validacija sa pogresnim fingerprint-om → error +- [ ] Validacija nepostojeceg kljuca → error + +## Opozivanje (Revoke) +- [ ] Revoke licence → uspesno +- [ ] Revoke vec opozvane → error +- [ ] Posle revoke-a, aktivacija odbija → KEY_REVOKED + +## Force Release +- [ ] Release aktivacije → uspesno +- [ ] Posle release-a, aktivacija sa novog racunara → 200 + +## API Key autentifikacija +- [ ] Admin endpoint bez X-API-Key → 401 +- [ ] Admin endpoint sa pogresnim kljucem → 401 +- [ ] Admin endpoint sa validnim kljucem → 200 + +## Rate limiting +- [ ] Vise od 10 activate zahteva u minuti → 429 +- [ ] Vise od 60 validate zahteva u minuti → 429 + +## Statistike +- [ ] GET /api/v1/admin/stats vraca podatke po proizvodima +- [ ] Brojevi se azuriraju nakon kreiranja/aktiviranja licence + +## Audit log +- [ ] GET /api/v1/admin/audit vraca log +- [ ] Aktivacija se loguje +- [ ] Deaktivacija se loguje +- [ ] Revoke se loguje +- [ ] Kreiranje licence se loguje +- [ ] Force release se loguje + +## Dashboard — Login +- [ ] GET /login prikazuje login formu +- [ ] Login sa ispravnom lozinkom → redirect na /dashboard +- [ ] Login sa pogresnom lozinkom → error +- [ ] Pristup /dashboard bez logina → redirect na /login + +## Dashboard — Stranice +- [ ] /dashboard prikazuje statistike po proizvodu +- [ ] /licenses prikazuje tabelu licenci +- [ ] /licenses?product=ESIR filtrira po proizvodu +- [ ] /licenses/new prikazuje formu za novu licencu +- [ ] POST /licenses kreira licencu i prikazuje detalje +- [ ] /licenses/{id} prikazuje detalje licence sa aktivacijama +- [ ] /audit prikazuje audit log + +## Dashboard — Akcije +- [ ] Revoke iz dashboard-a → uspesno, prikazuje poruku +- [ ] Force release iz dashboard-a → uspesno + +## Bezbednost +- [ ] .env nije u git-u +- [ ] crypto/private.pem nije u git-u +- [ ] Licencni kljuc je maskiran u logovima + +--- + +*Poslednje azuriranje: mart 2026* diff --git a/cmd/server/main.go b/cmd/server/main.go new file mode 100644 index 0000000..4ee8f00 --- /dev/null +++ b/cmd/server/main.go @@ -0,0 +1,89 @@ +package main + +import ( + "dal-license-server/internal/config" + "dal-license-server/internal/handler" + "dal-license-server/internal/repository" + "dal-license-server/internal/router" + "dal-license-server/internal/service" + "database/sql" + "fmt" + "log" + "net/http" + "os" + "strconv" + + _ "github.com/go-sql-driver/mysql" +) + +func main() { + cfg := config.Load() + + // Connect to MySQL + db, err := sql.Open("mysql", cfg.DSN()) + if err != nil { + log.Fatal("DB open: ", err) + } + defer db.Close() + + if err := db.Ping(); err != nil { + log.Fatal("DB ping: ", err) + } + + // Run migrations + runMigrations(db) + + // Crypto service + cryptoSvc, err := service.NewCryptoService(cfg.RSAPrivateKey) + if err != nil { + log.Fatal("Crypto: ", err) + } + + // Repositories + licenseRepo := repository.NewLicenseRepo(db) + activationRepo := repository.NewActivationRepo(db) + auditRepo := repository.NewAuditRepo(db) + + // Services + licenseSvc := service.NewLicenseService(licenseRepo, auditRepo) + activationSvc := service.NewActivationService(activationRepo, licenseRepo, auditRepo, cryptoSvc, licenseSvc) + + // Handlers + clientHandler := handler.NewClientHandler(activationSvc) + adminHandler := handler.NewAdminHandler(licenseSvc, activationSvc, auditRepo) + dashboardHandler := handler.NewDashboardHandler(licenseSvc, activationSvc, auditRepo, "templates", cfg.AdminPassword) + + // Rate limits + rlActivate, _ := strconv.Atoi(cfg.RateLimitActivate) + if rlActivate == 0 { + rlActivate = 10 + } + rlValidate, _ := strconv.Atoi(cfg.RateLimitValidate) + if rlValidate == 0 { + rlValidate = 60 + } + + // Router + mux := router.Setup(clientHandler, adminHandler, dashboardHandler, cfg.AdminAPIKey, rlActivate, rlValidate) + + addr := ":" + cfg.Port + fmt.Printf("DAL License Server pokrenut na http://localhost%s\n", addr) + if err := http.ListenAndServe(addr, mux); err != nil { + log.Fatal(err) + } +} + +func runMigrations(db *sql.DB) { + files := []string{"migrations/001_create_tables.sql", "migrations/002_seed_products.sql"} + for _, f := range files { + data, err := os.ReadFile(f) + if err != nil { + log.Printf("Migration %s: %v", f, err) + continue + } + _, err = db.Exec(string(data)) + if err != nil { + log.Printf("Migration %s: %v (may already exist)", f, err) + } + } +} diff --git a/crypto/public.pem b/crypto/public.pem new file mode 100644 index 0000000..6f42417 --- /dev/null +++ b/crypto/public.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA123J/L0kCZ7q03EAnRAg +x0wg97ywKlu5AmYliPYc3ucuN50JNC3fsKgH2mBYY5oDpEoTYGw+DNj8c7BrrHGV +xjbKpJmoC/9eguAOQQSF9lFKem3/84S3hGSXQMY1+yEwRduNB8rplFDajRwQMwyY +THS4J6n7/nYJdx8ppQpNSNqYu52w2obkU7dJMaQlPwMXzrXRfUdtNSgbdFlaD6PQ +Hb7KOU+spt32+ys6hkr3h4EdQjUidOZYDySVRPiElcOsl25R1L6ApOw+RIMfs7wW +72c5RFpzp0R5Cj9BuDe+bk85H4WrHFOcBnCEzvn/ww3wnrj2ERVD9TFh4KrY5ZC6 +qQIDAQAB +-----END PUBLIC KEY----- diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md new file mode 100644 index 0000000..f4a748a --- /dev/null +++ b/docs/ARCHITECTURE.md @@ -0,0 +1,158 @@ +# DAL License Server — Arhitektura + +## Dijagram sistema + +``` +┌─────────────────────────────────────────────────────┐ +│ DAL LICENSE SERVER │ +│ port: 8090 │ +│ │ +│ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ +│ │ Admin API │ │ Klijent │ │ Admin Dashboard │ │ +│ │ (CRUD) │ │ API │ │ (htmx) │ │ +│ └──────────┘ └──────────┘ └──────────────────┘ │ +│ │ │ │ │ +│ └──────────────┼───────────────┘ │ +│ │ │ +│ ┌────────┴────────┐ │ +│ │ MySQL baza │ │ +│ │ dal_license_db │ │ +│ └─────────────────┘ │ +│ │ +│ RSA-2048 Private Key (samo ovde, nikad ne izlazi) │ +└─────────────────────────────────────────────────────┘ + ▲ ▲ ▲ + │ │ │ + ┌────┴────┐ ┌────┴────┐ ┌────┴────────┐ + │ ESIR │ │ ARV │ │ Light-Ticket │ + │ klijent │ │ klijent │ │ klijent │ + └─────────┘ └─────────┘ └──────────────┘ + Svaki ima RSA public key ugrađen u binary +``` + +## Struktura projekta + +``` +dal-license-server/ +├── cmd/server/main.go — Entry point, MySQL konekcija, migracije +├── internal/ +│ ├── config/config.go — .env loading, DSN builder +│ ├── model/ +│ │ ├── license.go — Product, License, LicenseWithActivation +│ │ ├── activation.go — Activation model +│ │ ├── audit.go — AuditEntry model +│ │ └── request.go — Request/Response strukture +│ ├── repository/ +│ │ ├── license_repo.go — License CRUD, product queries, stats +│ │ ├── activation_repo.go — Activation CRUD, deactivate, force release +│ │ └── audit_repo.go — Audit log insert/list +│ ├── service/ +│ │ ├── license_service.go — License CRUD biznis logika +│ │ ├── activation_service.go — Activate, Deactivate, Validate, ForceRelease +│ │ ├── crypto_service.go — RSA-2048 potpisivanje (SHA-256, PKCS1v15) +│ │ └── keygen.go — Generisanje ključeva +│ ├── handler/ +│ │ ├── client_handler.go — POST /api/v1/activate, deactivate, validate +│ │ ├── admin_handler.go — Admin CRUD API +│ │ ├── dashboard_handler.go — Dashboard stranice, in-memory sesije +│ │ └── helpers.go — writeJSON, writeError, clientIP +│ ├── middleware/ +│ │ ├── auth.go — API key auth (X-API-Key header) +│ │ └── ratelimit.go — In-memory sliding window rate limiter +│ └── router/router.go — Sve rute +├── templates/ +│ ├── layout/base.html — Glavni layout sa navbar-om +│ └── pages/ — login, dashboard, licenses, audit... +├── static/ +│ ├── css/style.css — CSS +│ └── js/htmx.min.js — htmx biblioteka +├── crypto/ +│ ├── private.pem — RSA-2048 privatni ključ (ne u git-u!) +│ └── public.pem — RSA javni ključ +├── migrations/ +│ ├── 001_create_tables.sql — products, licenses, activations, audit_log +│ └── 002_seed_products.sql — ESIR, ARV, LIGHT_TICKET seed +└── .env — Konfiguracija (ne u git-u!) +``` + +## Slojevi + +### 1. Handler (HTTP) + +Prima HTTP zahteve, parsira input, poziva servis, vraca JSON ili HTML response. Tri grupe: + +- **ClientHandler** — API za klijentske aplikacije (activate, deactivate, validate) +- **AdminHandler** — REST API za admin operacije (CRUD licence, stats, audit) +- **DashboardHandler** — htmx stranice za admin dashboard + +### 2. Service (biznis logika) + +- **LicenseService** — Kreiranje licenci, keygen, validacija tipova, expiry kalkulacija +- **ActivationService** — Aktivacija sa RSA potpisom, deaktivacija, online validacija, force release +- **CryptoService** — RSA-SHA256 potpisivanje licencnog JSON-a + +### 3. Repository (baza) + +- **LicenseRepo** — License i Product CRUD, filteri, statistike +- **ActivationRepo** — Activation CRUD, deaktivacija, force release +- **AuditRepo** — Insert i listanje audit log-a + +### 4. Middleware + +- **APIKeyAuth** — Provera `X-API-Key` header-a za admin API +- **RateLimit** — In-memory sliding window, per-IP, konfigurisani limiti + +## Baza podataka (MySQL) + +### Tabele + +``` +products — Definicija proizvoda (ESIR, ARV, LIGHT_TICKET) +licenses — Izdate licence sa limitima i feature-ima +activations — Aktivacije licenci (machine fingerprint, hostname, OS) +audit_log — Log svih akcija +``` + +### Relacije + +``` +products 1 ──── N licenses +licenses 1 ──── N activations +licenses 1 ──── N audit_log +``` + +### Kljucni indeksi + +- `licenses.license_key` — UNIQUE +- `activations (license_id, is_active)` — Brza provera aktivnih aktivacija +- `audit_log (created_at)` — Sortiranje po vremenu + +## Autentifikacija + +### Admin API +- `X-API-Key` header sa API kljucem iz `.env` +- Minimum 32 karaktera + +### Admin Dashboard +- Username/password login (password iz `.env`) +- In-memory session (cookie-based) + +### Klijentski API +- Bez autentifikacije (javni endpointi) +- Zastiteni rate limiting-om + +## Kripto + +- **RSA-2048** — Potpisivanje licencnih podataka pri aktivaciji +- **SHA-256** — Hash za machine fingerprint +- **PKCS1v15** — Shema potpisa +- Isti par kljuceva za sve proizvode +- Private key samo na serveru, public key ugrađen u klijentske binary-je + +## Migracije + +Pokrecu se automatski pri startu servera (`runMigrations` u `main.go`). DSN koristi `multiStatements=true` za izvrsavanje SQL fajlova sa vise naredbi. + +--- + +*Mart 2026* diff --git a/docs/SETUP.md b/docs/SETUP.md new file mode 100644 index 0000000..3317bf5 --- /dev/null +++ b/docs/SETUP.md @@ -0,0 +1,162 @@ +# DAL License Server — Setup i Deployment + +## Preduslovi + +- Go 1.22+ +- MySQL 8.0 +- OpenSSL (za generisanje RSA kljuceva) + +## Instalacija + +### 1. Kloniraj projekat + +```bash +cd /root/projects +git clone http://localhost:3000/dal/dal-license-server.git +cd dal-license-server +``` + +### 2. Instaliraj Go zavisnosti + +```bash +go mod download +``` + +### 3. Kreiraj MySQL bazu + +```sql +CREATE DATABASE dal_license_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; +CREATE USER 'license'@'localhost' IDENTIFIED BY 'TVOJA_LOZINKA'; +GRANT ALL PRIVILEGES ON dal_license_db.* TO 'license'@'localhost'; +FLUSH PRIVILEGES; +``` + +### 4. Generiši RSA kljuceve + +```bash +mkdir -p crypto +openssl genrsa -out crypto/private.pem 2048 +openssl rsa -in crypto/private.pem -pubout -out crypto/public.pem +chmod 600 crypto/private.pem +``` + +**Vazno:** `private.pem` nikad ne sme uci u git. `public.pem` se deli sa klijentskim aplikacijama. + +### 5. Konfiguracija + +```bash +cp .env.example .env +``` + +Uredi `.env`: + +```env +APP_PORT=8090 +APP_ENV=production + +DB_HOST=localhost +DB_PORT=3306 +DB_NAME=dal_license_db +DB_USER=license +DB_PASS=tvoja_lozinka + +ADMIN_API_KEY=generisi-min-32-char-kljuc +ADMIN_PASSWORD=jaka_lozinka +SESSION_SECRET=random-32-char-string + +RSA_PRIVATE_KEY_PATH=./crypto/private.pem + +RATE_LIMIT_ACTIVATE=10 +RATE_LIMIT_VALIDATE=60 + +LOG_LEVEL=info +``` + +### 6. Pokretanje + +```bash +go run cmd/server/main.go +``` + +Server se pokrece na `http://localhost:8090`. Migracije se izvrsavaju automatski pri prvom pokretanju. + +## Produkcijski deployment + +### Build + +```bash +go build -o dal-license-server cmd/server/main.go +``` + +### Systemd servis + +Kreiraj `/etc/systemd/system/dal-license-server.service`: + +```ini +[Unit] +Description=DAL License Server +After=network.target mysql.service + +[Service] +Type=simple +User=root +WorkingDirectory=/root/projects/dal-license-server +ExecStart=/root/projects/dal-license-server/dal-license-server +Restart=always +RestartSec=5 +EnvironmentFile=/root/projects/dal-license-server/.env + +[Install] +WantedBy=multi-user.target +``` + +```bash +systemctl daemon-reload +systemctl enable dal-license-server +systemctl start dal-license-server +``` + +### HTTPS (reverse proxy) + +Preporuceno: Caddy ili Nginx kao reverse proxy sa TLS: + +``` +# Caddy primer +license.dal.rs { + reverse_proxy localhost:8090 +} +``` + +## Backup + +### MySQL backup + +```bash +mysqldump -u license -p dal_license_db > backup_$(date +%Y%m%d).sql +``` + +### RSA kljucevi + +Obavezno backup-ovati `crypto/private.pem` na sigurno mesto. Gubitak private key-a znaci da nijedna postojeca licenca ne moze biti verifikovana. + +## Testiranje + +```bash +# Svi testovi +go test ./... -v -count=1 + +# Health check +curl http://localhost:8090/api/v1/health +``` + +## Pristup + +| Interfejs | URL | Auth | +|-----------|-----|------| +| Dashboard | http://localhost:8090/dashboard | Username + password iz .env | +| Admin API | http://localhost:8090/api/v1/admin/* | X-API-Key header | +| Klijentski API | http://localhost:8090/api/v1/* | Bez auth-a | + +--- + +*Mart 2026* diff --git a/docs/SPEC.md b/docs/SPEC.md new file mode 100644 index 0000000..831597d --- /dev/null +++ b/docs/SPEC.md @@ -0,0 +1,99 @@ +# DAL License Server — Specifikacija + +## Cilj + +Univerzalni licencni server koji zamenjuje stari `esir-license-server` i podržava sve DAL proizvode: ESIR, ARV, Light-Ticket, i buduće aplikacije. + +## Principi + +- **Jedan server, svi proizvodi** — License Server opslužuje N proizvoda sa jednog mesta +- **RSA potpisivanje** — Server ima private key, klijenti imaju public key ugrađen u binary +- **Offline rad** — Klijentske aplikacije rade offline sa lokalnim `license.enc` fajlom +- **Audit sve** — Svaka akcija (aktivacija, deaktivacija, revoke) se loguje + +## Proizvodi + +| Proizvod | Prefix | Default limiti | +|----------|--------|----------------| +| ESIR Fiskalizacija | `ESIR-` | max_installations: 1 | +| ARV Evidencija RV | `ARV-` | max_employees: 50, max_readers: 4 | +| Light-Ticket | `LT-` | max_operators: 3 | + +## Tipovi licenci + +| Tip | Trajanje | Opis | +|-----|----------|------| +| TRIAL | 30 dana | Besplatno testiranje, bez obnove | +| MONTHLY | 30 dana | Mesecna pretplata | +| ANNUAL | 365 dana | Godisnja licenca | +| PERPETUAL | Bez isteka | Kupljena zauvek (expires_at = NULL) | + +### Grace period + +- Default: 30 dana posle isteka licence +- Konfigurisano per licenca (`grace_days` kolona) +- Tokom grace perioda: pun rad + upozorenje u klijentskoj aplikaciji +- Posle grace perioda: read-only rezim (GET dozvoljen, POST/PUT/DELETE blokiran) + +## Licencni kljuc — format + +``` +{PREFIX}-XXXX-XXXX-XXXX-XXXX + +Primeri: + ESIR-K7M2-9P4N-R3W8-J6T1 + ARV-A3B5-C8D2-E7F4-G9H6 + LT-M4N8-P2Q6-R5S3-T7U9 +``` + +- Prefix se cita iz `products.key_prefix` +- 4 grupe po 4 alfanumericka karaktera +- Karakteri: A-H, J-N, P-Y, 2-9 (bez O/0/I/1 konfuzije) +- Generisanje: `crypto/rand` + +## Tok — od kupovine do rada + +### 1. Admin kreira licencu + +Admin kroz dashboard bira proizvod, unosi podatke firme, tip licence i limite. Server generise jedinstven kljuc. + +### 2. Klijent aktivira + +Klijentska aplikacija salje serveru: kljuc + machine_fingerprint + app_version + OS. Server proverava validnost, potpisuje licencne podatke RSA private key-em, vraca JSON + RSA potpis. Klijent kreira `license.enc` lokalno. + +### 3. Svakodnevni rad (offline) + +Aplikacija cita `license.enc`, dekriptuje, proverava RSA potpis (public key), proverava fingerprint i rok. Internet nije potreban. + +### 4. Opciona online provera + +Jednom dnevno (ako ima internet), aplikacija proverava da licenca nije revocirana na serveru. + +## Light-Ticket paketi + +| Paket | max_operators | Tip licence | +|-------|--------------|-------------| +| Starter | 3 | MONTHLY ili PERPETUAL | +| Pro | 10 | MONTHLY ili PERPETUAL | +| Enterprise | 0 (neograniceno) | MONTHLY ili PERPETUAL | + +- Admin rucno upisuje `max_operators` prilikom kreiranja licence +- Sve features su iste za sve pakete — razlikuje se samo `max_operators` +- Tipovi licence za LT: MONTHLY i PERPETUAL (TRIAL i ANNUAL nisu predvidjeni za V1) + +## Korisnici sistema + +1. **Admin** — Upravlja licencama kroz dashboard ili API +2. **Klijentske aplikacije** — ESIR, ARV, Light-Ticket komuniciraju sa serverom za aktivaciju/validaciju + +## Bezbednost + +- `private.pem` nikad u git-u, permisije 600 +- Admin API key minimum 32 karaktera +- Rate limiting na activate/validate (zastita od brute force) +- Licencni kljuc u logovima maskiran: `LT-K7M2-****-****-J6T1` +- HTTPS u produkciji (TLS termination na reverse proxy) + +--- + +*Kreirano: mart 2026* diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..4d8a95d --- /dev/null +++ b/go.mod @@ -0,0 +1,7 @@ +module dal-license-server + +go 1.23.6 + +require github.com/go-sql-driver/mysql v1.9.3 + +require filippo.io/edwards25519 v1.1.0 // indirect diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..4bcdcfa --- /dev/null +++ b/go.sum @@ -0,0 +1,4 @@ +filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= +filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= +github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= +github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= diff --git a/internal/config/config.go b/internal/config/config.go new file mode 100644 index 0000000..73a210e --- /dev/null +++ b/internal/config/config.go @@ -0,0 +1,80 @@ +package config + +import ( + "bufio" + "os" + "strings" +) + +type Config struct { + Port string + Env string + DBHost string + DBPort string + DBName string + DBUser string + DBPass string + AdminAPIKey string + AdminPassword string + SessionSecret string + RSAPrivateKey string + RateLimitActivate string + RateLimitValidate string + LogLevel string +} + +func Load() *Config { + loadEnvFile(".env") + + return &Config{ + Port: getEnv("APP_PORT", "8090"), + Env: getEnv("APP_ENV", "development"), + DBHost: getEnv("DB_HOST", "localhost"), + DBPort: getEnv("DB_PORT", "3306"), + DBName: getEnv("DB_NAME", "dal_license_db"), + DBUser: getEnv("DB_USER", "license"), + DBPass: getEnv("DB_PASS", ""), + AdminAPIKey: getEnv("ADMIN_API_KEY", ""), + AdminPassword: getEnv("ADMIN_PASSWORD", "admin123"), + SessionSecret: getEnv("SESSION_SECRET", "change-me"), + RSAPrivateKey: getEnv("RSA_PRIVATE_KEY_PATH", "./crypto/private.pem"), + RateLimitActivate: getEnv("RATE_LIMIT_ACTIVATE", "10"), + RateLimitValidate: getEnv("RATE_LIMIT_VALIDATE", "60"), + LogLevel: getEnv("LOG_LEVEL", "info"), + } +} + +func (c *Config) DSN() string { + return c.DBUser + ":" + c.DBPass + "@tcp(" + c.DBHost + ":" + c.DBPort + ")/" + c.DBName + "?parseTime=true&charset=utf8mb4&multiStatements=true" +} + +func getEnv(key, fallback string) string { + if v := os.Getenv(key); v != "" { + return v + } + return fallback +} + +func loadEnvFile(path string) { + f, err := os.Open(path) + if err != nil { + return + } + defer f.Close() + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if line == "" || strings.HasPrefix(line, "#") { + continue + } + parts := strings.SplitN(line, "=", 2) + if len(parts) == 2 { + key := strings.TrimSpace(parts[0]) + val := strings.TrimSpace(parts[1]) + if os.Getenv(key) == "" { + os.Setenv(key, val) + } + } + } +} diff --git a/internal/handler/admin_handler.go b/internal/handler/admin_handler.go new file mode 100644 index 0000000..02816d1 --- /dev/null +++ b/internal/handler/admin_handler.go @@ -0,0 +1,162 @@ +package handler + +import ( + "dal-license-server/internal/model" + "dal-license-server/internal/repository" + "dal-license-server/internal/service" + "encoding/json" + "net/http" + "strconv" +) + +type AdminHandler struct { + licenses *service.LicenseService + activation *service.ActivationService + audit *repository.AuditRepo +} + +func NewAdminHandler(licenses *service.LicenseService, activation *service.ActivationService, audit *repository.AuditRepo) *AdminHandler { + return &AdminHandler{licenses: licenses, activation: activation, audit: audit} +} + +func (h *AdminHandler) ListProducts(w http.ResponseWriter, r *http.Request) { + products, err := h.licenses.GetProducts() + if err != nil { + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Greska pri ucitavanju proizvoda") + return + } + writeJSON(w, http.StatusOK, products) +} + +func (h *AdminHandler) ListLicenses(w http.ResponseWriter, r *http.Request) { + product := r.URL.Query().Get("product") + status := r.URL.Query().Get("status") + search := r.URL.Query().Get("search") + + licenses, err := h.licenses.List(product, status, search) + if err != nil { + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Greska pri ucitavanju licenci") + return + } + writeJSON(w, http.StatusOK, licenses) +} + +func (h *AdminHandler) CreateLicense(w http.ResponseWriter, r *http.Request) { + var req model.CreateLicenseRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeError(w, http.StatusBadRequest, "INVALID_REQUEST", "Neispravan zahtev") + return + } + + license, err := h.licenses.Create(&req, clientIP(r)) + if err != nil { + writeError(w, http.StatusInternalServerError, "CREATE_FAILED", err.Error()) + return + } + writeJSON(w, http.StatusCreated, license) +} + +func (h *AdminHandler) GetLicense(w http.ResponseWriter, r *http.Request) { + id, err := strconv.ParseInt(r.PathValue("id"), 10, 64) + if err != nil { + writeError(w, http.StatusBadRequest, "INVALID_ID", "Neispravan ID") + return + } + + license, err := h.licenses.GetByID(id) + if err != nil { + writeError(w, http.StatusNotFound, "NOT_FOUND", "Licenca nije pronadjena") + return + } + writeJSON(w, http.StatusOK, license) +} + +func (h *AdminHandler) UpdateLicense(w http.ResponseWriter, r *http.Request) { + id, err := strconv.ParseInt(r.PathValue("id"), 10, 64) + if err != nil { + writeError(w, http.StatusBadRequest, "INVALID_ID", "Neispravan ID") + return + } + + var req model.UpdateLicenseRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeError(w, http.StatusBadRequest, "INVALID_REQUEST", "Neispravan zahtev") + return + } + + if err := h.licenses.Update(id, &req, clientIP(r)); err != nil { + writeError(w, http.StatusInternalServerError, "UPDATE_FAILED", err.Error()) + return + } + writeJSON(w, http.StatusOK, map[string]string{"message": "Licenca azurirana"}) +} + +func (h *AdminHandler) RevokeLicense(w http.ResponseWriter, r *http.Request) { + id, err := strconv.ParseInt(r.PathValue("id"), 10, 64) + if err != nil { + writeError(w, http.StatusBadRequest, "INVALID_ID", "Neispravan ID") + return + } + + var req model.RevokeRequest + json.NewDecoder(r.Body).Decode(&req) + + if err := h.licenses.Revoke(id, req.Reason, clientIP(r)); err != nil { + writeError(w, http.StatusInternalServerError, "REVOKE_FAILED", err.Error()) + return + } + writeJSON(w, http.StatusOK, map[string]string{"message": "Licenca opozvana"}) +} + +func (h *AdminHandler) ReleaseLicense(w http.ResponseWriter, r *http.Request) { + id, err := strconv.ParseInt(r.PathValue("id"), 10, 64) + if err != nil { + writeError(w, http.StatusBadRequest, "INVALID_ID", "Neispravan ID") + return + } + + if err := h.activation.ForceRelease(id, clientIP(r)); err != nil { + writeError(w, http.StatusInternalServerError, "RELEASE_FAILED", err.Error()) + return + } + writeJSON(w, http.StatusOK, map[string]string{"message": "Aktivacija oslobodjena"}) +} + +func (h *AdminHandler) ListActivations(w http.ResponseWriter, r *http.Request) { + id, err := strconv.ParseInt(r.PathValue("id"), 10, 64) + if err != nil { + writeError(w, http.StatusBadRequest, "INVALID_ID", "Neispravan ID") + return + } + + acts, err := h.activation.ListByLicense(id) + if err != nil { + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Greska") + return + } + if acts == nil { + acts = []model.Activation{} + } + writeJSON(w, http.StatusOK, acts) +} + +func (h *AdminHandler) AuditLog(w http.ResponseWriter, r *http.Request) { + entries, err := h.audit.Recent(100) + if err != nil { + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Greska") + return + } + if entries == nil { + entries = []model.AuditEntry{} + } + writeJSON(w, http.StatusOK, entries) +} + +func (h *AdminHandler) Stats(w http.ResponseWriter, r *http.Request) { + stats, err := h.licenses.GetStats() + if err != nil { + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Greska") + return + } + writeJSON(w, http.StatusOK, stats) +} diff --git a/internal/handler/client_handler.go b/internal/handler/client_handler.go new file mode 100644 index 0000000..ddedc31 --- /dev/null +++ b/internal/handler/client_handler.go @@ -0,0 +1,69 @@ +package handler + +import ( + "dal-license-server/internal/model" + "dal-license-server/internal/service" + "encoding/json" + "net/http" +) + +type ClientHandler struct { + activation *service.ActivationService +} + +func NewClientHandler(activation *service.ActivationService) *ClientHandler { + return &ClientHandler{activation: activation} +} + +func (h *ClientHandler) Activate(w http.ResponseWriter, r *http.Request) { + var req model.ActivateRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeError(w, http.StatusBadRequest, "INVALID_REQUEST", "Neispravan zahtev") + return + } + + if req.LicenseKey == "" || req.MachineFingerprint == "" { + writeError(w, http.StatusBadRequest, "INVALID_REQUEST", "license_key i machine_fingerprint su obavezni") + return + } + + resp, err := h.activation.Activate(&req, clientIP(r)) + if err != nil { + writeLicenseError(w, err) + return + } + + writeJSON(w, http.StatusOK, resp) +} + +func (h *ClientHandler) Deactivate(w http.ResponseWriter, r *http.Request) { + var req model.DeactivateRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeError(w, http.StatusBadRequest, "INVALID_REQUEST", "Neispravan zahtev") + return + } + + resp, err := h.activation.Deactivate(&req, clientIP(r)) + if err != nil { + writeLicenseError(w, err) + return + } + + writeJSON(w, http.StatusOK, resp) +} + +func (h *ClientHandler) Validate(w http.ResponseWriter, r *http.Request) { + var req model.ValidateRequest + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + writeError(w, http.StatusBadRequest, "INVALID_REQUEST", "Neispravan zahtev") + return + } + + resp, err := h.activation.Validate(&req, clientIP(r)) + if err != nil { + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Greska pri validaciji") + return + } + + writeJSON(w, http.StatusOK, resp) +} diff --git a/internal/handler/dashboard_handler.go b/internal/handler/dashboard_handler.go new file mode 100644 index 0000000..cfedd5b --- /dev/null +++ b/internal/handler/dashboard_handler.go @@ -0,0 +1,283 @@ +package handler + +import ( + "crypto/rand" + "dal-license-server/internal/model" + "dal-license-server/internal/repository" + "dal-license-server/internal/service" + "encoding/hex" + "encoding/json" + "html/template" + "log" + "net/http" + "path/filepath" + "strconv" + "strings" + "sync" + "time" +) + +type DashboardHandler struct { + licenses *service.LicenseService + activation *service.ActivationService + audit *repository.AuditRepo + templates map[string]*template.Template + sessions map[string]time.Time + mu sync.RWMutex + password string +} + +func NewDashboardHandler(licenses *service.LicenseService, activation *service.ActivationService, audit *repository.AuditRepo, tmplDir, password string) *DashboardHandler { + funcMap := template.FuncMap{ + "formatDate": func(t time.Time) string { return t.Format("02.01.2006 15:04") }, + "formatDateShort": func(t time.Time) string { return t.Format("02.01.2006") }, + "json": func(v interface{}) string { + b, _ := json.MarshalIndent(v, "", " ") + return string(b) + }, + "jsonPretty": func(v json.RawMessage) string { + var out interface{} + json.Unmarshal(v, &out) + b, _ := json.MarshalIndent(out, "", " ") + return string(b) + }, + "add": func(a, b int) int { return a + b }, + "maskKey": func(key string) string { + if len(key) < 10 { + return key + } + parts := strings.SplitN(key, "-", 2) + prefix := parts[0] + "-" + rest := parts[1] + rParts := strings.Split(rest, "-") + if len(rParts) >= 4 { + return prefix + rParts[0] + "-****-****-" + rParts[3] + } + return key + }, + } + + h := &DashboardHandler{ + licenses: licenses, + activation: activation, + audit: audit, + templates: make(map[string]*template.Template), + sessions: make(map[string]time.Time), + password: password, + } + + layoutFiles, _ := filepath.Glob(filepath.Join(tmplDir, "layout", "*.html")) + partialFiles, _ := filepath.Glob(filepath.Join(tmplDir, "partials", "*.html")) + baseFiles := append(layoutFiles, partialFiles...) + + pageFiles, _ := filepath.Glob(filepath.Join(tmplDir, "pages", "*.html")) + for _, page := range pageFiles { + name := filepath.Base(page) + files := append(baseFiles, page) + tmpl := template.Must(template.New(name).Funcs(funcMap).ParseFiles(files...)) + h.templates[name] = tmpl + } + + return h +} + +func (h *DashboardHandler) render(w http.ResponseWriter, name string, data interface{}) { + tmpl, ok := h.templates[name] + if !ok { + log.Printf("Template not found: %s", name) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + return + } + w.Header().Set("Content-Type", "text/html; charset=utf-8") + if err := tmpl.ExecuteTemplate(w, name, data); err != nil { + log.Printf("Template error (%s): %v", name, err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + } +} + +func (h *DashboardHandler) isLoggedIn(r *http.Request) bool { + c, err := r.Cookie("dash_session") + if err != nil { + return false + } + h.mu.RLock() + defer h.mu.RUnlock() + exp, ok := h.sessions[c.Value] + if !ok || time.Now().After(exp) { + return false + } + return true +} + +func (h *DashboardHandler) RequireLogin(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if !h.isLoggedIn(r) { + http.Redirect(w, r, "/login", http.StatusSeeOther) + return + } + next.ServeHTTP(w, r) + }) +} + +func (h *DashboardHandler) LoginPage(w http.ResponseWriter, r *http.Request) { + h.render(w, "login.html", nil) +} + +func (h *DashboardHandler) Login(w http.ResponseWriter, r *http.Request) { + password := r.FormValue("password") + if password != h.password { + h.render(w, "login.html", map[string]interface{}{"Error": "Pogresna lozinka"}) + return + } + + b := make([]byte, 32) + rand.Read(b) + sid := hex.EncodeToString(b) + + h.mu.Lock() + h.sessions[sid] = time.Now().Add(8 * time.Hour) + h.mu.Unlock() + + http.SetCookie(w, &http.Cookie{ + Name: "dash_session", + Value: sid, + Path: "/", + HttpOnly: true, + SameSite: http.SameSiteLaxMode, + }) + http.Redirect(w, r, "/dashboard", http.StatusSeeOther) +} + +func (h *DashboardHandler) Logout(w http.ResponseWriter, r *http.Request) { + if c, err := r.Cookie("dash_session"); err == nil { + h.mu.Lock() + delete(h.sessions, c.Value) + h.mu.Unlock() + } + http.SetCookie(w, &http.Cookie{Name: "dash_session", MaxAge: -1, Path: "/"}) + http.Redirect(w, r, "/login", http.StatusSeeOther) +} + +func (h *DashboardHandler) Dashboard(w http.ResponseWriter, r *http.Request) { + stats, _ := h.licenses.GetStats() + expiring, _ := h.licenses.ExpiringIn(7) + recent, _ := h.audit.Recent(10) + + h.render(w, "dashboard.html", map[string]interface{}{ + "Stats": stats, + "Expiring": expiring, + "Recent": recent, + "ActivePage": "dashboard", + }) +} + +func (h *DashboardHandler) LicenseList(w http.ResponseWriter, r *http.Request) { + product := r.URL.Query().Get("product") + status := r.URL.Query().Get("status") + search := r.URL.Query().Get("search") + + licenses, _ := h.licenses.List(product, status, search) + products, _ := h.licenses.GetProducts() + + h.render(w, "licenses.html", map[string]interface{}{ + "Licenses": licenses, + "Products": products, + "Product": product, + "Status": status, + "Search": search, + "ActivePage": "licenses", + }) +} + +func (h *DashboardHandler) LicenseNew(w http.ResponseWriter, r *http.Request) { + products, _ := h.licenses.GetProducts() + h.render(w, "license-new.html", map[string]interface{}{ + "Products": products, + "ActivePage": "licenses", + }) +} + +func (h *DashboardHandler) LicenseCreate(w http.ResponseWriter, r *http.Request) { + productID, _ := strconv.ParseInt(r.FormValue("product_id"), 10, 64) + graceDays, _ := strconv.Atoi(r.FormValue("grace_days")) + if graceDays == 0 { + graceDays = 30 + } + + limitsStr := r.FormValue("limits") + var limits json.RawMessage + if limitsStr != "" { + limits = json.RawMessage(limitsStr) + } + + featuresStr := r.FormValue("features") + var features json.RawMessage + if featuresStr != "" { + features = json.RawMessage(featuresStr) + } + + req := &model.CreateLicenseRequest{ + ProductID: productID, + LicenseType: r.FormValue("license_type"), + CustomerName: r.FormValue("customer_name"), + CustomerPIB: r.FormValue("customer_pib"), + CustomerEmail: r.FormValue("customer_email"), + Limits: limits, + Features: features, + GraceDays: graceDays, + Notes: r.FormValue("notes"), + } + + license, err := h.licenses.Create(req, clientIP(r)) + if err != nil { + products, _ := h.licenses.GetProducts() + h.render(w, "license-new.html", map[string]interface{}{ + "Products": products, + "Error": err.Error(), + "ActivePage": "licenses", + }) + return + } + + http.Redirect(w, r, "/licenses/"+strconv.FormatInt(license.ID, 10), http.StatusSeeOther) +} + +func (h *DashboardHandler) LicenseDetail(w http.ResponseWriter, r *http.Request) { + id, _ := strconv.ParseInt(r.PathValue("id"), 10, 64) + license, err := h.licenses.GetByID(id) + if err != nil { + http.Error(w, "Licenca nije pronadjena", http.StatusNotFound) + return + } + + activations, _ := h.activation.ListByLicense(id) + auditEntries, _ := h.audit.List(&id, 20) + + h.render(w, "license-detail.html", map[string]interface{}{ + "License": license, + "Activations": activations, + "Audit": auditEntries, + "ActivePage": "licenses", + }) +} + +func (h *DashboardHandler) LicenseRevoke(w http.ResponseWriter, r *http.Request) { + id, _ := strconv.ParseInt(r.PathValue("id"), 10, 64) + reason := r.FormValue("reason") + h.licenses.Revoke(id, reason, clientIP(r)) + http.Redirect(w, r, "/licenses/"+strconv.FormatInt(id, 10), http.StatusSeeOther) +} + +func (h *DashboardHandler) LicenseRelease(w http.ResponseWriter, r *http.Request) { + id, _ := strconv.ParseInt(r.PathValue("id"), 10, 64) + h.activation.ForceRelease(id, clientIP(r)) + http.Redirect(w, r, "/licenses/"+strconv.FormatInt(id, 10), http.StatusSeeOther) +} + +func (h *DashboardHandler) AuditPage(w http.ResponseWriter, r *http.Request) { + entries, _ := h.audit.Recent(100) + h.render(w, "audit.html", map[string]interface{}{ + "Entries": entries, + "ActivePage": "audit", + }) +} diff --git a/internal/handler/helpers.go b/internal/handler/helpers.go new file mode 100644 index 0000000..419c610 --- /dev/null +++ b/internal/handler/helpers.go @@ -0,0 +1,41 @@ +package handler + +import ( + "dal-license-server/internal/model" + "dal-license-server/internal/service" + "encoding/json" + "net/http" +) + +func writeJSON(w http.ResponseWriter, status int, data interface{}) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + json.NewEncoder(w).Encode(data) +} + +func writeError(w http.ResponseWriter, status int, code, message string) { + writeJSON(w, status, model.ErrorResponse{ + Error: model.ErrorDetail{Code: code, Message: message}, + }) +} + +func writeLicenseError(w http.ResponseWriter, err error) { + if le, ok := err.(*service.LicenseError); ok { + resp := model.ErrorResponse{ + Error: model.ErrorDetail{Code: le.Code, Message: le.Message, Details: le.Details}, + } + writeJSON(w, http.StatusBadRequest, resp) + return + } + writeError(w, http.StatusInternalServerError, "INTERNAL_ERROR", "Interna greska servera") +} + +func clientIP(r *http.Request) string { + if xff := r.Header.Get("X-Forwarded-For"); xff != "" { + return xff + } + if xri := r.Header.Get("X-Real-IP"); xri != "" { + return xri + } + return r.RemoteAddr +} diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go new file mode 100644 index 0000000..d0bb7ec --- /dev/null +++ b/internal/middleware/auth.go @@ -0,0 +1,20 @@ +package middleware + +import ( + "net/http" +) + +func APIKeyAuth(apiKey string) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + key := r.Header.Get("X-API-Key") + if key == "" || key != apiKey { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte(`{"error":{"code":"UNAUTHORIZED","message":"Invalid or missing API key"}}`)) + return + } + next.ServeHTTP(w, r) + }) + } +} diff --git a/internal/middleware/auth_test.go b/internal/middleware/auth_test.go new file mode 100644 index 0000000..6817a06 --- /dev/null +++ b/internal/middleware/auth_test.go @@ -0,0 +1,65 @@ +package middleware + +import ( + "net/http" + "net/http/httptest" + "testing" +) + +func TestAPIKeyAuth_ValidKey(t *testing.T) { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + w.Write([]byte("OK")) + }) + + mw := APIKeyAuth("test-api-key-12345") + wrapped := mw(handler) + + req := httptest.NewRequest("GET", "/api/v1/admin/licenses", nil) + req.Header.Set("X-API-Key", "test-api-key-12345") + w := httptest.NewRecorder() + + wrapped.ServeHTTP(w, req) + + if w.Code != http.StatusOK { + t.Errorf("validan kljuc mora proci, dobijen status %d", w.Code) + } +} + +func TestAPIKeyAuth_MissingKey(t *testing.T) { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + }) + + mw := APIKeyAuth("test-api-key-12345") + wrapped := mw(handler) + + req := httptest.NewRequest("GET", "/api/v1/admin/licenses", nil) + // No X-API-Key header + w := httptest.NewRecorder() + + wrapped.ServeHTTP(w, req) + + if w.Code != http.StatusUnauthorized { + t.Errorf("bez kljuca mora biti 401, dobijen %d", w.Code) + } +} + +func TestAPIKeyAuth_WrongKey(t *testing.T) { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + }) + + mw := APIKeyAuth("correct-key") + wrapped := mw(handler) + + req := httptest.NewRequest("GET", "/api/v1/admin/licenses", nil) + req.Header.Set("X-API-Key", "wrong-key") + w := httptest.NewRecorder() + + wrapped.ServeHTTP(w, req) + + if w.Code != http.StatusUnauthorized { + t.Errorf("pogresan kljuc mora biti 401, dobijen %d", w.Code) + } +} diff --git a/internal/middleware/ratelimit.go b/internal/middleware/ratelimit.go new file mode 100644 index 0000000..32f62e5 --- /dev/null +++ b/internal/middleware/ratelimit.go @@ -0,0 +1,64 @@ +package middleware + +import ( + "net/http" + "sync" + "time" +) + +type rateLimiter struct { + mu sync.Mutex + visitors map[string][]time.Time + limit int + window time.Duration +} + +func newRateLimiter(limit int) *rateLimiter { + return &rateLimiter{ + visitors: make(map[string][]time.Time), + limit: limit, + window: time.Minute, + } +} + +func (rl *rateLimiter) allow(ip string) bool { + rl.mu.Lock() + defer rl.mu.Unlock() + + now := time.Now() + cutoff := now.Add(-rl.window) + + var valid []time.Time + for _, t := range rl.visitors[ip] { + if t.After(cutoff) { + valid = append(valid, t) + } + } + + if len(valid) >= rl.limit { + rl.visitors[ip] = valid + return false + } + + rl.visitors[ip] = append(valid, now) + return true +} + +func RateLimit(limit int) func(http.Handler) http.Handler { + rl := newRateLimiter(limit) + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + ip := r.RemoteAddr + if xff := r.Header.Get("X-Forwarded-For"); xff != "" { + ip = xff + } + if !rl.allow(ip) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(http.StatusTooManyRequests) + w.Write([]byte(`{"error":{"code":"RATE_LIMITED","message":"Previse zahteva, pokusajte ponovo za minut"}}`)) + return + } + next.ServeHTTP(w, r) + }) + } +} diff --git a/internal/middleware/ratelimit_test.go b/internal/middleware/ratelimit_test.go new file mode 100644 index 0000000..0441859 --- /dev/null +++ b/internal/middleware/ratelimit_test.go @@ -0,0 +1,91 @@ +package middleware + +import ( + "net/http" + "net/http/httptest" + "testing" +) + +func TestRateLimiter_Allow(t *testing.T) { + rl := newRateLimiter(3) + + for i := 0; i < 3; i++ { + if !rl.allow("1.2.3.4") { + t.Errorf("zahtev %d bi trebalo da prodje", i+1) + } + } + + if rl.allow("1.2.3.4") { + t.Error("4. zahtev ne sme proci (limit 3)") + } +} + +func TestRateLimiter_DifferentIPs(t *testing.T) { + rl := newRateLimiter(2) + + rl.allow("1.1.1.1") + rl.allow("1.1.1.1") + + // Razlicit IP — mora proci + if !rl.allow("2.2.2.2") { + t.Error("razlicit IP mora proci") + } +} + +func TestRateLimit_Middleware(t *testing.T) { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + }) + + limited := RateLimit(2)(handler) + + for i := 0; i < 2; i++ { + req := httptest.NewRequest("POST", "/test", nil) + req.RemoteAddr = "10.0.0.1:1234" + w := httptest.NewRecorder() + limited.ServeHTTP(w, req) + + if w.Code != http.StatusOK { + t.Errorf("zahtev %d: ocekivan 200, dobijen %d", i+1, w.Code) + } + } + + // 3rd request should be rate limited + req := httptest.NewRequest("POST", "/test", nil) + req.RemoteAddr = "10.0.0.1:1234" + w := httptest.NewRecorder() + limited.ServeHTTP(w, req) + + if w.Code != http.StatusTooManyRequests { + t.Errorf("3. zahtev: ocekivan 429, dobijen %d", w.Code) + } +} + +func TestRateLimit_XForwardedFor(t *testing.T) { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + }) + + limited := RateLimit(1)(handler) + + req := httptest.NewRequest("POST", "/test", nil) + req.RemoteAddr = "10.0.0.1:1234" + req.Header.Set("X-Forwarded-For", "5.5.5.5") + w := httptest.NewRecorder() + limited.ServeHTTP(w, req) + + if w.Code != http.StatusOK { + t.Errorf("prvi zahtev mora proci") + } + + // Second from same X-Forwarded-For + req2 := httptest.NewRequest("POST", "/test", nil) + req2.RemoteAddr = "10.0.0.2:5678" // razlicit RemoteAddr + req2.Header.Set("X-Forwarded-For", "5.5.5.5") // isti X-FF + w2 := httptest.NewRecorder() + limited.ServeHTTP(w2, req2) + + if w2.Code != http.StatusTooManyRequests { + t.Errorf("drugi zahtev sa istim XFF mora biti blokiran, dobijen %d", w2.Code) + } +} diff --git a/internal/model/activation.go b/internal/model/activation.go new file mode 100644 index 0000000..30ad045 --- /dev/null +++ b/internal/model/activation.go @@ -0,0 +1,20 @@ +package model + +import ( + "database/sql" + "time" +) + +type Activation struct { + ID int64 `json:"id"` + LicenseID int64 `json:"license_id"` + MachineFingerprint string `json:"machine_fingerprint"` + Hostname string `json:"hostname"` + OSInfo string `json:"os_info"` + AppVersion string `json:"app_version"` + IPAddress string `json:"ip_address"` + ActivatedAt time.Time `json:"activated_at"` + DeactivatedAt sql.NullTime `json:"deactivated_at"` + IsActive bool `json:"is_active"` + LastSeenAt time.Time `json:"last_seen_at"` +} diff --git a/internal/model/audit.go b/internal/model/audit.go new file mode 100644 index 0000000..b36e9f7 --- /dev/null +++ b/internal/model/audit.go @@ -0,0 +1,19 @@ +package model + +import ( + "database/sql" + "encoding/json" + "time" +) + +type AuditEntry struct { + ID int64 `json:"id"` + LicenseID sql.NullInt64 `json:"license_id"` + Action string `json:"action"` + IPAddress string `json:"ip_address"` + Details json.RawMessage `json:"details"` + CreatedAt time.Time `json:"created_at"` + + // Joined + LicenseKey string `json:"license_key,omitempty"` +} diff --git a/internal/model/license.go b/internal/model/license.go new file mode 100644 index 0000000..2863d71 --- /dev/null +++ b/internal/model/license.go @@ -0,0 +1,129 @@ +package model + +import ( + "database/sql" + "encoding/json" + "time" +) + +type Product struct { + ID int64 `json:"id"` + Code string `json:"code"` + Name string `json:"name"` + KeyPrefix string `json:"key_prefix"` + DefaultLimits json.RawMessage `json:"default_limits"` + AvailableFeatures json.RawMessage `json:"available_features"` + Active bool `json:"active"` + CreatedAt time.Time `json:"created_at"` +} + +type License struct { + ID int64 `json:"id"` + ProductID int64 `json:"product_id"` + LicenseKey string `json:"license_key"` + LicenseType string `json:"license_type"` + CustomerName string `json:"customer_name"` + CustomerPIB string `json:"customer_pib"` + CustomerEmail string `json:"customer_email"` + Limits json.RawMessage `json:"limits"` + Features json.RawMessage `json:"features"` + IssuedAt time.Time `json:"issued_at"` + ExpiresAt sql.NullTime `json:"expires_at"` + GraceDays int `json:"grace_days"` + Active bool `json:"active"` + Revoked bool `json:"revoked"` + RevokedAt sql.NullTime `json:"revoked_at"` + RevokedReason string `json:"revoked_reason"` + Notes string `json:"notes"` + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` + + // Joined fields + ProductCode string `json:"product_code,omitempty"` + ProductName string `json:"product_name,omitempty"` + ProductPrefix string `json:"-"` +} + +func (l *License) IsExpired() bool { + if !l.ExpiresAt.Valid { + return false // PERPETUAL + } + return time.Now().After(l.ExpiresAt.Time) +} + +func (l *License) IsInGrace() bool { + if !l.ExpiresAt.Valid { + return false + } + if !l.IsExpired() { + return false + } + graceEnd := l.ExpiresAt.Time.AddDate(0, 0, l.GraceDays) + return time.Now().Before(graceEnd) +} + +func (l *License) IsGraceExpired() bool { + if !l.ExpiresAt.Valid { + return false + } + graceEnd := l.ExpiresAt.Time.AddDate(0, 0, l.GraceDays) + return time.Now().After(graceEnd) +} + +func (l *License) MaskedKey() string { + if len(l.LicenseKey) < 10 { + return l.LicenseKey + } + return l.LicenseKey[:len(l.ProductPrefix)+4] + "-****-****-" + l.LicenseKey[len(l.LicenseKey)-4:] +} + +func (l *License) StatusText() string { + if l.Revoked { + return "Opozvana" + } + if !l.Active { + return "Neaktivna" + } + if l.IsGraceExpired() { + return "Istekla (grace)" + } + if l.IsInGrace() { + return "Grace period" + } + if l.IsExpired() { + return "Istekla" + } + if l.LicenseType == "TRIAL" { + return "Trial" + } + return "Aktivna" +} + +func (l *License) StatusClass() string { + switch l.StatusText() { + case "Aktivna": + return "status-active" + case "Trial": + return "status-trial" + case "Grace period": + return "status-grace" + case "Istekla", "Istekla (grace)": + return "status-expired" + case "Opozvana": + return "status-revoked" + default: + return "" + } +} + +func (l *License) ExpiresAtFormatted() string { + if !l.ExpiresAt.Valid { + return "Neograniceno" + } + return l.ExpiresAt.Time.Format("02.01.2006") +} + +type LicenseWithActivation struct { + License + ActiveActivations int `json:"active_activations"` +} diff --git a/internal/model/license_test.go b/internal/model/license_test.go new file mode 100644 index 0000000..17cdaec --- /dev/null +++ b/internal/model/license_test.go @@ -0,0 +1,221 @@ +package model + +import ( + "database/sql" + "testing" + "time" +) + +func TestIsExpired_Perpetual(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{Valid: false}, + } + if l.IsExpired() { + t.Error("PERPETUAL licenca ne sme biti istekla") + } +} + +func TestIsExpired_Active(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{ + Time: time.Now().Add(24 * time.Hour), + Valid: true, + }, + } + if l.IsExpired() { + t.Error("licenca koja istice sutra ne sme biti istekla") + } +} + +func TestIsExpired_Expired(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{ + Time: time.Now().Add(-24 * time.Hour), + Valid: true, + }, + } + if !l.IsExpired() { + t.Error("licenca koja je istekla juce mora biti istekla") + } +} + +func TestIsInGrace_NotExpired(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{ + Time: time.Now().Add(24 * time.Hour), + Valid: true, + }, + GraceDays: 30, + } + if l.IsInGrace() { + t.Error("licenca koja nije istekla ne sme biti u grace periodu") + } +} + +func TestIsInGrace_InGrace(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{ + Time: time.Now().Add(-5 * 24 * time.Hour), // istekla pre 5 dana + Valid: true, + }, + GraceDays: 30, + } + if !l.IsInGrace() { + t.Error("licenca istekla pre 5 dana sa 30 dana grace-a mora biti u grace-u") + } +} + +func TestIsInGrace_GraceExpired(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{ + Time: time.Now().Add(-35 * 24 * time.Hour), // istekla pre 35 dana + Valid: true, + }, + GraceDays: 30, + } + if l.IsInGrace() { + t.Error("licenca kojoj je grace prosao ne sme biti u grace-u") + } +} + +func TestIsInGrace_Perpetual(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{Valid: false}, + GraceDays: 30, + } + if l.IsInGrace() { + t.Error("PERPETUAL licenca ne sme biti u grace periodu") + } +} + +func TestIsGraceExpired(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{ + Time: time.Now().Add(-40 * 24 * time.Hour), + Valid: true, + }, + GraceDays: 30, + } + if !l.IsGraceExpired() { + t.Error("grace period je prosao, mora biti expired") + } +} + +func TestIsGraceExpired_Perpetual(t *testing.T) { + l := &License{ + ExpiresAt: sql.NullTime{Valid: false}, + GraceDays: 30, + } + if l.IsGraceExpired() { + t.Error("PERPETUAL licenca ne moze imati istekao grace") + } +} + +func TestMaskedKey(t *testing.T) { + tests := []struct { + key string + prefix string + expected string + }{ + {"LT-K7M2-9P4N-R3W8-J6T1", "LT-", "LT-K7M2-****-****-J6T1"}, + {"ESIR-A3B5-C8D2-E7F4-G9H6", "ESIR-", "ESIR-A3B5-****-****-G9H6"}, + {"ARV-X2Y3-Z4A5-B6C7-D8E9", "ARV-", "ARV-X2Y3-****-****-D8E9"}, + } + + for _, tt := range tests { + l := &License{LicenseKey: tt.key, ProductPrefix: tt.prefix} + got := l.MaskedKey() + if got != tt.expected { + t.Errorf("MaskedKey(%q) = %q, ocekivano %q", tt.key, got, tt.expected) + } + } +} + +func TestStatusText(t *testing.T) { + tests := []struct { + name string + license License + expected string + }{ + { + name: "revoked", + license: License{Revoked: true, Active: true}, + expected: "Opozvana", + }, + { + name: "inactive", + license: License{Active: false}, + expected: "Neaktivna", + }, + { + name: "active", + license: License{ + Active: true, + ExpiresAt: sql.NullTime{Time: time.Now().Add(24 * time.Hour), Valid: true}, + }, + expected: "Aktivna", + }, + { + name: "trial", + license: License{ + Active: true, + LicenseType: "TRIAL", + ExpiresAt: sql.NullTime{Time: time.Now().Add(24 * time.Hour), Valid: true}, + }, + expected: "Trial", + }, + { + name: "in_grace", + license: License{ + Active: true, + ExpiresAt: sql.NullTime{Time: time.Now().Add(-5 * 24 * time.Hour), Valid: true}, + GraceDays: 30, + }, + expected: "Grace period", + }, + { + name: "grace_expired", + license: License{ + Active: true, + ExpiresAt: sql.NullTime{Time: time.Now().Add(-40 * 24 * time.Hour), Valid: true}, + GraceDays: 30, + }, + expected: "Istekla (grace)", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := tt.license.StatusText() + if got != tt.expected { + t.Errorf("StatusText() = %q, ocekivano %q", got, tt.expected) + } + }) + } +} + +func TestStatusClass(t *testing.T) { + l := &License{Active: true, ExpiresAt: sql.NullTime{Time: time.Now().Add(24 * time.Hour), Valid: true}} + if l.StatusClass() != "status-active" { + t.Errorf("StatusClass() = %q, ocekivano 'status-active'", l.StatusClass()) + } + + l2 := &License{Revoked: true, Active: true} + if l2.StatusClass() != "status-revoked" { + t.Errorf("StatusClass() = %q, ocekivano 'status-revoked'", l2.StatusClass()) + } +} + +func TestExpiresAtFormatted(t *testing.T) { + l := &License{ExpiresAt: sql.NullTime{Valid: false}} + if l.ExpiresAtFormatted() != "Neograniceno" { + t.Errorf("ocekivano 'Neograniceno', dobijeno %q", l.ExpiresAtFormatted()) + } + + date := time.Date(2026, 4, 1, 0, 0, 0, 0, time.UTC) + l2 := &License{ExpiresAt: sql.NullTime{Time: date, Valid: true}} + expected := "01.04.2026" + if l2.ExpiresAtFormatted() != expected { + t.Errorf("ocekivano %q, dobijeno %q", expected, l2.ExpiresAtFormatted()) + } +} diff --git a/internal/model/request.go b/internal/model/request.go new file mode 100644 index 0000000..bba0d8f --- /dev/null +++ b/internal/model/request.go @@ -0,0 +1,116 @@ +package model + +import "encoding/json" + +// Client API requests +type ActivateRequest struct { + LicenseKey string `json:"license_key"` + MachineFingerprint string `json:"machine_fingerprint"` + AppVersion string `json:"app_version"` + OS string `json:"os"` + Hostname string `json:"hostname"` +} + +type DeactivateRequest struct { + LicenseKey string `json:"license_key"` + MachineFingerprint string `json:"machine_fingerprint"` +} + +type ValidateRequest struct { + LicenseKey string `json:"license_key"` + MachineFingerprint string `json:"machine_fingerprint"` +} + +// Client API responses +type ActivateResponse struct { + License LicenseData `json:"license"` + Signature string `json:"signature"` +} + +type LicenseData struct { + LicenseKey string `json:"license_key"` + Product string `json:"product"` + LicenseType string `json:"license_type"` + IssuedAt string `json:"issued_at"` + ExpiresAt string `json:"expires_at"` + ActivatedAt string `json:"activated_at"` + MachineFingerprint string `json:"machine_fingerprint"` + GraceDays int `json:"grace_days"` + Limits json.RawMessage `json:"limits"` + Features json.RawMessage `json:"features"` + Customer CustomerData `json:"customer"` +} + +type CustomerData struct { + Name string `json:"name"` + Email string `json:"email"` +} + +type ValidateResponse struct { + Valid bool `json:"valid"` + ExpiresAt string `json:"expires_at"` + Revoked bool `json:"revoked"` +} + +type DeactivateResponse struct { + Message string `json:"message"` + CanReactivate bool `json:"can_reactivate"` +} + +type ErrorResponse struct { + Error ErrorDetail `json:"error"` +} + +type ErrorDetail struct { + Code string `json:"code"` + Message string `json:"message"` + Details interface{} `json:"details,omitempty"` +} + +// Admin API +type CreateLicenseRequest struct { + ProductID int64 `json:"product_id"` + LicenseType string `json:"license_type"` + CustomerName string `json:"customer_name"` + CustomerPIB string `json:"customer_pib"` + CustomerEmail string `json:"customer_email"` + Limits json.RawMessage `json:"limits"` + Features json.RawMessage `json:"features"` + GraceDays int `json:"grace_days"` + Notes string `json:"notes"` +} + +type UpdateLicenseRequest struct { + CustomerName string `json:"customer_name"` + CustomerPIB string `json:"customer_pib"` + CustomerEmail string `json:"customer_email"` + Limits json.RawMessage `json:"limits"` + Features json.RawMessage `json:"features"` + GraceDays int `json:"grace_days"` + ExpiresAt string `json:"expires_at"` + Notes string `json:"notes"` +} + +type RevokeRequest struct { + Reason string `json:"reason"` +} + +type StatsResponse struct { + TotalLicenses int `json:"total_licenses"` + ActiveLicenses int `json:"active_licenses"` + ExpiredLicenses int `json:"expired_licenses"` + RevokedLicenses int `json:"revoked_licenses"` + ActiveActivations int `json:"active_activations"` + ByProduct []ProductStats `json:"by_product"` +} + +type ProductStats struct { + ProductCode string `json:"product_code"` + ProductName string `json:"product_name"` + Total int `json:"total"` + Active int `json:"active"` + Expired int `json:"expired"` + InGrace int `json:"in_grace"` + Trial int `json:"trial"` + ActiveActivations int `json:"active_activations"` +} diff --git a/internal/repository/activation_repo.go b/internal/repository/activation_repo.go new file mode 100644 index 0000000..8726e97 --- /dev/null +++ b/internal/repository/activation_repo.go @@ -0,0 +1,85 @@ +package repository + +import ( + "dal-license-server/internal/model" + "database/sql" + "fmt" +) + +type ActivationRepo struct { + db *sql.DB +} + +func NewActivationRepo(db *sql.DB) *ActivationRepo { + return &ActivationRepo{db: db} +} + +func (r *ActivationRepo) Create(a *model.Activation) (int64, error) { + res, err := r.db.Exec(`INSERT INTO activations (license_id, machine_fingerprint, hostname, os_info, app_version, ip_address) + VALUES (?, ?, ?, ?, ?, ?)`, + a.LicenseID, a.MachineFingerprint, a.Hostname, a.OSInfo, a.AppVersion, a.IPAddress) + if err != nil { + return 0, fmt.Errorf("create activation: %w", err) + } + return res.LastInsertId() +} + +func (r *ActivationRepo) GetActiveByLicense(licenseID int64) (*model.Activation, error) { + a := &model.Activation{} + err := r.db.QueryRow(`SELECT id, license_id, machine_fingerprint, hostname, os_info, app_version, ip_address, activated_at, deactivated_at, is_active, last_seen_at + FROM activations WHERE license_id = ? AND is_active = TRUE LIMIT 1`, licenseID). + Scan(&a.ID, &a.LicenseID, &a.MachineFingerprint, &a.Hostname, &a.OSInfo, &a.AppVersion, &a.IPAddress, &a.ActivatedAt, &a.DeactivatedAt, &a.IsActive, &a.LastSeenAt) + if err != nil { + return nil, err + } + return a, nil +} + +func (r *ActivationRepo) GetByLicenseAndFingerprint(licenseID int64, fingerprint string) (*model.Activation, error) { + a := &model.Activation{} + err := r.db.QueryRow(`SELECT id, license_id, machine_fingerprint, hostname, os_info, app_version, ip_address, activated_at, deactivated_at, is_active, last_seen_at + FROM activations WHERE license_id = ? AND machine_fingerprint = ? AND is_active = TRUE`, licenseID, fingerprint). + Scan(&a.ID, &a.LicenseID, &a.MachineFingerprint, &a.Hostname, &a.OSInfo, &a.AppVersion, &a.IPAddress, &a.ActivatedAt, &a.DeactivatedAt, &a.IsActive, &a.LastSeenAt) + if err != nil { + return nil, err + } + return a, nil +} + +func (r *ActivationRepo) ListByLicense(licenseID int64) ([]model.Activation, error) { + rows, err := r.db.Query(`SELECT id, license_id, machine_fingerprint, hostname, os_info, app_version, ip_address, activated_at, deactivated_at, is_active, last_seen_at + FROM activations WHERE license_id = ? ORDER BY activated_at DESC`, licenseID) + if err != nil { + return nil, err + } + defer rows.Close() + + var acts []model.Activation + for rows.Next() { + var a model.Activation + rows.Scan(&a.ID, &a.LicenseID, &a.MachineFingerprint, &a.Hostname, &a.OSInfo, &a.AppVersion, &a.IPAddress, &a.ActivatedAt, &a.DeactivatedAt, &a.IsActive, &a.LastSeenAt) + acts = append(acts, a) + } + return acts, nil +} + +func (r *ActivationRepo) Deactivate(licenseID int64, fingerprint string) error { + _, err := r.db.Exec(`UPDATE activations SET is_active = FALSE, deactivated_at = NOW() WHERE license_id = ? AND machine_fingerprint = ? AND is_active = TRUE`, + licenseID, fingerprint) + return err +} + +func (r *ActivationRepo) ForceRelease(licenseID int64) error { + _, err := r.db.Exec(`UPDATE activations SET is_active = FALSE, deactivated_at = NOW() WHERE license_id = ? AND is_active = TRUE`, licenseID) + return err +} + +func (r *ActivationRepo) UpdateLastSeen(id int64) { + r.db.Exec("UPDATE activations SET last_seen_at = NOW() WHERE id = ?", id) +} + +func (r *ActivationRepo) CountActive() (int, error) { + var count int + err := r.db.QueryRow("SELECT COUNT(*) FROM activations WHERE is_active = TRUE").Scan(&count) + return count, err +} diff --git a/internal/repository/audit_repo.go b/internal/repository/audit_repo.go new file mode 100644 index 0000000..94d9c30 --- /dev/null +++ b/internal/repository/audit_repo.go @@ -0,0 +1,66 @@ +package repository + +import ( + "dal-license-server/internal/model" + "database/sql" + "encoding/json" + "fmt" +) + +type AuditRepo struct { + db *sql.DB +} + +func NewAuditRepo(db *sql.DB) *AuditRepo { + return &AuditRepo{db: db} +} + +func (r *AuditRepo) Log(licenseID *int64, action, ip string, details interface{}) error { + detailsJSON, _ := json.Marshal(details) + var lid sql.NullInt64 + if licenseID != nil { + lid = sql.NullInt64{Int64: *licenseID, Valid: true} + } + _, err := r.db.Exec("INSERT INTO audit_log (license_id, action, ip_address, details) VALUES (?, ?, ?, ?)", + lid, action, ip, string(detailsJSON)) + if err != nil { + return fmt.Errorf("audit log: %w", err) + } + return nil +} + +func (r *AuditRepo) List(licenseID *int64, limit int) ([]model.AuditEntry, error) { + query := `SELECT a.id, a.license_id, a.action, a.ip_address, a.details, a.created_at, + COALESCE(l.license_key, '') as license_key + FROM audit_log a LEFT JOIN licenses l ON a.license_id = l.id` + var args []interface{} + + if licenseID != nil { + query += " WHERE a.license_id = ?" + args = append(args, *licenseID) + } + query += " ORDER BY a.created_at DESC LIMIT ?" + args = append(args, limit) + + rows, err := r.db.Query(query, args...) + if err != nil { + return nil, err + } + defer rows.Close() + + var entries []model.AuditEntry + for rows.Next() { + var e model.AuditEntry + var details sql.NullString + rows.Scan(&e.ID, &e.LicenseID, &e.Action, &e.IPAddress, &details, &e.CreatedAt, &e.LicenseKey) + if details.Valid { + e.Details = json.RawMessage(details.String) + } + entries = append(entries, e) + } + return entries, nil +} + +func (r *AuditRepo) Recent(limit int) ([]model.AuditEntry, error) { + return r.List(nil, limit) +} diff --git a/internal/repository/license_repo.go b/internal/repository/license_repo.go new file mode 100644 index 0000000..8467c72 --- /dev/null +++ b/internal/repository/license_repo.go @@ -0,0 +1,221 @@ +package repository + +import ( + "dal-license-server/internal/model" + "database/sql" + "fmt" +) + +type LicenseRepo struct { + db *sql.DB +} + +func NewLicenseRepo(db *sql.DB) *LicenseRepo { + return &LicenseRepo{db: db} +} + +func (r *LicenseRepo) Create(l *model.License) (int64, error) { + res, err := r.db.Exec(`INSERT INTO licenses (product_id, license_key, license_type, customer_name, customer_pib, customer_email, limits_json, features, expires_at, grace_days, notes) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, + l.ProductID, l.LicenseKey, l.LicenseType, l.CustomerName, l.CustomerPIB, l.CustomerEmail, + string(l.Limits), string(l.Features), l.ExpiresAt, l.GraceDays, l.Notes) + if err != nil { + return 0, fmt.Errorf("create license: %w", err) + } + return res.LastInsertId() +} + +func (r *LicenseRepo) GetByID(id int64) (*model.License, error) { + l := &model.License{} + var limits, features string + var revokedReason, notes sql.NullString + err := r.db.QueryRow(`SELECT l.id, l.product_id, l.license_key, l.license_type, l.customer_name, l.customer_pib, l.customer_email, + l.limits_json, l.features, l.issued_at, l.expires_at, l.grace_days, l.active, l.revoked, l.revoked_at, l.revoked_reason, l.notes, l.created_at, l.updated_at, + p.code, p.name, p.key_prefix + FROM licenses l JOIN products p ON l.product_id = p.id WHERE l.id = ?`, id). + Scan(&l.ID, &l.ProductID, &l.LicenseKey, &l.LicenseType, &l.CustomerName, &l.CustomerPIB, &l.CustomerEmail, + &limits, &features, &l.IssuedAt, &l.ExpiresAt, &l.GraceDays, &l.Active, &l.Revoked, &l.RevokedAt, &revokedReason, ¬es, &l.CreatedAt, &l.UpdatedAt, + &l.ProductCode, &l.ProductName, &l.ProductPrefix) + if err != nil { + return nil, fmt.Errorf("get license %d: %w", id, err) + } + l.Limits = []byte(limits) + l.Features = []byte(features) + if revokedReason.Valid { + l.RevokedReason = revokedReason.String + } + if notes.Valid { + l.Notes = notes.String + } + return l, nil +} + +func (r *LicenseRepo) GetByKey(key string) (*model.License, error) { + l := &model.License{} + var limits, features string + var revokedReason, notes sql.NullString + err := r.db.QueryRow(`SELECT l.id, l.product_id, l.license_key, l.license_type, l.customer_name, l.customer_pib, l.customer_email, + l.limits_json, l.features, l.issued_at, l.expires_at, l.grace_days, l.active, l.revoked, l.revoked_at, l.revoked_reason, l.notes, l.created_at, l.updated_at, + p.code, p.name, p.key_prefix + FROM licenses l JOIN products p ON l.product_id = p.id WHERE l.license_key = ?`, key). + Scan(&l.ID, &l.ProductID, &l.LicenseKey, &l.LicenseType, &l.CustomerName, &l.CustomerPIB, &l.CustomerEmail, + &limits, &features, &l.IssuedAt, &l.ExpiresAt, &l.GraceDays, &l.Active, &l.Revoked, &l.RevokedAt, &revokedReason, ¬es, &l.CreatedAt, &l.UpdatedAt, + &l.ProductCode, &l.ProductName, &l.ProductPrefix) + if err != nil { + return nil, fmt.Errorf("get license by key: %w", err) + } + l.Limits = []byte(limits) + l.Features = []byte(features) + if revokedReason.Valid { + l.RevokedReason = revokedReason.String + } + if notes.Valid { + l.Notes = notes.String + } + return l, nil +} + +func (r *LicenseRepo) List(productCode, status, search string) ([]model.LicenseWithActivation, error) { + query := `SELECT l.id, l.product_id, l.license_key, l.license_type, l.customer_name, l.customer_pib, l.customer_email, + l.limits_json, l.features, l.issued_at, l.expires_at, l.grace_days, l.active, l.revoked, l.revoked_at, l.revoked_reason, l.notes, l.created_at, l.updated_at, + p.code, p.name, p.key_prefix, + (SELECT COUNT(*) FROM activations a WHERE a.license_id = l.id AND a.is_active = TRUE) as active_activations + FROM licenses l JOIN products p ON l.product_id = p.id WHERE 1=1` + var args []interface{} + + if productCode != "" { + query += " AND p.code = ?" + args = append(args, productCode) + } + if search != "" { + query += " AND (l.customer_name LIKE ? OR l.license_key LIKE ?)" + args = append(args, "%"+search+"%", "%"+search+"%") + } + switch status { + case "active": + query += " AND l.active = TRUE AND l.revoked = FALSE AND (l.expires_at IS NULL OR l.expires_at > NOW())" + case "expired": + query += " AND l.expires_at IS NOT NULL AND l.expires_at <= NOW() AND l.revoked = FALSE" + case "revoked": + query += " AND l.revoked = TRUE" + case "trial": + query += " AND l.license_type = 'TRIAL'" + } + + query += " ORDER BY l.created_at DESC LIMIT 200" + + rows, err := r.db.Query(query, args...) + if err != nil { + return nil, fmt.Errorf("list licenses: %w", err) + } + defer rows.Close() + + var licenses []model.LicenseWithActivation + for rows.Next() { + var lwa model.LicenseWithActivation + var limits, features string + var revokedReason, notes sql.NullString + err := rows.Scan(&lwa.ID, &lwa.ProductID, &lwa.LicenseKey, &lwa.LicenseType, &lwa.CustomerName, &lwa.CustomerPIB, &lwa.CustomerEmail, + &limits, &features, &lwa.IssuedAt, &lwa.ExpiresAt, &lwa.GraceDays, &lwa.Active, &lwa.Revoked, &lwa.RevokedAt, &revokedReason, ¬es, &lwa.CreatedAt, &lwa.UpdatedAt, + &lwa.ProductCode, &lwa.ProductName, &lwa.ProductPrefix, + &lwa.ActiveActivations) + if err != nil { + return nil, fmt.Errorf("scan license: %w", err) + } + lwa.Limits = []byte(limits) + lwa.Features = []byte(features) + if revokedReason.Valid { + lwa.RevokedReason = revokedReason.String + } + if notes.Valid { + lwa.Notes = notes.String + } + licenses = append(licenses, lwa) + } + return licenses, nil +} + +func (r *LicenseRepo) Update(l *model.License) error { + _, err := r.db.Exec(`UPDATE licenses SET customer_name=?, customer_pib=?, customer_email=?, limits_json=?, features=?, grace_days=?, expires_at=?, notes=? WHERE id=?`, + l.CustomerName, l.CustomerPIB, l.CustomerEmail, string(l.Limits), string(l.Features), l.GraceDays, l.ExpiresAt, l.Notes, l.ID) + return err +} + +func (r *LicenseRepo) Revoke(id int64, reason string) error { + _, err := r.db.Exec(`UPDATE licenses SET revoked=TRUE, revoked_at=NOW(), revoked_reason=?, active=FALSE WHERE id=?`, reason, id) + return err +} + +func (r *LicenseRepo) CountByProduct() ([]model.ProductStats, error) { + rows, err := r.db.Query(`SELECT p.code, p.name, + COUNT(*) as total, + SUM(CASE WHEN l.active AND NOT l.revoked AND (l.expires_at IS NULL OR l.expires_at > NOW()) THEN 1 ELSE 0 END) as act, + SUM(CASE WHEN l.expires_at IS NOT NULL AND l.expires_at <= NOW() AND NOT l.revoked THEN 1 ELSE 0 END) as exp, + SUM(CASE WHEN l.expires_at IS NOT NULL AND l.expires_at <= NOW() AND DATE_ADD(l.expires_at, INTERVAL l.grace_days DAY) > NOW() AND NOT l.revoked THEN 1 ELSE 0 END) as grace, + SUM(CASE WHEN l.license_type = 'TRIAL' THEN 1 ELSE 0 END) as trial, + (SELECT COUNT(*) FROM activations a JOIN licenses l2 ON a.license_id=l2.id WHERE l2.product_id=p.id AND a.is_active=TRUE) as active_acts + FROM licenses l JOIN products p ON l.product_id=p.id GROUP BY p.id, p.code, p.name`) + if err != nil { + return nil, err + } + defer rows.Close() + + var stats []model.ProductStats + for rows.Next() { + var s model.ProductStats + rows.Scan(&s.ProductCode, &s.ProductName, &s.Total, &s.Active, &s.Expired, &s.InGrace, &s.Trial, &s.ActiveActivations) + stats = append(stats, s) + } + return stats, nil +} + +func (r *LicenseRepo) GetProducts() ([]model.Product, error) { + rows, err := r.db.Query("SELECT id, code, name, key_prefix, default_limits, available_features, active, created_at FROM products WHERE active = TRUE") + if err != nil { + return nil, err + } + defer rows.Close() + + var products []model.Product + for rows.Next() { + var p model.Product + var limits, features string + rows.Scan(&p.ID, &p.Code, &p.Name, &p.KeyPrefix, &limits, &features, &p.Active, &p.CreatedAt) + p.DefaultLimits = []byte(limits) + p.AvailableFeatures = []byte(features) + products = append(products, p) + } + return products, nil +} + +func (r *LicenseRepo) GetProductByID(id int64) (*model.Product, error) { + var p model.Product + var limits, features string + err := r.db.QueryRow("SELECT id, code, name, key_prefix, default_limits, available_features, active, created_at FROM products WHERE id = ?", id). + Scan(&p.ID, &p.Code, &p.Name, &p.KeyPrefix, &limits, &features, &p.Active, &p.CreatedAt) + if err != nil { + return nil, err + } + p.DefaultLimits = []byte(limits) + p.AvailableFeatures = []byte(features) + return &p, nil +} + +func (r *LicenseRepo) ExpiringIn(days int) ([]model.License, error) { + rows, err := r.db.Query(`SELECT l.id, l.license_key, l.license_type, l.customer_name, l.expires_at, p.code, p.name, p.key_prefix + FROM licenses l JOIN products p ON l.product_id=p.id + WHERE l.active AND NOT l.revoked AND l.expires_at IS NOT NULL AND l.expires_at BETWEEN NOW() AND DATE_ADD(NOW(), INTERVAL ? DAY) + ORDER BY l.expires_at`, days) + if err != nil { + return nil, err + } + defer rows.Close() + + var licenses []model.License + for rows.Next() { + var l model.License + rows.Scan(&l.ID, &l.LicenseKey, &l.LicenseType, &l.CustomerName, &l.ExpiresAt, &l.ProductCode, &l.ProductName, &l.ProductPrefix) + licenses = append(licenses, l) + } + return licenses, nil +} diff --git a/internal/router/router.go b/internal/router/router.go new file mode 100644 index 0000000..d01bca2 --- /dev/null +++ b/internal/router/router.go @@ -0,0 +1,78 @@ +package router + +import ( + "dal-license-server/internal/handler" + "dal-license-server/internal/middleware" + "net/http" + "strconv" +) + +func Setup( + client *handler.ClientHandler, + admin *handler.AdminHandler, + dashboard *handler.DashboardHandler, + apiKey string, + rateLimitActivate int, + rateLimitValidate int, +) http.Handler { + mux := http.NewServeMux() + + apiKeyMw := middleware.APIKeyAuth(apiKey) + activateRL := middleware.RateLimit(rateLimitActivate) + validateRL := middleware.RateLimit(rateLimitValidate) + + requireAPI := func(f http.HandlerFunc) http.Handler { + return apiKeyMw(http.HandlerFunc(f)) + } + requireDash := func(f http.HandlerFunc) http.Handler { + return dashboard.RequireLogin(http.HandlerFunc(f)) + } + + // Static files + mux.Handle("GET /static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static")))) + + // Health + mux.HandleFunc("GET /api/v1/health", func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + w.Write([]byte(`{"status":"ok"}`)) + }) + + // Client API + mux.Handle("POST /api/v1/activate", activateRL(http.HandlerFunc(client.Activate))) + mux.Handle("POST /api/v1/deactivate", activateRL(http.HandlerFunc(client.Deactivate))) + mux.Handle("POST /api/v1/validate", validateRL(http.HandlerFunc(client.Validate))) + + // Admin API + mux.Handle("GET /api/v1/admin/products", requireAPI(admin.ListProducts)) + mux.Handle("GET /api/v1/admin/licenses", requireAPI(admin.ListLicenses)) + mux.Handle("POST /api/v1/admin/licenses", requireAPI(admin.CreateLicense)) + mux.Handle("GET /api/v1/admin/licenses/{id}", requireAPI(admin.GetLicense)) + mux.Handle("PUT /api/v1/admin/licenses/{id}", requireAPI(admin.UpdateLicense)) + mux.Handle("POST /api/v1/admin/licenses/{id}/revoke", requireAPI(admin.RevokeLicense)) + mux.Handle("POST /api/v1/admin/licenses/{id}/release", requireAPI(admin.ReleaseLicense)) + mux.Handle("GET /api/v1/admin/licenses/{id}/activations", requireAPI(admin.ListActivations)) + mux.Handle("GET /api/v1/admin/audit", requireAPI(admin.AuditLog)) + mux.Handle("GET /api/v1/admin/stats", requireAPI(admin.Stats)) + + // Dashboard + mux.HandleFunc("GET /login", dashboard.LoginPage) + mux.HandleFunc("POST /login", dashboard.Login) + mux.Handle("POST /logout", requireDash(dashboard.Logout)) + mux.Handle("GET /dashboard", requireDash(dashboard.Dashboard)) + mux.Handle("GET /licenses", requireDash(dashboard.LicenseList)) + mux.Handle("GET /licenses/new", requireDash(dashboard.LicenseNew)) + mux.Handle("POST /licenses", requireDash(dashboard.LicenseCreate)) + mux.Handle("GET /licenses/{id}", requireDash(dashboard.LicenseDetail)) + mux.Handle("POST /licenses/{id}/revoke", requireDash(dashboard.LicenseRevoke)) + mux.Handle("POST /licenses/{id}/release", requireDash(dashboard.LicenseRelease)) + mux.Handle("GET /audit", requireDash(dashboard.AuditPage)) + + // Root redirect + mux.HandleFunc("GET /{$}", func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, "/dashboard", http.StatusSeeOther) + }) + + _ = strconv.Itoa(0) // satisfy import if needed + + return mux +} diff --git a/internal/service/activation_service.go b/internal/service/activation_service.go new file mode 100644 index 0000000..763f728 --- /dev/null +++ b/internal/service/activation_service.go @@ -0,0 +1,178 @@ +package service + +import ( + "dal-license-server/internal/model" + "dal-license-server/internal/repository" + "database/sql" + "encoding/json" + "fmt" + "time" +) + +type ActivationService struct { + activations *repository.ActivationRepo + licenses *repository.LicenseRepo + audit *repository.AuditRepo + crypto *CryptoService + licSvc *LicenseService +} + +func NewActivationService(activations *repository.ActivationRepo, licenses *repository.LicenseRepo, audit *repository.AuditRepo, crypto *CryptoService, licSvc *LicenseService) *ActivationService { + return &ActivationService{activations: activations, licenses: licenses, audit: audit, crypto: crypto, licSvc: licSvc} +} + +func (s *ActivationService) Activate(req *model.ActivateRequest, ip string) (*model.ActivateResponse, error) { + license, err := s.licenses.GetByKey(req.LicenseKey) + if err != nil { + return nil, &LicenseError{Code: "INVALID_KEY", Message: "Licencni kljuc nije pronadjen"} + } + + if license.Revoked { + return nil, &LicenseError{Code: "KEY_REVOKED", Message: "Licenca je opozvana"} + } + + if !license.Active { + return nil, &LicenseError{Code: "KEY_REVOKED", Message: "Licenca nije aktivna"} + } + + if license.IsExpired() && !license.IsInGrace() { + return nil, &LicenseError{Code: "KEY_EXPIRED", Message: "Licenca je istekla"} + } + + // Check existing activation + existing, err := s.activations.GetActiveByLicense(license.ID) + if err == nil && existing != nil { + if existing.MachineFingerprint == req.MachineFingerprint { + // Same machine — refresh + s.activations.UpdateLastSeen(existing.ID) + } else { + return nil, &LicenseError{ + Code: "ALREADY_ACTIVATED", + Message: "Licenca je vec aktivirana na drugom racunaru", + Details: map[string]interface{}{ + "activated_on": existing.Hostname, + "activated_at": existing.ActivatedAt.Format(time.RFC3339), + }, + } + } + } else { + // New activation + _, err = s.activations.Create(&model.Activation{ + LicenseID: license.ID, + MachineFingerprint: req.MachineFingerprint, + Hostname: req.Hostname, + OSInfo: req.OS, + AppVersion: req.AppVersion, + IPAddress: ip, + }) + if err != nil { + return nil, fmt.Errorf("activate: %w", err) + } + } + + s.audit.Log(&license.ID, "ACTIVATE", ip, map[string]interface{}{ + "fingerprint": req.MachineFingerprint, + "hostname": req.Hostname, + "os": req.OS, + "app_version": req.AppVersion, + }) + + // Build signed license data + licenseJSON, err := s.licSvc.BuildLicenseData(license, req.MachineFingerprint) + if err != nil { + return nil, fmt.Errorf("build license data: %w", err) + } + + signature, err := s.crypto.Sign(licenseJSON) + if err != nil { + return nil, fmt.Errorf("sign license: %w", err) + } + + var ld model.LicenseData + json.Unmarshal(licenseJSON, &ld) + + return &model.ActivateResponse{ + License: ld, + Signature: signature, + }, nil +} + +func (s *ActivationService) Deactivate(req *model.DeactivateRequest, ip string) (*model.DeactivateResponse, error) { + license, err := s.licenses.GetByKey(req.LicenseKey) + if err != nil { + return nil, &LicenseError{Code: "INVALID_KEY", Message: "Licencni kljuc nije pronadjen"} + } + + act, err := s.activations.GetByLicenseAndFingerprint(license.ID, req.MachineFingerprint) + if err != nil || act == nil { + return nil, &LicenseError{Code: "NOT_ACTIVATED", Message: "Licenca nije aktivirana na ovom racunaru"} + } + + s.activations.Deactivate(license.ID, req.MachineFingerprint) + + s.audit.Log(&license.ID, "DEACTIVATE", ip, map[string]interface{}{ + "fingerprint": req.MachineFingerprint, + }) + + return &model.DeactivateResponse{ + Message: "Licenca uspesno deaktivirana", + CanReactivate: true, + }, nil +} + +func (s *ActivationService) Validate(req *model.ValidateRequest, ip string) (*model.ValidateResponse, error) { + license, err := s.licenses.GetByKey(req.LicenseKey) + if err != nil { + return &model.ValidateResponse{Valid: false}, nil + } + + // Update last_seen + act, err := s.activations.GetByLicenseAndFingerprint(license.ID, req.MachineFingerprint) + if err == nil && act != nil { + s.activations.UpdateLastSeen(act.ID) + } + + s.audit.Log(&license.ID, "VALIDATE", ip, map[string]interface{}{ + "fingerprint": req.MachineFingerprint, + }) + + expiresAt := "" + if license.ExpiresAt.Valid { + expiresAt = license.ExpiresAt.Time.Format(time.RFC3339) + } + + valid := license.Active && !license.Revoked + if license.IsExpired() && !license.IsInGrace() { + valid = false + } + + return &model.ValidateResponse{ + Valid: valid, + ExpiresAt: expiresAt, + Revoked: license.Revoked, + }, nil +} + +func (s *ActivationService) ForceRelease(licenseID int64, ip string) error { + s.activations.ForceRelease(licenseID) + s.audit.Log(&licenseID, "FORCE_RELEASE", ip, nil) + return nil +} + +func (s *ActivationService) ListByLicense(licenseID int64) ([]model.Activation, error) { + return s.activations.ListByLicense(licenseID) +} + +// LicenseError is a typed error for client API +type LicenseError struct { + Code string + Message string + Details interface{} +} + +func (e *LicenseError) Error() string { + return e.Message +} + +// Needed to satisfy import +var _ = sql.NullTime{} diff --git a/internal/service/crypto_service.go b/internal/service/crypto_service.go new file mode 100644 index 0000000..e6ee4c6 --- /dev/null +++ b/internal/service/crypto_service.go @@ -0,0 +1,63 @@ +package service + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/base64" + "encoding/pem" + "fmt" + "os" +) + +type CryptoService struct { + privateKey *rsa.PrivateKey +} + +func NewCryptoService(keyPath string) (*CryptoService, error) { + data, err := os.ReadFile(keyPath) + if err != nil { + return nil, fmt.Errorf("read private key: %w", err) + } + + block, _ := pem.Decode(data) + if block == nil { + return nil, fmt.Errorf("failed to decode PEM block") + } + + key, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + // Try PKCS8 + pkcs8Key, err2 := x509.ParsePKCS8PrivateKey(block.Bytes) + if err2 != nil { + return nil, fmt.Errorf("parse private key: %w", err) + } + var ok bool + key, ok = pkcs8Key.(*rsa.PrivateKey) + if !ok { + return nil, fmt.Errorf("not an RSA private key") + } + } + + return &CryptoService{privateKey: key}, nil +} + +func (s *CryptoService) Sign(data []byte) (string, error) { + hash := sha256.Sum256(data) + sig, err := rsa.SignPKCS1v15(rand.Reader, s.privateKey, crypto.SHA256, hash[:]) + if err != nil { + return "", fmt.Errorf("sign: %w", err) + } + return "RSA-SHA256:" + base64.StdEncoding.EncodeToString(sig), nil +} + +func (s *CryptoService) PublicKeyPEM() (string, error) { + pubBytes, err := x509.MarshalPKIXPublicKey(&s.privateKey.PublicKey) + if err != nil { + return "", err + } + block := &pem.Block{Type: "PUBLIC KEY", Bytes: pubBytes} + return string(pem.EncodeToMemory(block)), nil +} diff --git a/internal/service/crypto_service_test.go b/internal/service/crypto_service_test.go new file mode 100644 index 0000000..fc92ba0 --- /dev/null +++ b/internal/service/crypto_service_test.go @@ -0,0 +1,147 @@ +package service + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/base64" + "encoding/pem" + "os" + "path/filepath" + "strings" + "testing" +) + +func setupTestKey(t *testing.T) (string, *rsa.PrivateKey) { + t.Helper() + key, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + t.Fatal(err) + } + + dir := t.TempDir() + path := filepath.Join(dir, "test_private.pem") + + keyBytes := x509.MarshalPKCS1PrivateKey(key) + block := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: keyBytes} + + f, err := os.Create(path) + if err != nil { + t.Fatal(err) + } + pem.Encode(f, block) + f.Close() + + return path, key +} + +func TestNewCryptoService(t *testing.T) { + path, _ := setupTestKey(t) + + svc, err := NewCryptoService(path) + if err != nil { + t.Fatalf("NewCryptoService error: %v", err) + } + if svc == nil { + t.Fatal("CryptoService je nil") + } +} + +func TestNewCryptoService_InvalidPath(t *testing.T) { + _, err := NewCryptoService("/nonexistent/path.pem") + if err == nil { + t.Error("ocekivana greska za nepostojeci fajl") + } +} + +func TestNewCryptoService_InvalidPEM(t *testing.T) { + dir := t.TempDir() + path := filepath.Join(dir, "bad.pem") + os.WriteFile(path, []byte("not a pem file"), 0600) + + _, err := NewCryptoService(path) + if err == nil { + t.Error("ocekivana greska za nevalidan PEM") + } +} + +func TestSign_Format(t *testing.T) { + path, _ := setupTestKey(t) + svc, _ := NewCryptoService(path) + + sig, err := svc.Sign([]byte("test data")) + if err != nil { + t.Fatalf("Sign error: %v", err) + } + + if !strings.HasPrefix(sig, "RSA-SHA256:") { + t.Errorf("potpis nema RSA-SHA256: prefix: %s", sig) + } + + // Verify base64 part is valid + b64 := strings.TrimPrefix(sig, "RSA-SHA256:") + _, err = base64.StdEncoding.DecodeString(b64) + if err != nil { + t.Errorf("base64 deo potpisa nije validan: %v", err) + } +} + +func TestSign_VerifyWithPublicKey(t *testing.T) { + path, privKey := setupTestKey(t) + svc, _ := NewCryptoService(path) + + data := []byte(`{"license_key":"LT-TEST-1234","product":"LIGHT_TICKET"}`) + sig, err := svc.Sign(data) + if err != nil { + t.Fatal(err) + } + + // Extract base64 signature + b64 := strings.TrimPrefix(sig, "RSA-SHA256:") + sigBytes, _ := base64.StdEncoding.DecodeString(b64) + + // Verify with public key + hash := sha256.Sum256(data) + err = rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, hash[:], sigBytes) + if err != nil { + t.Errorf("potpis nije validan: %v", err) + } +} + +func TestSign_TamperedData(t *testing.T) { + path, privKey := setupTestKey(t) + svc, _ := NewCryptoService(path) + + data := []byte(`{"license_key":"LT-TEST-1234"}`) + sig, _ := svc.Sign(data) + + b64 := strings.TrimPrefix(sig, "RSA-SHA256:") + sigBytes, _ := base64.StdEncoding.DecodeString(b64) + + // Tamper with data + tampered := []byte(`{"license_key":"LT-FAKE-9999"}`) + hash := sha256.Sum256(tampered) + err := rsa.VerifyPKCS1v15(&privKey.PublicKey, crypto.SHA256, hash[:], sigBytes) + if err == nil { + t.Error("tampered data ne sme proci verifikaciju") + } +} + +func TestPublicKeyPEM(t *testing.T) { + path, _ := setupTestKey(t) + svc, _ := NewCryptoService(path) + + pubPEM, err := svc.PublicKeyPEM() + if err != nil { + t.Fatal(err) + } + + if !strings.Contains(pubPEM, "BEGIN PUBLIC KEY") { + t.Error("public key PEM nema ocekivani header") + } + if !strings.Contains(pubPEM, "END PUBLIC KEY") { + t.Error("public key PEM nema ocekivani footer") + } +} diff --git a/internal/service/keygen.go b/internal/service/keygen.go new file mode 100644 index 0000000..f23db3f --- /dev/null +++ b/internal/service/keygen.go @@ -0,0 +1,26 @@ +package service + +import ( + "crypto/rand" + "math/big" + "strings" +) + +// Characters: A-H, J-N, P-Y, 2-9 (no O/0/I/1) +const keyChars = "ABCDEFGHJKMNPQRSTUVWXY23456789" + +func GenerateKey(prefix string) (string, error) { + groups := make([]string, 4) + for i := range groups { + group := make([]byte, 4) + for j := range group { + idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(keyChars)))) + if err != nil { + return "", err + } + group[j] = keyChars[idx.Int64()] + } + groups[i] = string(group) + } + return prefix + strings.Join(groups, "-"), nil +} diff --git a/internal/service/keygen_test.go b/internal/service/keygen_test.go new file mode 100644 index 0000000..d51e7ce --- /dev/null +++ b/internal/service/keygen_test.go @@ -0,0 +1,81 @@ +package service + +import ( + "strings" + "testing" +) + +func TestGenerateKey_Format(t *testing.T) { + prefixes := []string{"ESIR-", "ARV-", "LT-"} + + for _, prefix := range prefixes { + key, err := GenerateKey(prefix) + if err != nil { + t.Fatalf("GenerateKey(%q) error: %v", prefix, err) + } + + if !strings.HasPrefix(key, prefix) { + t.Errorf("key %q nema prefix %q", key, prefix) + } + + // Remove prefix, check 4 groups of 4 chars separated by dashes + rest := strings.TrimPrefix(key, prefix) + groups := strings.Split(rest, "-") + if len(groups) != 4 { + t.Errorf("key %q: ocekivano 4 grupe, dobijeno %d", key, len(groups)) + } + for i, g := range groups { + if len(g) != 4 { + t.Errorf("key %q: grupa %d ima %d karaktera umesto 4", key, i, len(g)) + } + } + } +} + +func TestGenerateKey_ValidChars(t *testing.T) { + key, err := GenerateKey("TEST-") + if err != nil { + t.Fatal(err) + } + + rest := strings.TrimPrefix(key, "TEST-") + rest = strings.ReplaceAll(rest, "-", "") + + for _, c := range rest { + if !strings.ContainsRune(keyChars, c) { + t.Errorf("key sadrzi nedozvoljen karakter: %c", c) + } + } +} + +func TestGenerateKey_NoConfusingChars(t *testing.T) { + // Generate multiple keys and check none contain O, 0, I, 1, L, Z + confusing := "OIL01Z" + for i := 0; i < 50; i++ { + key, err := GenerateKey("T-") + if err != nil { + t.Fatal(err) + } + rest := strings.TrimPrefix(key, "T-") + rest = strings.ReplaceAll(rest, "-", "") + for _, c := range rest { + if strings.ContainsRune(confusing, c) { + t.Errorf("key sadrzi konfuzan karakter %c: %s", c, key) + } + } + } +} + +func TestGenerateKey_Uniqueness(t *testing.T) { + seen := make(map[string]bool) + for i := 0; i < 100; i++ { + key, err := GenerateKey("U-") + if err != nil { + t.Fatal(err) + } + if seen[key] { + t.Errorf("duplikat kljuca: %s", key) + } + seen[key] = true + } +} diff --git a/internal/service/license_service.go b/internal/service/license_service.go new file mode 100644 index 0000000..a9abf09 --- /dev/null +++ b/internal/service/license_service.go @@ -0,0 +1,195 @@ +package service + +import ( + "dal-license-server/internal/model" + "dal-license-server/internal/repository" + "database/sql" + "encoding/json" + "fmt" + "time" +) + +type LicenseService struct { + repo *repository.LicenseRepo + audit *repository.AuditRepo +} + +func NewLicenseService(repo *repository.LicenseRepo, audit *repository.AuditRepo) *LicenseService { + return &LicenseService{repo: repo, audit: audit} +} + +func (s *LicenseService) Create(req *model.CreateLicenseRequest, ip string) (*model.License, error) { + product, err := s.repo.GetProductByID(req.ProductID) + if err != nil { + return nil, fmt.Errorf("product not found: %w", err) + } + + key, err := GenerateKey(product.KeyPrefix) + if err != nil { + return nil, fmt.Errorf("generate key: %w", err) + } + + limits := req.Limits + if len(limits) == 0 || string(limits) == "" || string(limits) == "null" { + limits = product.DefaultLimits + } + features := req.Features + if len(features) == 0 || string(features) == "" || string(features) == "null" { + features = product.AvailableFeatures + } + graceDays := req.GraceDays + if graceDays == 0 { + graceDays = 30 + } + + l := &model.License{ + ProductID: req.ProductID, + LicenseKey: key, + LicenseType: req.LicenseType, + CustomerName: req.CustomerName, + CustomerPIB: req.CustomerPIB, + CustomerEmail: req.CustomerEmail, + Limits: limits, + Features: features, + GraceDays: graceDays, + Notes: req.Notes, + } + + // Set expiry + switch req.LicenseType { + case "TRIAL": + exp := time.Now().AddDate(0, 0, 30) + l.ExpiresAt = sql.NullTime{Time: exp, Valid: true} + case "MONTHLY": + exp := time.Now().AddDate(0, 1, 0) + l.ExpiresAt = sql.NullTime{Time: exp, Valid: true} + case "ANNUAL": + exp := time.Now().AddDate(1, 0, 0) + l.ExpiresAt = sql.NullTime{Time: exp, Valid: true} + case "PERPETUAL": + l.ExpiresAt = sql.NullTime{Valid: false} + } + + id, err := s.repo.Create(l) + if err != nil { + return nil, err + } + + s.audit.Log(&id, "CREATE", ip, map[string]interface{}{ + "product": product.Code, + "type": req.LicenseType, + "customer": req.CustomerName, + }) + + return s.repo.GetByID(id) +} + +func (s *LicenseService) GetByID(id int64) (*model.License, error) { + return s.repo.GetByID(id) +} + +func (s *LicenseService) GetByKey(key string) (*model.License, error) { + return s.repo.GetByKey(key) +} + +func (s *LicenseService) List(productCode, status, search string) ([]model.LicenseWithActivation, error) { + return s.repo.List(productCode, status, search) +} + +func (s *LicenseService) Update(id int64, req *model.UpdateLicenseRequest, ip string) error { + l, err := s.repo.GetByID(id) + if err != nil { + return err + } + + l.CustomerName = req.CustomerName + l.CustomerPIB = req.CustomerPIB + l.CustomerEmail = req.CustomerEmail + l.Notes = req.Notes + if len(req.Limits) > 0 { + l.Limits = req.Limits + } + if len(req.Features) > 0 { + l.Features = req.Features + } + if req.GraceDays > 0 { + l.GraceDays = req.GraceDays + } + if req.ExpiresAt != "" { + t, err := time.Parse("2006-01-02", req.ExpiresAt) + if err == nil { + l.ExpiresAt = sql.NullTime{Time: t, Valid: true} + } + } + + s.audit.Log(&id, "UPDATE", ip, map[string]interface{}{"customer": req.CustomerName}) + return s.repo.Update(l) +} + +func (s *LicenseService) Revoke(id int64, reason, ip string) error { + s.audit.Log(&id, "REVOKE", ip, map[string]interface{}{"reason": reason}) + return s.repo.Revoke(id, reason) +} + +func (s *LicenseService) GetProducts() ([]model.Product, error) { + return s.repo.GetProducts() +} + +func (s *LicenseService) GetStats() (*model.StatsResponse, error) { + stats := &model.StatsResponse{} + byProduct, err := s.repo.CountByProduct() + if err != nil { + return nil, err + } + stats.ByProduct = byProduct + + for _, p := range byProduct { + stats.TotalLicenses += p.Total + stats.ActiveLicenses += p.Active + stats.ExpiredLicenses += p.Expired + stats.RevokedLicenses += p.Trial // count trials separately + stats.ActiveActivations += p.ActiveActivations + } + + // Fix: count revoked properly + var revoked int + for _, p := range byProduct { + _ = p // need a separate query for revoked + } + _ = revoked + + licenses, _ := s.repo.List("", "revoked", "") + stats.RevokedLicenses = len(licenses) + + return stats, nil +} + +func (s *LicenseService) ExpiringIn(days int) ([]model.License, error) { + return s.repo.ExpiringIn(days) +} + +func (s *LicenseService) BuildLicenseData(l *model.License, fingerprint string) ([]byte, error) { + expiresAt := "" + if l.ExpiresAt.Valid { + expiresAt = l.ExpiresAt.Time.Format(time.RFC3339) + } + + ld := model.LicenseData{ + LicenseKey: l.LicenseKey, + Product: l.ProductCode, + LicenseType: l.LicenseType, + IssuedAt: l.IssuedAt.Format(time.RFC3339), + ExpiresAt: expiresAt, + ActivatedAt: time.Now().Format(time.RFC3339), + MachineFingerprint: fingerprint, + GraceDays: l.GraceDays, + Limits: l.Limits, + Features: l.Features, + Customer: model.CustomerData{ + Name: l.CustomerName, + Email: l.CustomerEmail, + }, + } + + return json.Marshal(ld) +} diff --git a/migrations/001_create_tables.sql b/migrations/001_create_tables.sql new file mode 100644 index 0000000..bd63187 --- /dev/null +++ b/migrations/001_create_tables.sql @@ -0,0 +1,67 @@ +CREATE TABLE IF NOT EXISTS products ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + code VARCHAR(20) NOT NULL UNIQUE, + name VARCHAR(100) NOT NULL, + key_prefix VARCHAR(10) NOT NULL, + default_limits JSON, + available_features JSON, + active BOOLEAN DEFAULT TRUE, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP +); + +CREATE TABLE IF NOT EXISTS licenses ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + product_id BIGINT NOT NULL, + license_key VARCHAR(25) NOT NULL UNIQUE, + license_type VARCHAR(20) NOT NULL, + customer_name VARCHAR(255) NOT NULL, + customer_pib VARCHAR(20) DEFAULT '', + customer_email VARCHAR(255) DEFAULT '', + limits_json JSON NOT NULL, + features JSON NOT NULL, + issued_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + expires_at TIMESTAMP NULL, + grace_days INT DEFAULT 30, + active BOOLEAN DEFAULT TRUE, + revoked BOOLEAN DEFAULT FALSE, + revoked_at TIMESTAMP NULL, + revoked_reason TEXT, + notes TEXT, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + FOREIGN KEY (product_id) REFERENCES products(id), + INDEX idx_licenses_product (product_id), + INDEX idx_licenses_customer (customer_name), + INDEX idx_licenses_expires (expires_at) +); + +CREATE TABLE IF NOT EXISTS activations ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + license_id BIGINT NOT NULL, + machine_fingerprint VARCHAR(100) NOT NULL, + hostname VARCHAR(100) DEFAULT '', + os_info VARCHAR(50) DEFAULT '', + app_version VARCHAR(20) DEFAULT '', + ip_address VARCHAR(45) DEFAULT '', + activated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + deactivated_at TIMESTAMP NULL, + is_active BOOLEAN DEFAULT TRUE, + last_seen_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (license_id) REFERENCES licenses(id), + INDEX idx_activations_license (license_id), + INDEX idx_activations_fingerprint (machine_fingerprint), + INDEX idx_activations_active (license_id, is_active) +); + +CREATE TABLE IF NOT EXISTS audit_log ( + id BIGINT PRIMARY KEY AUTO_INCREMENT, + license_id BIGINT NULL, + action VARCHAR(30) NOT NULL, + ip_address VARCHAR(45) DEFAULT '', + details JSON, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + FOREIGN KEY (license_id) REFERENCES licenses(id), + INDEX idx_audit_license (license_id), + INDEX idx_audit_action (action), + INDEX idx_audit_created (created_at) +); diff --git a/migrations/002_seed_products.sql b/migrations/002_seed_products.sql new file mode 100644 index 0000000..3ad6536 --- /dev/null +++ b/migrations/002_seed_products.sql @@ -0,0 +1,10 @@ +INSERT IGNORE INTO products (code, name, key_prefix, default_limits, available_features) VALUES +('ESIR', 'ESIR Fiskalizacija', 'ESIR-', + '{"max_installations": 1}', + '["FISCALIZATION", "REPORTS"]'), +('ARV', 'ARV Evidencija RV', 'ARV-', + '{"max_employees": 50, "max_readers": 4}', + '["TIME_ATTENDANCE", "BASIC_REPORTS", "EMPLOYEE_MANAGEMENT", "SHIFTS", "HR_MODULE", "ACCESS_CONTROL"]'), +('LIGHT_TICKET', 'Light-Ticket', 'LT-', + '{"max_operators": 3}', + '["TICKET_VALIDATION", "REPORTS", "EXCEL_EXPORT", "LIVE_FEED"]'); diff --git a/static/css/style.css b/static/css/style.css new file mode 100644 index 0000000..6f5abd1 --- /dev/null +++ b/static/css/style.css @@ -0,0 +1,89 @@ +* { margin: 0; padding: 0; box-sizing: border-box; } +body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: #f5f5f5; color: #333; } +.container { max-width: 1200px; margin: 0 auto; padding: 2rem; } +.navbar { background: #1a1a2e; color: #fff; padding: 0.75rem 2rem; display: flex; align-items: center; gap: 2rem; } +.nav-brand { font-size: 1.2rem; font-weight: 700; } +.nav-links { display: flex; gap: 1rem; flex: 1; } +.nav-links a { color: #aaa; text-decoration: none; padding: 0.5rem 1rem; border-radius: 4px; } +.nav-links a:hover, .nav-links a.active { color: #fff; background: rgba(255,255,255,0.1); } +.nav-user { display: flex; align-items: center; gap: 1rem; } + +h1 { margin-bottom: 1.5rem; color: #1a1a2e; } +h2 { margin: 2rem 0 1rem; color: #333; } + +.btn { display: inline-block; padding: 0.5rem 1rem; border: 1px solid #ddd; background: #fff; color: #333; border-radius: 4px; cursor: pointer; text-decoration: none; font-size: 0.9rem; } +.btn:hover { background: #f0f0f0; } +.btn-primary { background: #2563eb; color: #fff; border-color: #2563eb; } +.btn-primary:hover { background: #1d4ed8; } +.btn-danger { background: #dc2626; color: #fff; border-color: #dc2626; } +.btn-danger:hover { background: #b91c1c; } +.btn-warning { background: #f59e0b; color: #fff; border-color: #f59e0b; } +.btn-sm { padding: 0.25rem 0.75rem; font-size: 0.85rem; } +.btn-full { width: 100%; } + +.table { width: 100%; border-collapse: collapse; background: #fff; border-radius: 8px; overflow: hidden; box-shadow: 0 1px 3px rgba(0,0,0,0.1); } +.table th, .table td { padding: 0.75rem 1rem; text-align: left; border-bottom: 1px solid #eee; } +.table th { background: #f8f9fa; font-weight: 600; color: #555; font-size: 0.85rem; text-transform: uppercase; } +.table tr:hover { background: #f8f9fa; } +.text-center { text-align: center; } +code { background: #f1f5f9; padding: 0.15rem 0.5rem; border-radius: 3px; font-size: 0.85rem; } + +.badge { display: inline-block; padding: 0.2rem 0.6rem; border-radius: 12px; font-size: 0.75rem; font-weight: 600; } +.status-active { background: #dcfce7; color: #166534; } +.status-trial { background: #dbeafe; color: #1e40af; } +.status-grace { background: #fef3c7; color: #92400e; } +.status-expired { background: #fee2e2; color: #991b1b; } +.status-revoked { background: #fecaca; color: #991b1b; } +.badge-ACTIVATE { background: #dcfce7; color: #166534; } +.badge-DEACTIVATE { background: #fef3c7; color: #92400e; } +.badge-VALIDATE { background: #dbeafe; color: #1e40af; } +.badge-REVOKE { background: #fee2e2; color: #991b1b; } +.badge-FORCE_RELEASE { background: #fecaca; color: #991b1b; } +.badge-CREATE { background: #e0e7ff; color: #3730a3; } +.badge-UPDATE { background: #f3e8ff; color: #6b21a8; } + +.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem; margin-bottom: 2rem; } +.stat-card { background: #fff; border-radius: 8px; padding: 1.5rem; box-shadow: 0 1px 3px rgba(0,0,0,0.1); } +.stat-card .stat-label { font-size: 1rem; font-weight: 700; color: #1a1a2e; margin-bottom: 0.75rem; } +.stat-row { display: flex; justify-content: space-between; padding: 0.2rem 0; font-size: 0.9rem; } + +.login-container { max-width: 400px; margin: 100px auto; padding: 2rem; } +.login-container h1 { text-align: center; margin-bottom: 2rem; } +.login-form { background: #fff; padding: 2rem; border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.1); } +.form-group { margin-bottom: 1rem; } +.form-group label { display: block; margin-bottom: 0.4rem; font-weight: 600; font-size: 0.9rem; } +.form-group input, .form-group select, .form-group textarea { width: 100%; padding: 0.6rem; border: 1px solid #ddd; border-radius: 4px; font-size: 0.95rem; } +.form-group textarea { resize: vertical; } + +.form-card { background: #fff; padding: 2rem; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); max-width: 700px; } +.form-row { display: grid; grid-template-columns: 1fr 1fr; gap: 1rem; } +.form-actions { margin-top: 1.5rem; display: flex; gap: 1rem; } + +.filter-form { display: flex; gap: 0.75rem; margin-bottom: 1.5rem; flex-wrap: wrap; } +.filter-form select, .filter-form input { padding: 0.5rem; border: 1px solid #ddd; border-radius: 4px; } + +.page-header { display: flex; align-items: center; gap: 1rem; margin-bottom: 1.5rem; } +.page-header h1 { margin-bottom: 0; } + +.detail-grid { display: grid; grid-template-columns: 2fr 1fr; gap: 1.5rem; margin-bottom: 2rem; } +.detail-card { background: #fff; border-radius: 8px; padding: 1.5rem; box-shadow: 0 1px 3px rgba(0,0,0,0.1); } +.detail-card h3 { margin-bottom: 1rem; } +.detail-table { width: 100%; } +.detail-table td { padding: 0.4rem 0; vertical-align: top; } +.detail-table td:first-child { font-weight: 600; width: 140px; color: #666; } +.detail-table pre { margin: 0; font-size: 0.85rem; white-space: pre-wrap; } + +.action-form { margin-bottom: 1rem; } +.action-form input { padding: 0.5rem; border: 1px solid #ddd; border-radius: 4px; width: 100%; margin-bottom: 0.5rem; } + +.audit-details { margin: 0; font-size: 0.8rem; max-width: 300px; overflow: hidden; white-space: pre-wrap; word-break: break-all; } + +.alert { padding: 0.75rem 1rem; border-radius: 4px; margin-bottom: 1rem; } +.alert-error { background: #fee2e2; color: #991b1b; border: 1px solid #fecaca; } + +@media (max-width: 768px) { + .navbar { flex-wrap: wrap; } + .detail-grid { grid-template-columns: 1fr; } + .form-row { grid-template-columns: 1fr; } + .filter-form { flex-direction: column; } +} diff --git a/static/js/htmx.min.js b/static/js/htmx.min.js new file mode 100644 index 0000000..59937d7 --- /dev/null +++ b/static/js/htmx.min.js @@ -0,0 +1 @@ +var htmx=function(){"use strict";const Q={onLoad:null,process:null,on:null,off:null,trigger:null,ajax:null,find:null,findAll:null,closest:null,values:function(e,t){const n=cn(e,t||"post");return n.values},remove:null,addClass:null,removeClass:null,toggleClass:null,takeClass:null,swap:null,defineExtension:null,removeExtension:null,logAll:null,logNone:null,logger:null,config:{historyEnabled:true,historyCacheSize:10,refreshOnHistoryMiss:false,defaultSwapStyle:"innerHTML",defaultSwapDelay:0,defaultSettleDelay:20,includeIndicatorStyles:true,indicatorClass:"htmx-indicator",requestClass:"htmx-request",addedClass:"htmx-added",settlingClass:"htmx-settling",swappingClass:"htmx-swapping",allowEval:true,allowScriptTags:true,inlineScriptNonce:"",inlineStyleNonce:"",attributesToSettle:["class","style","width","height"],withCredentials:false,timeout:0,wsReconnectDelay:"full-jitter",wsBinaryType:"blob",disableSelector:"[hx-disable], [data-hx-disable]",scrollBehavior:"instant",defaultFocusScroll:false,getCacheBusterParam:false,globalViewTransitions:false,methodsThatUseUrlParams:["get","delete"],selfRequestsOnly:true,ignoreTitle:false,scrollIntoViewOnBoost:true,triggerSpecsCache:null,disableInheritance:false,responseHandling:[{code:"204",swap:false},{code:"[23]..",swap:true},{code:"[45]..",swap:false,error:true}],allowNestedOobSwaps:true},parseInterval:null,_:null,version:"2.0.4"};Q.onLoad=j;Q.process=kt;Q.on=ye;Q.off=be;Q.trigger=he;Q.ajax=Rn;Q.find=u;Q.findAll=x;Q.closest=g;Q.remove=z;Q.addClass=K;Q.removeClass=G;Q.toggleClass=W;Q.takeClass=Z;Q.swap=$e;Q.defineExtension=Fn;Q.removeExtension=Bn;Q.logAll=V;Q.logNone=_;Q.parseInterval=d;Q._=e;const n={addTriggerHandler:St,bodyContains:le,canAccessLocalStorage:B,findThisElement:Se,filterValues:hn,swap:$e,hasAttribute:s,getAttributeValue:te,getClosestAttributeValue:re,getClosestMatch:o,getExpressionVars:En,getHeaders:fn,getInputValues:cn,getInternalData:ie,getSwapSpecification:gn,getTriggerSpecs:st,getTarget:Ee,makeFragment:P,mergeObjects:ce,makeSettleInfo:xn,oobSwap:He,querySelectorExt:ae,settleImmediately:Kt,shouldCancel:ht,triggerEvent:he,triggerErrorEvent:fe,withExtensions:Ft};const r=["get","post","put","delete","patch"];const H=r.map(function(e){return"[hx-"+e+"], [data-hx-"+e+"]"}).join(", ");function d(e){if(e==undefined){return undefined}let t=NaN;if(e.slice(-2)=="ms"){t=parseFloat(e.slice(0,-2))}else if(e.slice(-1)=="s"){t=parseFloat(e.slice(0,-1))*1e3}else if(e.slice(-1)=="m"){t=parseFloat(e.slice(0,-1))*1e3*60}else{t=parseFloat(e)}return isNaN(t)?undefined:t}function ee(e,t){return e instanceof Element&&e.getAttribute(t)}function s(e,t){return!!e.hasAttribute&&(e.hasAttribute(t)||e.hasAttribute("data-"+t))}function te(e,t){return ee(e,t)||ee(e,"data-"+t)}function c(e){const t=e.parentElement;if(!t&&e.parentNode instanceof ShadowRoot)return e.parentNode;return t}function ne(){return document}function m(e,t){return e.getRootNode?e.getRootNode({composed:t}):ne()}function o(e,t){while(e&&!t(e)){e=c(e)}return e||null}function i(e,t,n){const r=te(t,n);const o=te(t,"hx-disinherit");var i=te(t,"hx-inherit");if(e!==t){if(Q.config.disableInheritance){if(i&&(i==="*"||i.split(" ").indexOf(n)>=0)){return r}else{return null}}if(o&&(o==="*"||o.split(" ").indexOf(n)>=0)){return"unset"}}return r}function re(t,n){let r=null;o(t,function(e){return!!(r=i(t,ue(e),n))});if(r!=="unset"){return r}}function h(e,t){const n=e instanceof Element&&(e.matches||e.matchesSelector||e.msMatchesSelector||e.mozMatchesSelector||e.webkitMatchesSelector||e.oMatchesSelector);return!!n&&n.call(e,t)}function T(e){const t=/<([a-z][^\/\0>\x20\t\r\n\f]*)/i;const n=t.exec(e);if(n){return n[1].toLowerCase()}else{return""}}function q(e){const t=new DOMParser;return t.parseFromString(e,"text/html")}function L(e,t){while(t.childNodes.length>0){e.append(t.childNodes[0])}}function A(e){const t=ne().createElement("script");se(e.attributes,function(e){t.setAttribute(e.name,e.value)});t.textContent=e.textContent;t.async=false;if(Q.config.inlineScriptNonce){t.nonce=Q.config.inlineScriptNonce}return t}function N(e){return e.matches("script")&&(e.type==="text/javascript"||e.type==="module"||e.type==="")}function I(e){Array.from(e.querySelectorAll("script")).forEach(e=>{if(N(e)){const t=A(e);const n=e.parentNode;try{n.insertBefore(t,e)}catch(e){O(e)}finally{e.remove()}}})}function P(e){const t=e.replace(/]*)?>[\s\S]*?<\/head>/i,"");const n=T(t);let r;if(n==="html"){r=new DocumentFragment;const i=q(e);L(r,i.body);r.title=i.title}else if(n==="body"){r=new DocumentFragment;const i=q(t);L(r,i.body);r.title=i.title}else{const i=q('");r=i.querySelector("template").content;r.title=i.title;var o=r.querySelector("title");if(o&&o.parentNode===r){o.remove();r.title=o.innerText}}if(r){if(Q.config.allowScriptTags){I(r)}else{r.querySelectorAll("script").forEach(e=>e.remove())}}return r}function oe(e){if(e){e()}}function t(e,t){return Object.prototype.toString.call(e)==="[object "+t+"]"}function k(e){return typeof e==="function"}function D(e){return t(e,"Object")}function ie(e){const t="htmx-internal-data";let n=e[t];if(!n){n=e[t]={}}return n}function M(t){const n=[];if(t){for(let e=0;e=0}function le(e){return e.getRootNode({composed:true})===document}function F(e){return e.trim().split(/\s+/)}function ce(e,t){for(const n in t){if(t.hasOwnProperty(n)){e[n]=t[n]}}return e}function S(e){try{return JSON.parse(e)}catch(e){O(e);return null}}function B(){const e="htmx:localStorageTest";try{localStorage.setItem(e,e);localStorage.removeItem(e);return true}catch(e){return false}}function U(t){try{const e=new URL(t);if(e){t=e.pathname+e.search}if(!/^\/$/.test(t)){t=t.replace(/\/+$/,"")}return t}catch(e){return t}}function e(e){return vn(ne().body,function(){return eval(e)})}function j(t){const e=Q.on("htmx:load",function(e){t(e.detail.elt)});return e}function V(){Q.logger=function(e,t,n){if(console){console.log(t,e,n)}}}function _(){Q.logger=null}function u(e,t){if(typeof e!=="string"){return e.querySelector(t)}else{return u(ne(),e)}}function x(e,t){if(typeof e!=="string"){return e.querySelectorAll(t)}else{return x(ne(),e)}}function E(){return window}function z(e,t){e=y(e);if(t){E().setTimeout(function(){z(e);e=null},t)}else{c(e).removeChild(e)}}function ue(e){return e instanceof Element?e:null}function $(e){return e instanceof HTMLElement?e:null}function J(e){return typeof e==="string"?e:null}function f(e){return e instanceof Element||e instanceof Document||e instanceof DocumentFragment?e:null}function K(e,t,n){e=ue(y(e));if(!e){return}if(n){E().setTimeout(function(){K(e,t);e=null},n)}else{e.classList&&e.classList.add(t)}}function G(e,t,n){let r=ue(y(e));if(!r){return}if(n){E().setTimeout(function(){G(r,t);r=null},n)}else{if(r.classList){r.classList.remove(t);if(r.classList.length===0){r.removeAttribute("class")}}}}function W(e,t){e=y(e);e.classList.toggle(t)}function Z(e,t){e=y(e);se(e.parentElement.children,function(e){G(e,t)});K(ue(e),t)}function g(e,t){e=ue(y(e));if(e&&e.closest){return e.closest(t)}else{do{if(e==null||h(e,t)){return e}}while(e=e&&ue(c(e)));return null}}function l(e,t){return e.substring(0,t.length)===t}function Y(e,t){return e.substring(e.length-t.length)===t}function ge(e){const t=e.trim();if(l(t,"<")&&Y(t,"/>")){return t.substring(1,t.length-2)}else{return t}}function p(t,r,n){if(r.indexOf("global ")===0){return p(t,r.slice(7),true)}t=y(t);const o=[];{let t=0;let n=0;for(let e=0;e"){t--}}if(n0){const r=ge(o.shift());let e;if(r.indexOf("closest ")===0){e=g(ue(t),ge(r.substr(8)))}else if(r.indexOf("find ")===0){e=u(f(t),ge(r.substr(5)))}else if(r==="next"||r==="nextElementSibling"){e=ue(t).nextElementSibling}else if(r.indexOf("next ")===0){e=pe(t,ge(r.substr(5)),!!n)}else if(r==="previous"||r==="previousElementSibling"){e=ue(t).previousElementSibling}else if(r.indexOf("previous ")===0){e=me(t,ge(r.substr(9)),!!n)}else if(r==="document"){e=document}else if(r==="window"){e=window}else if(r==="body"){e=document.body}else if(r==="root"){e=m(t,!!n)}else if(r==="host"){e=t.getRootNode().host}else{s.push(r)}if(e){i.push(e)}}if(s.length>0){const e=s.join(",");const c=f(m(t,!!n));i.push(...M(c.querySelectorAll(e)))}return i}var pe=function(t,e,n){const r=f(m(t,n)).querySelectorAll(e);for(let e=0;e=0;e--){const o=r[e];if(o.compareDocumentPosition(t)===Node.DOCUMENT_POSITION_FOLLOWING){return o}}};function ae(e,t){if(typeof e!=="string"){return p(e,t)[0]}else{return p(ne().body,e)[0]}}function y(e,t){if(typeof e==="string"){return u(f(t)||document,e)}else{return e}}function xe(e,t,n,r){if(k(t)){return{target:ne().body,event:J(e),listener:t,options:n}}else{return{target:y(e),event:J(t),listener:n,options:r}}}function ye(t,n,r,o){Vn(function(){const e=xe(t,n,r,o);e.target.addEventListener(e.event,e.listener,e.options)});const e=k(n);return e?n:r}function be(t,n,r){Vn(function(){const e=xe(t,n,r);e.target.removeEventListener(e.event,e.listener)});return k(n)?n:r}const ve=ne().createElement("output");function we(e,t){const n=re(e,t);if(n){if(n==="this"){return[Se(e,t)]}else{const r=p(e,n);if(r.length===0){O('The selector "'+n+'" on '+t+" returned no matches!");return[ve]}else{return r}}}}function Se(e,t){return ue(o(e,function(e){return te(ue(e),t)!=null}))}function Ee(e){const t=re(e,"hx-target");if(t){if(t==="this"){return Se(e,"hx-target")}else{return ae(e,t)}}else{const n=ie(e);if(n.boosted){return ne().body}else{return e}}}function Ce(t){const n=Q.config.attributesToSettle;for(let e=0;e0){s=e.substring(0,e.indexOf(":"));n=e.substring(e.indexOf(":")+1)}else{s=e}o.removeAttribute("hx-swap-oob");o.removeAttribute("data-hx-swap-oob");const r=p(t,n,false);if(r){se(r,function(e){let t;const n=o.cloneNode(true);t=ne().createDocumentFragment();t.appendChild(n);if(!Re(s,e)){t=f(n)}const r={shouldSwap:true,target:e,fragment:t};if(!he(e,"htmx:oobBeforeSwap",r))return;e=r.target;if(r.shouldSwap){qe(t);_e(s,e,e,t,i);Te()}se(i.elts,function(e){he(e,"htmx:oobAfterSwap",r)})});o.parentNode.removeChild(o)}else{o.parentNode.removeChild(o);fe(ne().body,"htmx:oobErrorNoTarget",{content:o})}return e}function Te(){const e=u("#--htmx-preserve-pantry--");if(e){for(const t of[...e.children]){const n=u("#"+t.id);n.parentNode.moveBefore(t,n);n.remove()}e.remove()}}function qe(e){se(x(e,"[hx-preserve], [data-hx-preserve]"),function(e){const t=te(e,"id");const n=ne().getElementById(t);if(n!=null){if(e.moveBefore){let e=u("#--htmx-preserve-pantry--");if(e==null){ne().body.insertAdjacentHTML("afterend","
");e=u("#--htmx-preserve-pantry--")}e.moveBefore(n,null)}else{e.parentNode.replaceChild(n,e)}}})}function Le(l,e,c){se(e.querySelectorAll("[id]"),function(t){const n=ee(t,"id");if(n&&n.length>0){const r=n.replace("'","\\'");const o=t.tagName.replace(":","\\:");const e=f(l);const i=e&&e.querySelector(o+"[id='"+r+"']");if(i&&i!==e){const s=t.cloneNode();Oe(t,i);c.tasks.push(function(){Oe(t,s)})}}})}function Ae(e){return function(){G(e,Q.config.addedClass);kt(ue(e));Ne(f(e));he(e,"htmx:load")}}function Ne(e){const t="[autofocus]";const n=$(h(e,t)?e:e.querySelector(t));if(n!=null){n.focus()}}function a(e,t,n,r){Le(e,n,r);while(n.childNodes.length>0){const o=n.firstChild;K(ue(o),Q.config.addedClass);e.insertBefore(o,t);if(o.nodeType!==Node.TEXT_NODE&&o.nodeType!==Node.COMMENT_NODE){r.tasks.push(Ae(o))}}}function Ie(e,t){let n=0;while(n0}function $e(e,t,r,o){if(!o){o={}}e=y(e);const i=o.contextElement?m(o.contextElement,false):ne();const n=document.activeElement;let s={};try{s={elt:n,start:n?n.selectionStart:null,end:n?n.selectionEnd:null}}catch(e){}const l=xn(e);if(r.swapStyle==="textContent"){e.textContent=t}else{let n=P(t);l.title=n.title;if(o.selectOOB){const u=o.selectOOB.split(",");for(let t=0;t0){E().setTimeout(c,r.settleDelay)}else{c()}}function Je(e,t,n){const r=e.getResponseHeader(t);if(r.indexOf("{")===0){const o=S(r);for(const i in o){if(o.hasOwnProperty(i)){let e=o[i];if(D(e)){n=e.target!==undefined?e.target:n}else{e={value:e}}he(n,i,e)}}}else{const s=r.split(",");for(let e=0;e0){const s=o[0];if(s==="]"){e--;if(e===0){if(n===null){t=t+"true"}o.shift();t+=")})";try{const l=vn(r,function(){return Function(t)()},function(){return true});l.source=t;return l}catch(e){fe(ne().body,"htmx:syntax:error",{error:e,source:t});return null}}}else if(s==="["){e++}if(tt(s,n,i)){t+="(("+i+"."+s+") ? ("+i+"."+s+") : (window."+s+"))"}else{t=t+s}n=o.shift()}}}function C(e,t){let n="";while(e.length>0&&!t.test(e[0])){n+=e.shift()}return n}function rt(e){let t;if(e.length>0&&Ye.test(e[0])){e.shift();t=C(e,Qe).trim();e.shift()}else{t=C(e,v)}return t}const ot="input, textarea, select";function it(e,t,n){const r=[];const o=et(t);do{C(o,w);const l=o.length;const c=C(o,/[,\[\s]/);if(c!==""){if(c==="every"){const u={trigger:"every"};C(o,w);u.pollInterval=d(C(o,/[,\[\s]/));C(o,w);var i=nt(e,o,"event");if(i){u.eventFilter=i}r.push(u)}else{const a={trigger:c};var i=nt(e,o,"event");if(i){a.eventFilter=i}C(o,w);while(o.length>0&&o[0]!==","){const f=o.shift();if(f==="changed"){a.changed=true}else if(f==="once"){a.once=true}else if(f==="consume"){a.consume=true}else if(f==="delay"&&o[0]===":"){o.shift();a.delay=d(C(o,v))}else if(f==="from"&&o[0]===":"){o.shift();if(Ye.test(o[0])){var s=rt(o)}else{var s=C(o,v);if(s==="closest"||s==="find"||s==="next"||s==="previous"){o.shift();const h=rt(o);if(h.length>0){s+=" "+h}}}a.from=s}else if(f==="target"&&o[0]===":"){o.shift();a.target=rt(o)}else if(f==="throttle"&&o[0]===":"){o.shift();a.throttle=d(C(o,v))}else if(f==="queue"&&o[0]===":"){o.shift();a.queue=C(o,v)}else if(f==="root"&&o[0]===":"){o.shift();a[f]=rt(o)}else if(f==="threshold"&&o[0]===":"){o.shift();a[f]=C(o,v)}else{fe(e,"htmx:syntax:error",{token:o.shift()})}C(o,w)}r.push(a)}}if(o.length===l){fe(e,"htmx:syntax:error",{token:o.shift()})}C(o,w)}while(o[0]===","&&o.shift());if(n){n[t]=r}return r}function st(e){const t=te(e,"hx-trigger");let n=[];if(t){const r=Q.config.triggerSpecsCache;n=r&&r[t]||it(e,t,r)}if(n.length>0){return n}else if(h(e,"form")){return[{trigger:"submit"}]}else if(h(e,'input[type="button"], input[type="submit"]')){return[{trigger:"click"}]}else if(h(e,ot)){return[{trigger:"change"}]}else{return[{trigger:"click"}]}}function lt(e){ie(e).cancelled=true}function ct(e,t,n){const r=ie(e);r.timeout=E().setTimeout(function(){if(le(e)&&r.cancelled!==true){if(!gt(n,e,Mt("hx:poll:trigger",{triggerSpec:n,target:e}))){t(e)}ct(e,t,n)}},n.pollInterval)}function ut(e){return location.hostname===e.hostname&&ee(e,"href")&&ee(e,"href").indexOf("#")!==0}function at(e){return g(e,Q.config.disableSelector)}function ft(t,n,e){if(t instanceof HTMLAnchorElement&&ut(t)&&(t.target===""||t.target==="_self")||t.tagName==="FORM"&&String(ee(t,"method")).toLowerCase()!=="dialog"){n.boosted=true;let r,o;if(t.tagName==="A"){r="get";o=ee(t,"href")}else{const i=ee(t,"method");r=i?i.toLowerCase():"get";o=ee(t,"action");if(o==null||o===""){o=ne().location.href}if(r==="get"&&o.includes("?")){o=o.replace(/\?[^#]+/,"")}}e.forEach(function(e){pt(t,function(e,t){const n=ue(e);if(at(n)){b(n);return}de(r,o,n,t)},n,e,true)})}}function ht(e,t){const n=ue(t);if(!n){return false}if(e.type==="submit"||e.type==="click"){if(n.tagName==="FORM"){return true}if(h(n,'input[type="submit"], button')&&(h(n,"[form]")||g(n,"form")!==null)){return true}if(n instanceof HTMLAnchorElement&&n.href&&(n.getAttribute("href")==="#"||n.getAttribute("href").indexOf("#")!==0)){return true}}return false}function dt(e,t){return ie(e).boosted&&e instanceof HTMLAnchorElement&&t.type==="click"&&(t.ctrlKey||t.metaKey)}function gt(e,t,n){const r=e.eventFilter;if(r){try{return r.call(t,n)!==true}catch(e){const o=r.source;fe(ne().body,"htmx:eventFilter:error",{error:e,source:o});return true}}return false}function pt(l,c,e,u,a){const f=ie(l);let t;if(u.from){t=p(l,u.from)}else{t=[l]}if(u.changed){if(!("lastValue"in f)){f.lastValue=new WeakMap}t.forEach(function(e){if(!f.lastValue.has(u)){f.lastValue.set(u,new WeakMap)}f.lastValue.get(u).set(e,e.value)})}se(t,function(i){const s=function(e){if(!le(l)){i.removeEventListener(u.trigger,s);return}if(dt(l,e)){return}if(a||ht(e,l)){e.preventDefault()}if(gt(u,l,e)){return}const t=ie(e);t.triggerSpec=u;if(t.handledFor==null){t.handledFor=[]}if(t.handledFor.indexOf(l)<0){t.handledFor.push(l);if(u.consume){e.stopPropagation()}if(u.target&&e.target){if(!h(ue(e.target),u.target)){return}}if(u.once){if(f.triggeredOnce){return}else{f.triggeredOnce=true}}if(u.changed){const n=event.target;const r=n.value;const o=f.lastValue.get(u);if(o.has(n)&&o.get(n)===r){return}o.set(n,r)}if(f.delayed){clearTimeout(f.delayed)}if(f.throttle){return}if(u.throttle>0){if(!f.throttle){he(l,"htmx:trigger");c(l,e);f.throttle=E().setTimeout(function(){f.throttle=null},u.throttle)}}else if(u.delay>0){f.delayed=E().setTimeout(function(){he(l,"htmx:trigger");c(l,e)},u.delay)}else{he(l,"htmx:trigger");c(l,e)}}};if(e.listenerInfos==null){e.listenerInfos=[]}e.listenerInfos.push({trigger:u.trigger,listener:s,on:i});i.addEventListener(u.trigger,s)})}let mt=false;let xt=null;function yt(){if(!xt){xt=function(){mt=true};window.addEventListener("scroll",xt);window.addEventListener("resize",xt);setInterval(function(){if(mt){mt=false;se(ne().querySelectorAll("[hx-trigger*='revealed'],[data-hx-trigger*='revealed']"),function(e){bt(e)})}},200)}}function bt(e){if(!s(e,"data-hx-revealed")&&X(e)){e.setAttribute("data-hx-revealed","true");const t=ie(e);if(t.initHash){he(e,"revealed")}else{e.addEventListener("htmx:afterProcessNode",function(){he(e,"revealed")},{once:true})}}}function vt(e,t,n,r){const o=function(){if(!n.loaded){n.loaded=true;he(e,"htmx:trigger");t(e)}};if(r>0){E().setTimeout(o,r)}else{o()}}function wt(t,n,e){let i=false;se(r,function(r){if(s(t,"hx-"+r)){const o=te(t,"hx-"+r);i=true;n.path=o;n.verb=r;e.forEach(function(e){St(t,e,n,function(e,t){const n=ue(e);if(g(n,Q.config.disableSelector)){b(n);return}de(r,o,n,t)})})}});return i}function St(r,e,t,n){if(e.trigger==="revealed"){yt();pt(r,n,t,e);bt(ue(r))}else if(e.trigger==="intersect"){const o={};if(e.root){o.root=ae(r,e.root)}if(e.threshold){o.threshold=parseFloat(e.threshold)}const i=new IntersectionObserver(function(t){for(let e=0;e0){t.polling=true;ct(ue(r),n,e)}else{pt(r,n,t,e)}}function Et(e){const t=ue(e);if(!t){return false}const n=t.attributes;for(let e=0;e", "+e).join(""));return o}else{return[]}}function Tt(e){const t=g(ue(e.target),"button, input[type='submit']");const n=Lt(e);if(n){n.lastButtonClicked=t}}function qt(e){const t=Lt(e);if(t){t.lastButtonClicked=null}}function Lt(e){const t=g(ue(e.target),"button, input[type='submit']");if(!t){return}const n=y("#"+ee(t,"form"),t.getRootNode())||g(t,"form");if(!n){return}return ie(n)}function At(e){e.addEventListener("click",Tt);e.addEventListener("focusin",Tt);e.addEventListener("focusout",qt)}function Nt(t,e,n){const r=ie(t);if(!Array.isArray(r.onHandlers)){r.onHandlers=[]}let o;const i=function(e){vn(t,function(){if(at(t)){return}if(!o){o=new Function("event",n)}o.call(t,e)})};t.addEventListener(e,i);r.onHandlers.push({event:e,listener:i})}function It(t){ke(t);for(let e=0;eQ.config.historyCacheSize){i.shift()}while(i.length>0){try{localStorage.setItem("htmx-history-cache",JSON.stringify(i));break}catch(e){fe(ne().body,"htmx:historyCacheError",{cause:e,cache:i});i.shift()}}}function Vt(t){if(!B()){return null}t=U(t);const n=S(localStorage.getItem("htmx-history-cache"))||[];for(let e=0;e=200&&this.status<400){he(ne().body,"htmx:historyCacheMissLoad",i);const e=P(this.response);const t=e.querySelector("[hx-history-elt],[data-hx-history-elt]")||e;const n=Ut();const r=xn(n);kn(e.title);qe(e);Ve(n,t,r);Te();Kt(r.tasks);Bt=o;he(ne().body,"htmx:historyRestore",{path:o,cacheMiss:true,serverResponse:this.response})}else{fe(ne().body,"htmx:historyCacheMissLoadError",i)}};e.send()}function Wt(e){zt();e=e||location.pathname+location.search;const t=Vt(e);if(t){const n=P(t.content);const r=Ut();const o=xn(r);kn(t.title);qe(n);Ve(r,n,o);Te();Kt(o.tasks);E().setTimeout(function(){window.scrollTo(0,t.scroll)},0);Bt=e;he(ne().body,"htmx:historyRestore",{path:e,item:t})}else{if(Q.config.refreshOnHistoryMiss){window.location.reload(true)}else{Gt(e)}}}function Zt(e){let t=we(e,"hx-indicator");if(t==null){t=[e]}se(t,function(e){const t=ie(e);t.requestCount=(t.requestCount||0)+1;e.classList.add.call(e.classList,Q.config.requestClass)});return t}function Yt(e){let t=we(e,"hx-disabled-elt");if(t==null){t=[]}se(t,function(e){const t=ie(e);t.requestCount=(t.requestCount||0)+1;e.setAttribute("disabled","");e.setAttribute("data-disabled-by-htmx","")});return t}function Qt(e,t){se(e.concat(t),function(e){const t=ie(e);t.requestCount=(t.requestCount||1)-1});se(e,function(e){const t=ie(e);if(t.requestCount===0){e.classList.remove.call(e.classList,Q.config.requestClass)}});se(t,function(e){const t=ie(e);if(t.requestCount===0){e.removeAttribute("disabled");e.removeAttribute("data-disabled-by-htmx")}})}function en(t,n){for(let e=0;en.indexOf(e)<0)}else{e=e.filter(e=>e!==n)}r.delete(t);se(e,e=>r.append(t,e))}}function on(t,n,r,o,i){if(o==null||en(t,o)){return}else{t.push(o)}if(tn(o)){const s=ee(o,"name");let e=o.value;if(o instanceof HTMLSelectElement&&o.multiple){e=M(o.querySelectorAll("option:checked")).map(function(e){return e.value})}if(o instanceof HTMLInputElement&&o.files){e=M(o.files)}nn(s,e,n);if(i){sn(o,r)}}if(o instanceof HTMLFormElement){se(o.elements,function(e){if(t.indexOf(e)>=0){rn(e.name,e.value,n)}else{t.push(e)}if(i){sn(e,r)}});new FormData(o).forEach(function(e,t){if(e instanceof File&&e.name===""){return}nn(t,e,n)})}}function sn(e,t){const n=e;if(n.willValidate){he(n,"htmx:validation:validate");if(!n.checkValidity()){t.push({elt:n,message:n.validationMessage,validity:n.validity});he(n,"htmx:validation:failed",{message:n.validationMessage,validity:n.validity})}}}function ln(n,e){for(const t of e.keys()){n.delete(t)}e.forEach(function(e,t){n.append(t,e)});return n}function cn(e,t){const n=[];const r=new FormData;const o=new FormData;const i=[];const s=ie(e);if(s.lastButtonClicked&&!le(s.lastButtonClicked)){s.lastButtonClicked=null}let l=e instanceof HTMLFormElement&&e.noValidate!==true||te(e,"hx-validate")==="true";if(s.lastButtonClicked){l=l&&s.lastButtonClicked.formNoValidate!==true}if(t!=="get"){on(n,o,i,g(e,"form"),l)}on(n,r,i,e,l);if(s.lastButtonClicked||e.tagName==="BUTTON"||e.tagName==="INPUT"&&ee(e,"type")==="submit"){const u=s.lastButtonClicked||e;const a=ee(u,"name");nn(a,u.value,o)}const c=we(e,"hx-include");se(c,function(e){on(n,r,i,ue(e),l);if(!h(e,"form")){se(f(e).querySelectorAll(ot),function(e){on(n,r,i,e,l)})}});ln(r,o);return{errors:i,formData:r,values:An(r)}}function un(e,t,n){if(e!==""){e+="&"}if(String(n)==="[object Object]"){n=JSON.stringify(n)}const r=encodeURIComponent(n);e+=encodeURIComponent(t)+"="+r;return e}function an(e){e=qn(e);let n="";e.forEach(function(e,t){n=un(n,t,e)});return n}function fn(e,t,n){const r={"HX-Request":"true","HX-Trigger":ee(e,"id"),"HX-Trigger-Name":ee(e,"name"),"HX-Target":te(t,"id"),"HX-Current-URL":ne().location.href};bn(e,"hx-headers",false,r);if(n!==undefined){r["HX-Prompt"]=n}if(ie(e).boosted){r["HX-Boosted"]="true"}return r}function hn(n,e){const t=re(e,"hx-params");if(t){if(t==="none"){return new FormData}else if(t==="*"){return n}else if(t.indexOf("not ")===0){se(t.slice(4).split(","),function(e){e=e.trim();n.delete(e)});return n}else{const r=new FormData;se(t.split(","),function(t){t=t.trim();if(n.has(t)){n.getAll(t).forEach(function(e){r.append(t,e)})}});return r}}else{return n}}function dn(e){return!!ee(e,"href")&&ee(e,"href").indexOf("#")>=0}function gn(e,t){const n=t||re(e,"hx-swap");const r={swapStyle:ie(e).boosted?"innerHTML":Q.config.defaultSwapStyle,swapDelay:Q.config.defaultSwapDelay,settleDelay:Q.config.defaultSettleDelay};if(Q.config.scrollIntoViewOnBoost&&ie(e).boosted&&!dn(e)){r.show="top"}if(n){const s=F(n);if(s.length>0){for(let e=0;e0?o.join(":"):null;r.scroll=u;r.scrollTarget=i}else if(l.indexOf("show:")===0){const a=l.slice(5);var o=a.split(":");const f=o.pop();var i=o.length>0?o.join(":"):null;r.show=f;r.showTarget=i}else if(l.indexOf("focus-scroll:")===0){const h=l.slice("focus-scroll:".length);r.focusScroll=h=="true"}else if(e==0){r.swapStyle=l}else{O("Unknown modifier in hx-swap: "+l)}}}}return r}function pn(e){return re(e,"hx-encoding")==="multipart/form-data"||h(e,"form")&&ee(e,"enctype")==="multipart/form-data"}function mn(t,n,r){let o=null;Ft(n,function(e){if(o==null){o=e.encodeParameters(t,r,n)}});if(o!=null){return o}else{if(pn(n)){return ln(new FormData,qn(r))}else{return an(r)}}}function xn(e){return{tasks:[],elts:[e]}}function yn(e,t){const n=e[0];const r=e[e.length-1];if(t.scroll){var o=null;if(t.scrollTarget){o=ue(ae(n,t.scrollTarget))}if(t.scroll==="top"&&(n||o)){o=o||n;o.scrollTop=0}if(t.scroll==="bottom"&&(r||o)){o=o||r;o.scrollTop=o.scrollHeight}}if(t.show){var o=null;if(t.showTarget){let e=t.showTarget;if(t.showTarget==="window"){e="body"}o=ue(ae(n,e))}if(t.show==="top"&&(n||o)){o=o||n;o.scrollIntoView({block:"start",behavior:Q.config.scrollBehavior})}if(t.show==="bottom"&&(r||o)){o=o||r;o.scrollIntoView({block:"end",behavior:Q.config.scrollBehavior})}}}function bn(r,e,o,i){if(i==null){i={}}if(r==null){return i}const s=te(r,e);if(s){let e=s.trim();let t=o;if(e==="unset"){return null}if(e.indexOf("javascript:")===0){e=e.slice(11);t=true}else if(e.indexOf("js:")===0){e=e.slice(3);t=true}if(e.indexOf("{")!==0){e="{"+e+"}"}let n;if(t){n=vn(r,function(){return Function("return ("+e+")")()},{})}else{n=S(e)}for(const l in n){if(n.hasOwnProperty(l)){if(i[l]==null){i[l]=n[l]}}}}return bn(ue(c(r)),e,o,i)}function vn(e,t,n){if(Q.config.allowEval){return t()}else{fe(e,"htmx:evalDisallowedError");return n}}function wn(e,t){return bn(e,"hx-vars",true,t)}function Sn(e,t){return bn(e,"hx-vals",false,t)}function En(e){return ce(wn(e),Sn(e))}function Cn(t,n,r){if(r!==null){try{t.setRequestHeader(n,r)}catch(e){t.setRequestHeader(n,encodeURIComponent(r));t.setRequestHeader(n+"-URI-AutoEncoded","true")}}}function On(t){if(t.responseURL&&typeof URL!=="undefined"){try{const e=new URL(t.responseURL);return e.pathname+e.search}catch(e){fe(ne().body,"htmx:badResponseUrl",{url:t.responseURL})}}}function R(e,t){return t.test(e.getAllResponseHeaders())}function Rn(t,n,r){t=t.toLowerCase();if(r){if(r instanceof Element||typeof r==="string"){return de(t,n,null,null,{targetOverride:y(r)||ve,returnPromise:true})}else{let e=y(r.target);if(r.target&&!e||r.source&&!e&&!y(r.source)){e=ve}return de(t,n,y(r.source),r.event,{handler:r.handler,headers:r.headers,values:r.values,targetOverride:e,swapOverride:r.swap,select:r.select,returnPromise:true})}}else{return de(t,n,null,null,{returnPromise:true})}}function Hn(e){const t=[];while(e){t.push(e);e=e.parentElement}return t}function Tn(e,t,n){let r;let o;if(typeof URL==="function"){o=new URL(t,document.location.href);const i=document.location.origin;r=i===o.origin}else{o=t;r=l(t,document.location.origin)}if(Q.config.selfRequestsOnly){if(!r){return false}}return he(e,"htmx:validateUrl",ce({url:o,sameHost:r},n))}function qn(e){if(e instanceof FormData)return e;const t=new FormData;for(const n in e){if(e.hasOwnProperty(n)){if(e[n]&&typeof e[n].forEach==="function"){e[n].forEach(function(e){t.append(n,e)})}else if(typeof e[n]==="object"&&!(e[n]instanceof Blob)){t.append(n,JSON.stringify(e[n]))}else{t.append(n,e[n])}}}return t}function Ln(r,o,e){return new Proxy(e,{get:function(t,e){if(typeof e==="number")return t[e];if(e==="length")return t.length;if(e==="push"){return function(e){t.push(e);r.append(o,e)}}if(typeof t[e]==="function"){return function(){t[e].apply(t,arguments);r.delete(o);t.forEach(function(e){r.append(o,e)})}}if(t[e]&&t[e].length===1){return t[e][0]}else{return t[e]}},set:function(e,t,n){e[t]=n;r.delete(o);e.forEach(function(e){r.append(o,e)});return true}})}function An(o){return new Proxy(o,{get:function(e,t){if(typeof t==="symbol"){const r=Reflect.get(e,t);if(typeof r==="function"){return function(){return r.apply(o,arguments)}}else{return r}}if(t==="toJSON"){return()=>Object.fromEntries(o)}if(t in e){if(typeof e[t]==="function"){return function(){return o[t].apply(o,arguments)}}else{return e[t]}}const n=o.getAll(t);if(n.length===0){return undefined}else if(n.length===1){return n[0]}else{return Ln(e,t,n)}},set:function(t,n,e){if(typeof n!=="string"){return false}t.delete(n);if(e&&typeof e.forEach==="function"){e.forEach(function(e){t.append(n,e)})}else if(typeof e==="object"&&!(e instanceof Blob)){t.append(n,JSON.stringify(e))}else{t.append(n,e)}return true},deleteProperty:function(e,t){if(typeof t==="string"){e.delete(t)}return true},ownKeys:function(e){return Reflect.ownKeys(Object.fromEntries(e))},getOwnPropertyDescriptor:function(e,t){return Reflect.getOwnPropertyDescriptor(Object.fromEntries(e),t)}})}function de(t,n,r,o,i,D){let s=null;let l=null;i=i!=null?i:{};if(i.returnPromise&&typeof Promise!=="undefined"){var e=new Promise(function(e,t){s=e;l=t})}if(r==null){r=ne().body}const M=i.handler||Dn;const X=i.select||null;if(!le(r)){oe(s);return e}const c=i.targetOverride||ue(Ee(r));if(c==null||c==ve){fe(r,"htmx:targetError",{target:te(r,"hx-target")});oe(l);return e}let u=ie(r);const a=u.lastButtonClicked;if(a){const L=ee(a,"formaction");if(L!=null){n=L}const A=ee(a,"formmethod");if(A!=null){if(A.toLowerCase()!=="dialog"){t=A}}}const f=re(r,"hx-confirm");if(D===undefined){const K=function(e){return de(t,n,r,o,i,!!e)};const G={target:c,elt:r,path:n,verb:t,triggeringEvent:o,etc:i,issueRequest:K,question:f};if(he(r,"htmx:confirm",G)===false){oe(s);return e}}let h=r;let d=re(r,"hx-sync");let g=null;let F=false;if(d){const N=d.split(":");const I=N[0].trim();if(I==="this"){h=Se(r,"hx-sync")}else{h=ue(ae(r,I))}d=(N[1]||"drop").trim();u=ie(h);if(d==="drop"&&u.xhr&&u.abortable!==true){oe(s);return e}else if(d==="abort"){if(u.xhr){oe(s);return e}else{F=true}}else if(d==="replace"){he(h,"htmx:abort")}else if(d.indexOf("queue")===0){const W=d.split(" ");g=(W[1]||"last").trim()}}if(u.xhr){if(u.abortable){he(h,"htmx:abort")}else{if(g==null){if(o){const P=ie(o);if(P&&P.triggerSpec&&P.triggerSpec.queue){g=P.triggerSpec.queue}}if(g==null){g="last"}}if(u.queuedRequests==null){u.queuedRequests=[]}if(g==="first"&&u.queuedRequests.length===0){u.queuedRequests.push(function(){de(t,n,r,o,i)})}else if(g==="all"){u.queuedRequests.push(function(){de(t,n,r,o,i)})}else if(g==="last"){u.queuedRequests=[];u.queuedRequests.push(function(){de(t,n,r,o,i)})}oe(s);return e}}const p=new XMLHttpRequest;u.xhr=p;u.abortable=F;const m=function(){u.xhr=null;u.abortable=false;if(u.queuedRequests!=null&&u.queuedRequests.length>0){const e=u.queuedRequests.shift();e()}};const B=re(r,"hx-prompt");if(B){var x=prompt(B);if(x===null||!he(r,"htmx:prompt",{prompt:x,target:c})){oe(s);m();return e}}if(f&&!D){if(!confirm(f)){oe(s);m();return e}}let y=fn(r,c,x);if(t!=="get"&&!pn(r)){y["Content-Type"]="application/x-www-form-urlencoded"}if(i.headers){y=ce(y,i.headers)}const U=cn(r,t);let b=U.errors;const j=U.formData;if(i.values){ln(j,qn(i.values))}const V=qn(En(r));const v=ln(j,V);let w=hn(v,r);if(Q.config.getCacheBusterParam&&t==="get"){w.set("org.htmx.cache-buster",ee(c,"id")||"true")}if(n==null||n===""){n=ne().location.href}const S=bn(r,"hx-request");const _=ie(r).boosted;let E=Q.config.methodsThatUseUrlParams.indexOf(t)>=0;const C={boosted:_,useUrlParams:E,formData:w,parameters:An(w),unfilteredFormData:v,unfilteredParameters:An(v),headers:y,target:c,verb:t,errors:b,withCredentials:i.credentials||S.credentials||Q.config.withCredentials,timeout:i.timeout||S.timeout||Q.config.timeout,path:n,triggeringEvent:o};if(!he(r,"htmx:configRequest",C)){oe(s);m();return e}n=C.path;t=C.verb;y=C.headers;w=qn(C.parameters);b=C.errors;E=C.useUrlParams;if(b&&b.length>0){he(r,"htmx:validation:halted",C);oe(s);m();return e}const z=n.split("#");const $=z[0];const O=z[1];let R=n;if(E){R=$;const Z=!w.keys().next().done;if(Z){if(R.indexOf("?")<0){R+="?"}else{R+="&"}R+=an(w);if(O){R+="#"+O}}}if(!Tn(r,R,C)){fe(r,"htmx:invalidPath",C);oe(l);return e}p.open(t.toUpperCase(),R,true);p.overrideMimeType("text/html");p.withCredentials=C.withCredentials;p.timeout=C.timeout;if(S.noHeaders){}else{for(const k in y){if(y.hasOwnProperty(k)){const Y=y[k];Cn(p,k,Y)}}}const H={xhr:p,target:c,requestConfig:C,etc:i,boosted:_,select:X,pathInfo:{requestPath:n,finalRequestPath:R,responsePath:null,anchor:O}};p.onload=function(){try{const t=Hn(r);H.pathInfo.responsePath=On(p);M(r,H);if(H.keepIndicators!==true){Qt(T,q)}he(r,"htmx:afterRequest",H);he(r,"htmx:afterOnLoad",H);if(!le(r)){let e=null;while(t.length>0&&e==null){const n=t.shift();if(le(n)){e=n}}if(e){he(e,"htmx:afterRequest",H);he(e,"htmx:afterOnLoad",H)}}oe(s);m()}catch(e){fe(r,"htmx:onLoadError",ce({error:e},H));throw e}};p.onerror=function(){Qt(T,q);fe(r,"htmx:afterRequest",H);fe(r,"htmx:sendError",H);oe(l);m()};p.onabort=function(){Qt(T,q);fe(r,"htmx:afterRequest",H);fe(r,"htmx:sendAbort",H);oe(l);m()};p.ontimeout=function(){Qt(T,q);fe(r,"htmx:afterRequest",H);fe(r,"htmx:timeout",H);oe(l);m()};if(!he(r,"htmx:beforeRequest",H)){oe(s);m();return e}var T=Zt(r);var q=Yt(r);se(["loadstart","loadend","progress","abort"],function(t){se([p,p.upload],function(e){e.addEventListener(t,function(e){he(r,"htmx:xhr:"+t,{lengthComputable:e.lengthComputable,loaded:e.loaded,total:e.total})})})});he(r,"htmx:beforeSend",H);const J=E?null:mn(p,r,w);p.send(J);return e}function Nn(e,t){const n=t.xhr;let r=null;let o=null;if(R(n,/HX-Push:/i)){r=n.getResponseHeader("HX-Push");o="push"}else if(R(n,/HX-Push-Url:/i)){r=n.getResponseHeader("HX-Push-Url");o="push"}else if(R(n,/HX-Replace-Url:/i)){r=n.getResponseHeader("HX-Replace-Url");o="replace"}if(r){if(r==="false"){return{}}else{return{type:o,path:r}}}const i=t.pathInfo.finalRequestPath;const s=t.pathInfo.responsePath;const l=re(e,"hx-push-url");const c=re(e,"hx-replace-url");const u=ie(e).boosted;let a=null;let f=null;if(l){a="push";f=l}else if(c){a="replace";f=c}else if(u){a="push";f=s||i}if(f){if(f==="false"){return{}}if(f==="true"){f=s||i}if(t.pathInfo.anchor&&f.indexOf("#")===-1){f=f+"#"+t.pathInfo.anchor}return{type:a,path:f}}else{return{}}}function In(e,t){var n=new RegExp(e.code);return n.test(t.toString(10))}function Pn(e){for(var t=0;t0){E().setTimeout(e,x.swapDelay)}else{e()}}if(f){fe(o,"htmx:responseError",ce({error:"Response Status Error Code "+s.status+" from "+i.pathInfo.requestPath},i))}}const Mn={};function Xn(){return{init:function(e){return null},getSelectors:function(){return null},onEvent:function(e,t){return true},transformResponse:function(e,t,n){return e},isInlineSwap:function(e){return false},handleSwap:function(e,t,n,r){return false},encodeParameters:function(e,t,n){return null}}}function Fn(e,t){if(t.init){t.init(n)}Mn[e]=ce(Xn(),t)}function Bn(e){delete Mn[e]}function Un(e,n,r){if(n==undefined){n=[]}if(e==undefined){return n}if(r==undefined){r=[]}const t=te(e,"hx-ext");if(t){se(t.split(","),function(e){e=e.replace(/ /g,"");if(e.slice(0,7)=="ignore:"){r.push(e.slice(7));return}if(r.indexOf(e)<0){const t=Mn[e];if(t&&n.indexOf(t)<0){n.push(t)}}})}return Un(ue(c(e)),n,r)}var jn=false;ne().addEventListener("DOMContentLoaded",function(){jn=true});function Vn(e){if(jn||ne().readyState==="complete"){e()}else{ne().addEventListener("DOMContentLoaded",e)}}function _n(){if(Q.config.includeIndicatorStyles!==false){const e=Q.config.inlineStyleNonce?` nonce="${Q.config.inlineStyleNonce}"`:"";ne().head.insertAdjacentHTML("beforeend"," ."+Q.config.indicatorClass+"{opacity:0} ."+Q.config.requestClass+" ."+Q.config.indicatorClass+"{opacity:1; transition: opacity 200ms ease-in;} ."+Q.config.requestClass+"."+Q.config.indicatorClass+"{opacity:1; transition: opacity 200ms ease-in;} ")}}function zn(){const e=ne().querySelector('meta[name="htmx-config"]');if(e){return S(e.content)}else{return null}}function $n(){const e=zn();if(e){Q.config=ce(Q.config,e)}}Vn(function(){$n();_n();let e=ne().body;kt(e);const t=ne().querySelectorAll("[hx-trigger='restored'],[data-hx-trigger='restored']");e.addEventListener("htmx:abort",function(e){const t=e.target;const n=ie(t);if(n&&n.xhr){n.xhr.abort()}});const n=window.onpopstate?window.onpopstate.bind(window):null;window.onpopstate=function(e){if(e.state&&e.state.htmx){Wt();se(t,function(e){he(e,"htmx:restored",{document:ne(),triggerEvent:he})})}else{if(n){n(e)}}};E().setTimeout(function(){he(e,"htmx:load",{});e=null},0)});return Q}(); \ No newline at end of file diff --git a/templates/layout/base.html b/templates/layout/base.html new file mode 100644 index 0000000..25f7f65 --- /dev/null +++ b/templates/layout/base.html @@ -0,0 +1,28 @@ +{{define "app"}} + + + + + {{block "page-title" .}}DAL License Server{{end}} + + + + + +
+ {{block "page-content" .}}{{end}} +
+ +{{end}} diff --git a/templates/pages/audit.html b/templates/pages/audit.html new file mode 100644 index 0000000..f1c1534 --- /dev/null +++ b/templates/pages/audit.html @@ -0,0 +1,30 @@ +{{define "audit.html"}}{{template "app" .}}{{end}} +{{define "page-title"}}Audit Log - DAL License Server{{end}} +{{define "page-content"}} +

Audit Log

+ + + + + + + + + + + + + {{range .Entries}} + + + + + + + + {{else}} + + {{end}} + +
VremeAkcijaLicencaIPDetalji
{{formatDate .CreatedAt}}{{.Action}}{{if .LicenseKey}}{{.LicenseKey}}{{else}}-{{end}}{{.IPAddress}}
{{jsonPretty .Details}}
Nema podataka
+{{end}} diff --git a/templates/pages/dashboard.html b/templates/pages/dashboard.html new file mode 100644 index 0000000..61b6f21 --- /dev/null +++ b/templates/pages/dashboard.html @@ -0,0 +1,54 @@ +{{define "dashboard.html"}}{{template "app" .}}{{end}} +{{define "page-title"}}Dashboard - DAL License Server{{end}} +{{define "page-content"}} +

Dashboard

+ +{{if .Stats}} +
+ {{range .Stats.ByProduct}} +
+
{{.ProductName}}
+
Aktivne: {{.Active}}
+
Istekle: {{.Expired}}
+
Grace: {{.InGrace}}
+
Trial: {{.Trial}}
+
Aktivacija: {{.ActiveActivations}}
+
+ {{end}} +
+{{end}} + +{{if .Expiring}} +

Isticu u narednih 7 dana

+ + + + {{range .Expiring}} + + + + + + + {{end}} + +
KljucProizvodFirmaIstice
{{.LicenseKey}}{{.ProductName}}{{.CustomerName}}{{.ExpiresAtFormatted}}
+{{end}} + +

Poslednja aktivnost

+ + + + {{range .Recent}} + + + + + + + {{else}} + + {{end}} + +
VremeAkcijaLicencaIP
{{formatDate .CreatedAt}}{{.Action}}{{if .LicenseKey}}{{.LicenseKey}}{{else}}-{{end}}{{.IPAddress}}
Nema podataka
+{{end}} diff --git a/templates/pages/license-detail.html b/templates/pages/license-detail.html new file mode 100644 index 0000000..3cc2182 --- /dev/null +++ b/templates/pages/license-detail.html @@ -0,0 +1,77 @@ +{{define "license-detail.html"}}{{template "app" .}}{{end}} +{{define "page-title"}}Licenca {{.License.LicenseKey}} - DAL License Server{{end}} +{{define "page-content"}} +
+

Licenca: {{.License.LicenseKey}}

+ {{.License.StatusText}} +
+ +
+
+

Informacije

+ + + + + + + + + + + + {{if .License.Notes}}{{end}} +
Proizvod{{.License.ProductName}} ({{.License.ProductCode}})
Tip{{.License.LicenseType}}
Firma{{.License.CustomerName}}
PIB{{.License.CustomerPIB}}
Email{{.License.CustomerEmail}}
Izdata{{formatDate .License.IssuedAt}}
Istice{{.License.ExpiresAtFormatted}}
Grace period{{.License.GraceDays}} dana
Limiti
{{jsonPretty .License.Limits}}
Features
{{jsonPretty .License.Features}}
Napomena{{.License.Notes}}
+
+ +
+

Akcije

+ {{if not .License.Revoked}} +
+ + +
+ {{end}} +
+ +
+
+
+ +

Aktivacije

+ + + + {{range .Activations}} + + + + + + + + + + {{else}} + + {{end}} + +
HostnameOSVerzijaIPAktiviranaPoslednji putStatus
{{.Hostname}}{{.OSInfo}}{{.AppVersion}}{{.IPAddress}}{{formatDate .ActivatedAt}}{{formatDate .LastSeenAt}}{{if .IsActive}}Aktivna{{else}}Deaktivirana{{end}}
Nema aktivacija
+ +

Audit Log

+ + + + {{range .Audit}} + + + + + + + {{else}} + + {{end}} + +
VremeAkcijaIPDetalji
{{formatDate .CreatedAt}}{{.Action}}{{.IPAddress}}
{{jsonPretty .Details}}
Nema podataka
+{{end}} diff --git a/templates/pages/license-new.html b/templates/pages/license-new.html new file mode 100644 index 0000000..5963477 --- /dev/null +++ b/templates/pages/license-new.html @@ -0,0 +1,66 @@ +{{define "license-new.html"}}{{template "app" .}}{{end}} +{{define "page-title"}}Nova licenca - DAL License Server{{end}} +{{define "page-content"}} +

Nova licenca

+ +{{if .Error}}
{{.Error}}
{{end}} + +
+
+
+ + +
+
+ + +
+
+ +
+
+ + +
+
+ + +
+
+ +
+ + +
+ +
+
+ + +
+
+ + +
+
+ +
+ + +
+ +
+ + Otkazi +
+
+{{end}} diff --git a/templates/pages/licenses.html b/templates/pages/licenses.html new file mode 100644 index 0000000..17b7dcf --- /dev/null +++ b/templates/pages/licenses.html @@ -0,0 +1,55 @@ +{{define "licenses.html"}}{{template "app" .}}{{end}} +{{define "page-title"}}Licence - DAL License Server{{end}} +{{define "page-content"}} +
+

Licence

+ Nova licenca +
+ +
+ + + + +
+ + + + + + + + + + + + + + + {{range .Licenses}} + + + + + + + + + + {{else}} + + {{end}} + +
KljucProizvodFirmaTipIsticeAktivacijaStatus
{{.LicenseKey}}{{.ProductCode}}{{.CustomerName}}{{.LicenseType}}{{.ExpiresAtFormatted}}{{.ActiveActivations}}{{.StatusText}}
Nema licenci
+{{end}} diff --git a/templates/pages/login.html b/templates/pages/login.html new file mode 100644 index 0000000..d1c25d8 --- /dev/null +++ b/templates/pages/login.html @@ -0,0 +1,22 @@ +{{define "login.html"}} + + + + + Prijava - DAL License Server + + + + + +{{end}}