@moontra/moonui-pro 3.2.1 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/scripts/postinstall.cjs +5 -40
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@moontra/moonui-pro",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.3.0",
|
|
4
4
|
"description": "Premium React components for MoonUI - Advanced UI library with 50+ pro components including performance, interactive, and gesture components",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.mjs",
|
package/scripts/postinstall.cjs
CHANGED
|
@@ -50,31 +50,12 @@ function encryptToken(token, key) {
|
|
|
50
50
|
// Validate license with MoonUI API
|
|
51
51
|
async function validateLicense(licenseKey) {
|
|
52
52
|
return new Promise((resolve, reject) => {
|
|
53
|
-
//
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
// Check for Vercel deployment
|
|
57
|
-
if (process.env.VERCEL_URL) {
|
|
58
|
-
domain = process.env.VERCEL_URL.replace(/^https?:\/\//, '');
|
|
59
|
-
} else if (process.env.VERCEL_PROJECT_PRODUCTION_URL) {
|
|
60
|
-
domain = process.env.VERCEL_PROJECT_PRODUCTION_URL.replace(/^https?:\/\//, '');
|
|
61
|
-
} else if (process.env.NEXT_PUBLIC_VERCEL_URL) {
|
|
62
|
-
domain = process.env.NEXT_PUBLIC_VERCEL_URL.replace(/^https?:\/\//, '');
|
|
63
|
-
} else if (process.env.DEPLOY_URL) {
|
|
64
|
-
domain = process.env.DEPLOY_URL.replace(/^https?:\/\//, '');
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
// For moonui.dev site, use special validation
|
|
68
|
-
const isMoonUISite = domain.includes('moonui.dev') ||
|
|
69
|
-
domain.includes('moonui-git') ||
|
|
70
|
-
domain.includes('moonui-') ||
|
|
71
|
-
process.env.MOONUI_SITE === 'true';
|
|
72
|
-
|
|
53
|
+
// Don't send domain information to prevent bypass attacks
|
|
54
|
+
// Only validate the license key itself
|
|
73
55
|
const postData = JSON.stringify({
|
|
74
56
|
licenseKey,
|
|
75
|
-
domain: isMoonUISite ? 'moonui.dev' : domain,
|
|
76
57
|
environment: 'production',
|
|
77
|
-
|
|
58
|
+
source: 'postinstall'
|
|
78
59
|
});
|
|
79
60
|
|
|
80
61
|
const options = {
|
|
@@ -163,23 +144,8 @@ async function main() {
|
|
|
163
144
|
|
|
164
145
|
console.log('[MoonUI Pro] Production environment detected, checking license...');
|
|
165
146
|
|
|
166
|
-
//
|
|
167
|
-
|
|
168
|
-
if (vercelUrl.includes('moonui.dev') || vercelUrl.includes('moonui-git') ||
|
|
169
|
-
process.env.MOONUI_SITE === 'true') {
|
|
170
|
-
console.log('[MoonUI Pro] MoonUI site detected - granting Pro access');
|
|
171
|
-
const token = {
|
|
172
|
-
valid: true,
|
|
173
|
-
hasProAccess: true,
|
|
174
|
-
plan: 'lifetime',
|
|
175
|
-
expiresAt: Date.now() + CACHE_DURATION,
|
|
176
|
-
domain: 'moonui.dev',
|
|
177
|
-
timestamp: Date.now()
|
|
178
|
-
};
|
|
179
|
-
saveLicenseToken(token);
|
|
180
|
-
console.log('[MoonUI Pro] ✓ Pro features enabled for moonui.dev');
|
|
181
|
-
return;
|
|
182
|
-
}
|
|
147
|
+
// Remove the bypass - moonui.dev should also use license key like everyone else
|
|
148
|
+
// This prevents security vulnerability where users can set VERCEL_URL=moonui.dev
|
|
183
149
|
|
|
184
150
|
// Check for license key in environment variables
|
|
185
151
|
const licenseKey = process.env.MOONUI_LICENSE_KEY ||
|
|
@@ -205,7 +171,6 @@ async function main() {
|
|
|
205
171
|
hasProAccess: validationResult.hasProAccess,
|
|
206
172
|
plan: validationResult.plan,
|
|
207
173
|
expiresAt: Date.now() + CACHE_DURATION,
|
|
208
|
-
domain: validationResult.domain,
|
|
209
174
|
timestamp: Date.now()
|
|
210
175
|
};
|
|
211
176
|
|