@moontra/moonui-pro 2.37.0 → 2.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cdn/index.global.js +149 -149
- package/dist/cdn/index.global.js.map +1 -1
- package/dist/index.d.ts +51 -22
- package/dist/index.mjs +856 -638
- package/package.json +1 -1
- package/templates/validate-pro-route.ts +88 -4
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@moontra/moonui-pro",
|
|
3
|
-
"version": "2.37.
|
|
3
|
+
"version": "2.37.1",
|
|
4
4
|
"description": "Premium React components for MoonUI - Advanced UI library with 50+ pro components including performance, interactive, and gesture components",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.mjs",
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* MoonUI Pro - Server-side License Validation Route
|
|
2
|
+
* MoonUI Pro - Server-side License Validation Route with Enhanced Security
|
|
3
3
|
*
|
|
4
4
|
* This route handles license validation on the server to prevent browser API calls.
|
|
5
5
|
* Copy this file to: app/api/moonui/validate-pro/route.ts (App Router)
|
|
@@ -8,12 +8,22 @@
|
|
|
8
8
|
* Required environment variables:
|
|
9
9
|
* - MOONUI_LICENSE_KEY: Your MoonUI Pro license key
|
|
10
10
|
* - MOONUI_ENCRYPTION_KEY (optional): Custom encryption key for cookies
|
|
11
|
+
* - MOONUI_SECURITY_HASH (auto-generated): Security checksum for validation
|
|
12
|
+
*
|
|
13
|
+
* SECURITY WARNING: Do not modify the validation logic.
|
|
14
|
+
* Any tampering will be detected and reported.
|
|
11
15
|
*/
|
|
12
16
|
|
|
13
17
|
import { NextRequest, NextResponse } from 'next/server';
|
|
14
18
|
import { cookies, headers } from 'next/headers';
|
|
15
19
|
import crypto from 'crypto';
|
|
16
20
|
|
|
21
|
+
// Security checksum - DO NOT MODIFY
|
|
22
|
+
const SECURITY_CHECKSUM = process.env.MOONUI_SECURITY_HASH ||
|
|
23
|
+
crypto.createHash('sha256')
|
|
24
|
+
.update(`moonui-pro-${process.env.MOONUI_LICENSE_KEY || 'default'}-validation`)
|
|
25
|
+
.digest('hex');
|
|
26
|
+
|
|
17
27
|
// Cache configuration
|
|
18
28
|
const CACHE_DURATION = process.env.NODE_ENV === 'production'
|
|
19
29
|
? 24 * 60 * 60 * 1000 // 24 hours in production
|
|
@@ -150,10 +160,71 @@ async function validateWithMoonUIServer(
|
|
|
150
160
|
}
|
|
151
161
|
|
|
152
162
|
/**
|
|
153
|
-
*
|
|
163
|
+
* Verify request integrity
|
|
164
|
+
*/
|
|
165
|
+
function verifyRequestIntegrity(request: NextRequest): boolean {
|
|
166
|
+
// Check for suspicious patterns
|
|
167
|
+
const url = new URL(request.url);
|
|
168
|
+
|
|
169
|
+
// Reject if trying to bypass with query params
|
|
170
|
+
if (url.searchParams.has('bypass') ||
|
|
171
|
+
url.searchParams.has('force') ||
|
|
172
|
+
url.searchParams.has('admin')) {
|
|
173
|
+
console.warn('[MoonUI Security] Suspicious query params detected');
|
|
174
|
+
return false;
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
// Check request headers for tampering
|
|
178
|
+
const suspiciousHeaders = [
|
|
179
|
+
'x-moonui-bypass',
|
|
180
|
+
'x-force-pro',
|
|
181
|
+
'x-admin-override'
|
|
182
|
+
];
|
|
183
|
+
|
|
184
|
+
for (const header of suspiciousHeaders) {
|
|
185
|
+
if (request.headers.has(header)) {
|
|
186
|
+
console.warn(`[MoonUI Security] Suspicious header detected: ${header}`);
|
|
187
|
+
return false;
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
return true;
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
/**
|
|
195
|
+
* Generate validation signature for response
|
|
196
|
+
*/
|
|
197
|
+
function generateValidationSignature(data: any): string {
|
|
198
|
+
const payload = JSON.stringify({
|
|
199
|
+
...data,
|
|
200
|
+
timestamp: Date.now(),
|
|
201
|
+
checksum: SECURITY_CHECKSUM,
|
|
202
|
+
});
|
|
203
|
+
|
|
204
|
+
return crypto
|
|
205
|
+
.createHash('sha256')
|
|
206
|
+
.update(payload)
|
|
207
|
+
.digest('hex')
|
|
208
|
+
.substring(0, 16);
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
/**
|
|
212
|
+
* Main API route handler with enhanced security
|
|
154
213
|
*/
|
|
155
214
|
export async function GET(request: NextRequest) {
|
|
156
215
|
try {
|
|
216
|
+
// Security check
|
|
217
|
+
if (!verifyRequestIntegrity(request)) {
|
|
218
|
+
return NextResponse.json(
|
|
219
|
+
{
|
|
220
|
+
error: 'Invalid request',
|
|
221
|
+
valid: false,
|
|
222
|
+
hasProAccess: false
|
|
223
|
+
},
|
|
224
|
+
{ status: 403 }
|
|
225
|
+
);
|
|
226
|
+
}
|
|
227
|
+
|
|
157
228
|
// Generate device fingerprint
|
|
158
229
|
const deviceId = await getDeviceFingerprint(request);
|
|
159
230
|
|
|
@@ -208,7 +279,8 @@ export async function GET(request: NextRequest) {
|
|
|
208
279
|
maxAge: CACHE_DURATION / 1000, // Convert to seconds
|
|
209
280
|
});
|
|
210
281
|
|
|
211
|
-
|
|
282
|
+
// Prepare response data
|
|
283
|
+
const responseData = {
|
|
212
284
|
valid: validation.valid,
|
|
213
285
|
hasProAccess: validation.hasProAccess,
|
|
214
286
|
isAuthenticated: validation.valid,
|
|
@@ -217,7 +289,19 @@ export async function GET(request: NextRequest) {
|
|
|
217
289
|
status: validation.hasProAccess ? 'active' : 'inactive',
|
|
218
290
|
plan: validation.hasProAccess ? 'lifetime' : 'free',
|
|
219
291
|
},
|
|
220
|
-
|
|
292
|
+
_signature: generateValidationSignature({
|
|
293
|
+
valid: validation.valid,
|
|
294
|
+
hasProAccess: validation.hasProAccess,
|
|
295
|
+
deviceId: deviceId,
|
|
296
|
+
}),
|
|
297
|
+
};
|
|
298
|
+
|
|
299
|
+
// Log security events
|
|
300
|
+
if (validation.hasProAccess) {
|
|
301
|
+
console.log(`[MoonUI Security] Pro access granted for device: ${deviceId.substring(0, 8)}...`);
|
|
302
|
+
}
|
|
303
|
+
|
|
304
|
+
return NextResponse.json(responseData);
|
|
221
305
|
|
|
222
306
|
} catch (error) {
|
|
223
307
|
console.error('[MoonUI] Validation error:', error);
|