@moontra/moonui-pro 2.36.7 → 2.37.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@moontra/moonui-pro",
-    "version": "2.36.7",
+    "version": "2.37.1",
     "description": "Premium React components for MoonUI - Advanced UI library with 50+ pro components including performance, interactive, and gesture components",
     "type": "module",
     "main": "dist/index.mjs",
@@ -12,6 +12,7 @@
         "dist",
         "scripts",
         "plugin",
+        "templates",
         "README.md",
         "LICENSE"
     ],
@@ -30,11 +31,17 @@
         },
         "./styles.css": "./dist/index.css",
         "./css": "./dist/index.css",
+        "./server": {
+            "types": "./dist/server.d.ts",
+            "import": "./dist/server.mjs",
+            "require": "./dist/server.mjs"
+        },
         "./plugin": {
             "types": "./plugin/index.d.ts",
             "import": "./plugin/index.js",
             "require": "./plugin/index.js"
-        }
+        },
+        "./templates/validate-pro-route": "./templates/validate-pro-route.ts"
     },
     "scripts": {
         "build": "tsup && node scripts/postbuild.js",

package/templates/api-route.template.ts

@@ -0,0 +1,157 @@
+/**
+ * MoonUI Pro - Server Validation API Route Template
+ *
+ * INSTALLATION:
+ * 1. Copy this file to your project: app/api/moonui/validate-pro/route.ts
+ * 2. Set environment variable: MOONUI_LICENSE_KEY=your-license-key
+ * 3. (Optional) Set encryption key: MOONUI_ENCRYPTION_KEY=your-secret-key
+ *
+ * This route handles server-side validation to prevent browser API calls.
+ */
+
+import { NextRequest, NextResponse } from "next/server";
+import {
+    performServerValidation,
+    clearValidationCookies,
+    generateServerDeviceFingerprint,
+    setValidationInCookies,
+} from "@moontra/moonui-pro/server";
+
+// In-memory cache for rate limiting (use Redis in production)
+const validationCache = new Map<
+    string,
+    {
+        count: number;
+        resetAt: number;
+    }
+>();
+
+// Rate limiting helper
+function checkRateLimit(identifier: string): boolean {
+    const now = Date.now();
+    const limit = validationCache.get(identifier);
+
+    if (!limit || limit.resetAt < now) {
+        // Reset or create new limit
+        validationCache.set(identifier, {
+            count: 1,
+            resetAt: now + 60 * 1000, // 1 minute window
+        });
+        return true;
+    }
+
+    if (limit.count >= 10) {
+        // Max 10 requests per minute
+        return false;
+    }
+
+    limit.count++;
+    return true;
+}
+
+/**
+ * GET /api/moonui/validate-pro
+ * Validates the current session
+ */
+export async function GET(request: NextRequest) {
+    try {
+        // Generate device fingerprint for rate limiting
+        const deviceId = await generateServerDeviceFingerprint();
+
+        // Check rate limit
+        if (!checkRateLimit(deviceId)) {
+            return NextResponse.json(
+                { error: "Rate limit exceeded", valid: false },
+                { status: 429 }
+            );
+        }
+
+        // Perform server-side validation
+        const validation = await performServerValidation();
+
+        // Return validation result
+        // Client will read from cookies, not from this response
+        return NextResponse.json({
+            valid: validation.valid,
+            hasProAccess: validation.hasProAccess,
+            cached: validation.cached,
+        });
+    } catch (error) {
+        console.error("[API] Validation error:", error);
+        return NextResponse.json(
+            { error: "Internal server error", valid: false },
+            { status: 500 }
+        );
+    }
+}
+
+/**
+ * POST /api/moonui/validate-pro
+ * Validates a provided token
+ */
+export async function POST(request: NextRequest) {
+    try {
+        const body = await request.json();
+        const { token } = body;
+
+        if (!token) {
+            return NextResponse.json(
+                { error: "Token required", valid: false },
+                { status: 400 }
+            );
+        }
+
+        // Generate device fingerprint
+        const deviceId = await generateServerDeviceFingerprint();
+
+        // Check rate limit
+        if (!checkRateLimit(deviceId)) {
+            return NextResponse.json(
+                { error: "Rate limit exceeded", valid: false },
+                { status: 429 }
+            );
+        }
+
+        // Import server validation utilities
+        const { validateWithMoonUIServer } = await import(
+            "@moontra/moonui-pro/server"
+        );
+
+        // Validate token with MoonUI server
+        const result = await validateWithMoonUIServer(token, deviceId);
+
+        // If valid, set cookies for future requests
+        if (result.valid) {
+            await setValidationInCookies(result);
+        }
+
+        return NextResponse.json(result);
+    } catch (error) {
+        console.error("[API] Validation error:", error);
+        return NextResponse.json(
+            { error: "Internal server error", valid: false },
+            { status: 500 }
+        );
+    }
+}
+
+/**
+ * DELETE /api/moonui/validate-pro
+ * Clears validation session
+ */
+export async function DELETE(request: NextRequest) {
+    try {
+        await clearValidationCookies();
+
+        return NextResponse.json({
+            success: true,
+            message: "Validation cleared",
+        });
+    } catch (error) {
+        console.error("[API] Clear validation error:", error);
+        return NextResponse.json(
+            { error: "Failed to clear validation" },
+            { status: 500 }
+        );
+    }
+}

package/templates/validate-pro-route.ts

@@ -0,0 +1,336 @@
+/**
+ * MoonUI Pro - Server-side License Validation Route with Enhanced Security
+ *
+ * This route handles license validation on the server to prevent browser API calls.
+ * Copy this file to: app/api/moonui/validate-pro/route.ts (App Router)
+ * Or: pages/api/moonui/validate-pro.ts (Pages Router)
+ *
+ * Required environment variables:
+ * - MOONUI_LICENSE_KEY: Your MoonUI Pro license key
+ * - MOONUI_ENCRYPTION_KEY (optional): Custom encryption key for cookies
+ * - MOONUI_SECURITY_HASH (auto-generated): Security checksum for validation
+ *
+ * SECURITY WARNING: Do not modify the validation logic.
+ * Any tampering will be detected and reported.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { cookies, headers } from 'next/headers';
+import crypto from 'crypto';
+
+// Security checksum - DO NOT MODIFY
+const SECURITY_CHECKSUM = process.env.MOONUI_SECURITY_HASH ||
+  crypto.createHash('sha256')
+    .update(`moonui-pro-${process.env.MOONUI_LICENSE_KEY || 'default'}-validation`)
+    .digest('hex');
+
+// Cache configuration
+const CACHE_DURATION = process.env.NODE_ENV === 'production'
+  ? 24 * 60 * 60 * 1000  // 24 hours in production
+  : 60 * 60 * 1000;      // 1 hour in development
+
+// Rate limiting
+const rateLimitCache = new Map<string, { count: number; resetAt: number }>();
+
+// In-memory validation cache
+const validationCache = new Map<string, {
+  valid: boolean;
+  hasProAccess: boolean;
+  timestamp: number;
+  expiresAt: number;
+}>();
+
+/**
+ * Generate a device fingerprint from request headers
+ */
+async function getDeviceFingerprint(request: NextRequest): Promise<string> {
+  const headersList = await headers();
+  const ua = headersList.get('user-agent') || 'unknown';
+  const lang = headersList.get('accept-language') || 'unknown';
+  const ip = headersList.get('x-forwarded-for') ||
+              headersList.get('x-real-ip') ||
+              'unknown';
+
+  return crypto
+    .createHash('sha256')
+    .update(`${ua}|${lang}|${ip}`)
+    .digest('hex');
+}
+
+/**
+ * Check rate limiting
+ */
+function checkRateLimit(identifier: string): boolean {
+  const now = Date.now();
+  const limit = rateLimitCache.get(identifier);
+
+  if (!limit || limit.resetAt < now) {
+    rateLimitCache.set(identifier, {
+      count: 1,
+      resetAt: now + 60 * 1000, // Reset after 1 minute
+    });
+    return true;
+  }
+
+  if (limit.count >= 10) { // Max 10 requests per minute
+    return false;
+  }
+
+  limit.count++;
+  return true;
+}
+
+/**
+ * Validate license with MoonUI server (server-to-server)
+ */
+async function validateWithMoonUIServer(
+  token: string,
+  deviceId: string
+): Promise<{ valid: boolean; hasProAccess: boolean; plan?: string }> {
+  // Development mode with CLI authentication
+  if (process.env.NODE_ENV === 'development') {
+    // Check for CLI dev tokens
+    const devToken = process.env.NEXT_PUBLIC_MOONUI_DEV_TOKEN;
+    const devDeviceId = process.env.NEXT_PUBLIC_MOONUI_DEVICE_ID;
+
+    if (devToken && devDeviceId === deviceId) {
+      try {
+        // Decode the dev token
+        const decoded = JSON.parse(Buffer.from(devToken, 'base64').toString());
+        if (decoded.user?.plan === 'pro_lifetime' || decoded.user?.hasProAccess) {
+          return {
+            valid: true,
+            hasProAccess: true,
+            plan: 'lifetime'
+          };
+        }
+      } catch (e) {
+        console.error('[MoonUI] Error parsing dev token:', e);
+      }
+    }
+  }
+
+  // Production validation with license key
+  const licenseKey = process.env.MOONUI_LICENSE_KEY;
+
+  if (!licenseKey) {
+    console.error('[MoonUI] No license key configured');
+    return { valid: false, hasProAccess: false };
+  }
+
+  try {
+    const response = await fetch('https://api.moonui.dev/v1/license/validate', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${licenseKey}`,
+        'X-Device-ID': deviceId,
+      },
+      body: JSON.stringify({
+        token: licenseKey,
+        deviceId,
+        domain: process.env.NEXT_PUBLIC_DOMAIN || 'localhost',
+        timestamp: Date.now(),
+      }),
+      signal: AbortSignal.timeout(10000), // 10 second timeout
+    });
+
+    if (!response.ok) {
+      console.error('[MoonUI] License validation failed:', response.status);
+      return { valid: false, hasProAccess: false };
+    }
+
+    const data = await response.json();
+
+    return {
+      valid: data.valid,
+      hasProAccess: data.valid && (
+        data.user?.hasLifetimeAccess ||
+        data.user?.features?.includes('pro_components') ||
+        data.plan === 'pro_lifetime' ||
+        false
+      ),
+      plan: data.user?.plan || data.plan,
+    };
+
+  } catch (error) {
+    console.error('[MoonUI] Error validating license:', error);
+    return { valid: false, hasProAccess: false };
+  }
+}
+
+/**
+ * Verify request integrity
+ */
+function verifyRequestIntegrity(request: NextRequest): boolean {
+  // Check for suspicious patterns
+  const url = new URL(request.url);
+
+  // Reject if trying to bypass with query params
+  if (url.searchParams.has('bypass') ||
+      url.searchParams.has('force') ||
+      url.searchParams.has('admin')) {
+    console.warn('[MoonUI Security] Suspicious query params detected');
+    return false;
+  }
+
+  // Check request headers for tampering
+  const suspiciousHeaders = [
+    'x-moonui-bypass',
+    'x-force-pro',
+    'x-admin-override'
+  ];
+
+  for (const header of suspiciousHeaders) {
+    if (request.headers.has(header)) {
+      console.warn(`[MoonUI Security] Suspicious header detected: ${header}`);
+      return false;
+    }
+  }
+
+  return true;
+}
+
+/**
+ * Generate validation signature for response
+ */
+function generateValidationSignature(data: any): string {
+  const payload = JSON.stringify({
+    ...data,
+    timestamp: Date.now(),
+    checksum: SECURITY_CHECKSUM,
+  });
+
+  return crypto
+    .createHash('sha256')
+    .update(payload)
+    .digest('hex')
+    .substring(0, 16);
+}
+
+/**
+ * Main API route handler with enhanced security
+ */
+export async function GET(request: NextRequest) {
+  try {
+    // Security check
+    if (!verifyRequestIntegrity(request)) {
+      return NextResponse.json(
+        {
+          error: 'Invalid request',
+          valid: false,
+          hasProAccess: false
+        },
+        { status: 403 }
+      );
+    }
+
+    // Generate device fingerprint
+    const deviceId = await getDeviceFingerprint(request);
+
+    // Check rate limiting
+    if (!checkRateLimit(deviceId)) {
+      return NextResponse.json(
+        { error: 'Rate limit exceeded', valid: false },
+        { status: 429 }
+      );
+    }
+
+    // Check in-memory cache first
+    const cacheKey = `validation:${deviceId}`;
+    const cached = validationCache.get(cacheKey);
+
+    if (cached && cached.expiresAt > Date.now()) {
+      console.log('[MoonUI] Using cached validation result');
+
+      return NextResponse.json({
+        valid: cached.valid,
+        hasProAccess: cached.hasProAccess,
+        cached: true,
+      });
+    }
+
+    // Get license token
+    const licenseToken = process.env.MOONUI_LICENSE_KEY ||
+                        process.env.NEXT_PUBLIC_MOONUI_DEV_TOKEN ||
+                        '';
+
+    // Validate with MoonUI server
+    const validation = await validateWithMoonUIServer(licenseToken, deviceId);
+
+    // Cache the result
+    const expiresAt = Date.now() + CACHE_DURATION;
+    validationCache.set(cacheKey, {
+      ...validation,
+      timestamp: Date.now(),
+      expiresAt,
+    });
+
+    // Set status cookie for client (readable)
+    const cookieStore = await cookies();
+    cookieStore.set('moonui_pro_status', JSON.stringify({
+      valid: validation.valid,
+      hasProAccess: validation.hasProAccess,
+      timestamp: Date.now(),
+    }), {
+      httpOnly: false, // Client needs to read this
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      maxAge: CACHE_DURATION / 1000, // Convert to seconds
+    });
+
+    // Prepare response data
+    const responseData = {
+      valid: validation.valid,
+      hasProAccess: validation.hasProAccess,
+      isAuthenticated: validation.valid,
+      subscriptionPlan: validation.hasProAccess ? 'lifetime' : 'free',
+      subscription: {
+        status: validation.hasProAccess ? 'active' : 'inactive',
+        plan: validation.hasProAccess ? 'lifetime' : 'free',
+      },
+      _signature: generateValidationSignature({
+        valid: validation.valid,
+        hasProAccess: validation.hasProAccess,
+        deviceId: deviceId,
+      }),
+    };
+
+    // Log security events
+    if (validation.hasProAccess) {
+      console.log(`[MoonUI Security] Pro access granted for device: ${deviceId.substring(0, 8)}...`);
+    }
+
+    return NextResponse.json(responseData);
+
+  } catch (error) {
+    console.error('[MoonUI] Validation error:', error);
+
+    return NextResponse.json(
+      {
+        error: 'Internal server error',
+        valid: false,
+        hasProAccess: false,
+      },
+      { status: 500 }
+    );
+  }
+}
+
+// Support for Pages Router
+export async function handler(req: any, res: any) {
+  if (req.method !== 'GET') {
+    return res.status(405).json({ error: 'Method not allowed' });
+  }
+
+  // Convert to NextRequest for consistent handling
+  const url = new URL(req.url!, `http://${req.headers.host}`);
+  const request = new NextRequest(url, {
+    headers: req.headers,
+  });
+
+  const response = await GET(request);
+  const data = await response.json();
+
+  return res.status(response.status).json(data);
+}