npm - @kawanua/license-sdk - Versions diffs - 1.0.0 → 1.1.0 - Mend

@kawanua/license-sdk 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,15 @@
+ISC License
+Copyright (c) 2026, [Kawanua Indo Digital]
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,83 @@
+# @kawanua/license-sdk
+SDK resmi untuk klien yang menggunakan sistem lisensi Kawanua. SDK ini menyediakan metode verifikasi lisensi berbasis JWT (RS256) di sisi klien dengan fitur auto-branding dan kontrol akses fitur yang dinamis.
+## Fitur Utama
+- **Verifikasi Aman:** Memverifikasi token JWT lisensi menggunakan RS256.
+- **Dukungan Multi-Environment:** Mendukung browser (via `<script>`), CommonJS, dan ESM.
+- **Kontrol Fitur:** Mendukung limitasi fitur berdasarkan plan (Starter, Professional, Enterprise).
+- **Auto-Branding:** Secara otomatis menyuntikkan atau menyembunyikan elemen "Powered by Kawanua" sesuai ketentuan lisensi.
+- **Auto-Refresh:** Mekanisme pembaruan token otomatis sebelum masa berlaku habis.
+## Instalasi
+### via CDN (Browser)
+Tambahkan script berikut sebelum tag `</body>`:
+```html
+<script src="https://cdn.kawanua.id/sdk/license.min.js"></script>
+```
+### via NPM
+```bash
+npm install @kawanua/license-sdk
+```
+## Penggunaan
+### Inisialisasi
+```javascript
+import { KawanuaLicense } from '@kawanua/license-sdk';
+KawanuaLicense.init({
+  token: 'YOUR_JWT_TOKEN',
+  onRefresh: async () => {
+    // Implementasi untuk fetch token baru dari server kamu
+    const res = await fetch('/api/license/refresh');
+    const { token } = await res.json();
+    return token;
+  },
+  onReady: (state) => {
+    console.log('Lisensi aktif, plan:', state.plan);
+  },
+  onError: (err) => {
+    console.error('Inisialisasi gagal:', err.message);
+  }
+});
+```
+### Mengecek Akses Fitur
+Setelah inisialisasi berhasil, kamu bisa mengecek apakah sebuah fitur diperbolehkan:
+```javascript
+// Mengecek boolean
+if (KawanuaLicense.can('api_access')) {
+  // Tampilkan fitur API
+}
+// Mendapatkan nilai (misal: limit jumlah user)
+const maxUsers = KawanuaLicense.get('max_users');
+```
+## Referensi Plan
+SDK secara otomatis mengatur batasan fitur berdasarkan plan:
+| Fitur | Starter | Professional | Enterprise |
+| :--- | :---: | :---: | :---: |
+| **Remove Branding** | ❌ | ✅ | ✅ |
+| **Custom Domain** | ❌ | ❌ | ✅ |
+| **API Access** | ❌ | ✅ | ✅ |
+| **Max Users** | 5 | 50 | ∞ |
+## Lisensi
+ISC
+---
+*Dibuat oleh [Kawanua Indo Digital](https://labs.kawanua.co)*

package/index.js CHANGED Viewed

@@ -29,22 +29,10 @@
   // ─── Konstanta ──────────────────────────────────────────────────
-  /**
-   * Public key RS256 dari server lisensi Kawanua.
-   * Klien hanya bisa VERIFY — tidak bisa forge token baru.
-   * Ganti dengan public key aktual setelah generate keypair di server.
-   */
-  const KAWANUA_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a2rwplBQLzHPZe5TNJF
-... (ganti dengan public key RS256 aktual dari server kamu) ...
------END PUBLIC KEY-----`;
-  /**
-   * URL endpoint JWKS publik — alternatif lebih dinamis dari hardcode PEM.
-   * SDK akan fetch public key dari sini jika PEM tidak di-set.
-   * Endpoint ini harus tersedia di server Kawanua.
-   */
-  const JWKS_URL = "https://lisensi.kawanua.workers.dev/.well-known/jwks.json";
+  // Public key RS256 dari server lisensi Kawanua (Base64-encoded PEM).
+  // Klien hanya bisa VERIFY — tidak bisa forge token baru.
+  const KAWANUA_PUBLIC_KEY_B64 =
+    "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEzTFgrbDdKbS9VQ25nZ1VmcVhXMAoxazN2M2FYR0RRdEF3Z2NyeVFad1lUY2x5SzdQdFdxMG10ejArUDRyTW0veFBhdmlaQlRaYUt4aVdScWVTQUhUCk4wVDdVSFRSbnJjaElwY1JaeExiTXlzWHJ6eS9NcjZ3cTF1aW5FUjJ1TGNjRE9Hc2swR0Q4QU1TWU54Q1NsZ24KcFREN200R0g0TE1DTzNPU2dXYm9Ua0VWdkp2TXN5ckZ2TTlTT2N1UG9NTmJyTGk2SDVnOTR2OU9UWkRvTzhZeQo0RXUwQjRaM3luVS9iRzY2TFZmWGNTYlNBaGU4TWZ6NDZ2UUxzMXJJNUpqZElhajAxWDdsamw1cWdWcklCRHhkCjhneXUxK1FZcXZjYTdzaTRUVkZzOTlYV0xlUVpBWWh2UC9kT3gvdWxvNE1CL1doQU9NRWNwai9kaGVHYk5ieTcKZ3dJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=="; // <- isi dengan base64(PUBLIC_KEY_PEM)
   /** Feature map per plan — single source of truth */
   const PLAN_FEATURES = {
@@ -112,15 +100,17 @@ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a2rwplBQLzHPZe5TNJF
   }
   /**
-   * Import public key RS256 dari PEM string ke CryptoKey.
-   * Menggunakan Web Crypto API (tersedia di semua browser modern).
+   * Import public key RS256 dari base64-encoded PEM ke CryptoKey.
    */
-  async function _importPublicKey(pem) {
+  async function _importPublicKey(b64) {
+    const pem = atob(b64);
     const pemBody = pem
       .replace(/-----BEGIN PUBLIC KEY-----/, "")
       .replace(/-----END PUBLIC KEY-----/, "")
       .replace(/\s+/g, "");
     const der = Uint8Array.from(atob(pemBody), (c) => c.charCodeAt(0));
     return crypto.subtle.importKey(
       "spki",
       der.buffer,
@@ -130,24 +120,6 @@ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a2rwplBQLzHPZe5TNJF
     );
   }
-  /**
-   * Fetch public key dari JWKS endpoint.
-   * Fallback jika PEM belum di-hardcode (mode dinamis).
-   */
-  async function _fetchPublicKeyFromJWKS(kid) {
-    const res = await fetch(JWKS_URL, { cache: "force-cache" });
-    const jwks = await res.json();
-    const jwk = kid ? jwks.keys.find((k) => k.kid === kid) : jwks.keys[0];
-    if (!jwk) throw new Error("No matching key found in JWKS");
-    return crypto.subtle.importKey(
-      "jwk",
-      jwk,
-      { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" },
-      false,
-      ["verify"],
-    );
-  }
   /**
    * Verifikasi signature JWT dengan RS256.
    * Returns true jika valid, false jika tidak.
@@ -197,14 +169,14 @@ MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2a2rwplBQLzHPZe5TNJF
       );
     }
-    // Import public key (prioritas: hardcode PEM → JWKS endpoint)
-    let publicKey;
-    const hasPem = KAWANUA_PUBLIC_KEY_PEM.includes("..."); // placeholder check
-    if (!hasPem) {
-      publicKey = await _importPublicKey(KAWANUA_PUBLIC_KEY_PEM);
-    } else {
-      publicKey = await _fetchPublicKeyFromJWKS(header.kid);
+    // Fail-fast jika public key belum dikonfigurasi.
+    if (!KAWANUA_PUBLIC_KEY_B64) {
+      throw new Error(
+        "[KawanuaLicense] KAWANUA_PUBLIC_KEY_B64 belum dikonfigurasi. " +
+          "Hubungi Kawanua untuk mendapatkan public key SDK kamu.",
+      );
     }
+    const publicKey = await _importPublicKey(KAWANUA_PUBLIC_KEY_B64);
     // Verify signature
     const isValid = await _verifySignature(token, publicKey);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kawanua/license-sdk",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Drop-in SDK untuk klien yang menggunakan lisensi Kawanua.",
   "keywords": [
     "kawanua",