@nietzsci/clavis 0.1.0

package/dist/index.js

@@ -0,0 +1,662 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  Clavis: () => Clavis,
+  ClavisError: () => ClavisError,
+  ErrorCodes: () => ErrorCodes,
+  FileStorage: () => FileStorage,
+  default: () => index_default,
+  getDeviceInfo: () => getDeviceInfo,
+  getMachineCode: () => getMachineCode,
+  hashIdentity: () => hashIdentity,
+  signRequest: () => signRequest,
+  verifyOfflineToken: () => verifyOfflineToken
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/errors.ts
+var ClavisError = class extends Error {
+  constructor(code, message) {
+    super(message);
+    this.name = "ClavisError";
+    this.code = code;
+  }
+};
+var ErrorCodes = {
+  // 网络
+  NETWORK_ERROR: "NETWORK_ERROR",
+  API_ERROR: "API_ERROR",
+  // 签名
+  INVALID_SIGNATURE: "INVALID_SIGNATURE",
+  MISSING_AUTH_HEADERS: "MISSING_AUTH_HEADERS",
+  TIMESTAMP_EXPIRED: "TIMESTAMP_EXPIRED",
+  // 授权码
+  LICENSE_NOT_FOUND: "LICENSE_NOT_FOUND",
+  LICENSE_EXPIRED: "LICENSE_EXPIRED",
+  LICENSE_REVOKED: "LICENSE_REVOKED",
+  ACTIVATION_LIMIT: "ACTIVATION_LIMIT",
+  ACTIVATION_NOT_FOUND: "ACTIVATION_NOT_FOUND",
+  // 离线验证
+  NO_CACHED_TOKEN: "NO_CACHED_TOKEN",
+  TOKEN_SIGNATURE_INVALID: "TOKEN_SIGNATURE_INVALID",
+  TOKEN_EXPIRED: "TOKEN_EXPIRED",
+  TOKEN_GRACE_EXPIRED: "TOKEN_GRACE_EXPIRED",
+  IDENTITY_MISMATCH: "IDENTITY_MISMATCH",
+  CLOCK_DRIFT_DETECTED: "CLOCK_DRIFT_DETECTED",
+  // 配置
+  MISSING_CONFIG: "MISSING_CONFIG",
+  INVALID_CONFIG: "INVALID_CONFIG"
+};
+
+// src/crypto.ts
+var import_tweetnacl = __toESM(require("tweetnacl"));
+var import_tweetnacl_util = require("tweetnacl-util");
+function fromBase64Url(b64url) {
+  let b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+  while (b64.length % 4 !== 0) b64 += "=";
+  return b64;
+}
+function verifyOfflineToken(token, publicKeyBase64) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 2) return null;
+    const [payloadBase64Url, signatureBase64Url] = parts;
+    const payloadB64 = fromBase64Url(payloadBase64Url);
+    const payloadBytes = Uint8Array.from(
+      atob(payloadB64),
+      (c) => c.charCodeAt(0)
+    );
+    const payloadJson = new TextDecoder().decode(payloadBytes);
+    const signatureB64 = fromBase64Url(signatureBase64Url);
+    const signatureBytes = (0, import_tweetnacl_util.decodeBase64)(signatureB64);
+    const publicKeyBytes = (0, import_tweetnacl_util.decodeBase64)(publicKeyBase64);
+    const messageBytes = new TextEncoder().encode(payloadJson);
+    const signedMessage = new Uint8Array(
+      signatureBytes.length + messageBytes.length
+    );
+    signedMessage.set(signatureBytes);
+    signedMessage.set(messageBytes, signatureBytes.length);
+    const verified = import_tweetnacl.default.sign.open(signedMessage, publicKeyBytes);
+    if (!verified) return null;
+    return JSON.parse(payloadJson);
+  } catch {
+    return null;
+  }
+}
+
+// src/hmac.ts
+var import_crypto = __toESM(require("crypto"));
+function signRequest(params) {
+  const timestamp = Math.floor(Date.now() / 1e3).toString();
+  const nonce = import_crypto.default.randomUUID();
+  const bodyHash = import_crypto.default.createHash("sha256").update(params.body || "").digest("hex");
+  const stringToSign = `${params.method.toUpperCase()}
+${params.path}
+${timestamp}
+${nonce}
+${bodyHash}`;
+  const signature = import_crypto.default.createHmac("sha256", params.appSecret).update(stringToSign).digest("hex");
+  return {
+    "x-app-id": params.appId,
+    "x-timestamp": timestamp,
+    "x-nonce": nonce,
+    "x-signature": signature
+  };
+}
+function hashIdentity(identity, appSecret) {
+  return import_crypto.default.createHmac("sha256", appSecret).update(identity).digest("hex");
+}
+
+// src/fingerprint.ts
+var import_crypto2 = __toESM(require("crypto"));
+var import_os = __toESM(require("os"));
+function getMachineCode(appSecret) {
+  const cpus = import_os.default.cpus();
+  const data = [
+    import_os.default.hostname(),
+    import_os.default.platform(),
+    import_os.default.arch(),
+    cpus[0]?.model || "",
+    cpus.length.toString(),
+    import_os.default.totalmem().toString()
+  ].join("|");
+  const key = appSecret || "clavis-default-key";
+  const hash = import_crypto2.default.createHmac("sha256", key).update(data).digest("hex");
+  return `MC-${hash.substring(0, 4).toUpperCase()}-${hash.substring(4, 8).toUpperCase()}-${hash.substring(8, 12).toUpperCase()}-${hash.substring(12, 16).toUpperCase()}`;
+}
+function getDeviceInfo() {
+  const cpus = import_os.default.cpus();
+  return {
+    os: import_os.default.platform(),
+    osVersion: import_os.default.release(),
+    hostname: import_os.default.hostname(),
+    arch: import_os.default.arch(),
+    cpuModel: cpus[0]?.model || "unknown",
+    totalMemory: import_os.default.totalmem()
+  };
+}
+
+// src/storage.ts
+var import_fs = __toESM(require("fs"));
+var import_path = __toESM(require("path"));
+var import_crypto3 = __toESM(require("crypto"));
+var FileStorage = class {
+  constructor(storagePath, appId) {
+    const safeName = appId.replace(/[^a-zA-Z0-9_-]/g, "_");
+    this.filePath = import_path.default.join(storagePath, `.clavis_${safeName}`);
+    this.encryptionKey = import_crypto3.default.createHash("sha256").update(appId).digest();
+  }
+  /** 保存缓存数据（AES-256-GCM 加密） */
+  save(data) {
+    const json = JSON.stringify(data);
+    const iv = import_crypto3.default.randomBytes(12);
+    const cipher = import_crypto3.default.createCipheriv("aes-256-gcm", this.encryptionKey, iv);
+    const encrypted = Buffer.concat([
+      cipher.update(json, "utf8"),
+      cipher.final()
+    ]);
+    const tag = cipher.getAuthTag();
+    const combined = Buffer.concat([iv, tag, encrypted]);
+    const dir = import_path.default.dirname(this.filePath);
+    if (!import_fs.default.existsSync(dir)) {
+      import_fs.default.mkdirSync(dir, { recursive: true });
+    }
+    import_fs.default.writeFileSync(this.filePath, combined);
+  }
+  /** 读取缓存数据（解密） */
+  load() {
+    try {
+      if (!import_fs.default.existsSync(this.filePath)) return null;
+      const data = import_fs.default.readFileSync(this.filePath);
+      if (data.length < 28) return null;
+      const iv = data.subarray(0, 12);
+      const tag = data.subarray(12, 28);
+      const encrypted = data.subarray(28);
+      const decipher = import_crypto3.default.createDecipheriv(
+        "aes-256-gcm",
+        this.encryptionKey,
+        iv
+      );
+      decipher.setAuthTag(tag);
+      const decrypted = decipher.update(encrypted, void 0, "utf8") + decipher.final("utf8");
+      return JSON.parse(decrypted);
+    } catch {
+      return null;
+    }
+  }
+  /** 清除缓存文件 */
+  clear() {
+    try {
+      if (import_fs.default.existsSync(this.filePath)) {
+        import_fs.default.unlinkSync(this.filePath);
+      }
+    } catch {
+    }
+  }
+};
+
+// src/client.ts
+var Clavis = class {
+  constructor(config) {
+    this.statusListeners = [];
+    this.expiryListeners = [];
+    this.lastStatus = null;
+    this.currentLicenseKey = null;
+    this.currentIdentityHash = null;
+    if (!config.appId || !config.appSecret || !config.publicKey) {
+      throw new ClavisError(
+        ErrorCodes.MISSING_CONFIG,
+        "appId, appSecret, publicKey \u4E3A\u5FC5\u586B\u9879"
+      );
+    }
+    this.config = {
+      appId: config.appId,
+      appSecret: config.appSecret,
+      publicKey: config.publicKey,
+      baseUrl: (config.baseUrl || "https://c.nietzsci.com").replace(/\/+$/, ""),
+      storagePath: config.storagePath || process.cwd(),
+      offlineGraceDays: config.offlineGraceDays ?? 7,
+      heartbeatInterval: config.heartbeatInterval ?? 3600,
+      autoHeartbeat: config.autoHeartbeat ?? true
+    };
+    this.storage = new FileStorage(this.config.storagePath, this.config.appId);
+  }
+  // ===== 静态工具方法 =====
+  /** 生成设备机器码 */
+  static getMachineCode(appSecret) {
+    return getMachineCode(appSecret);
+  }
+  /** 获取设备信息 */
+  static getDeviceInfo() {
+    return getDeviceInfo();
+  }
+  // ===== 激活 =====
+  /**
+   * 激活授权码（需要联网）
+   *
+   * @param licenseKey 授权码，格式 XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
+   * @param identity   设备标识（机器码或自定义字符串），SDK 会自动 HMAC 哈希
+   */
+  async activate(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    const data = await this.apiPost("/api/v1/sdk/activate", body);
+    this.storage.save({
+      offlineToken: data.offline_token,
+      lastVerifiedAt: Math.floor(Date.now() / 1e3),
+      tokenVersion: 0,
+      // 激活时不知道具体版本，从 token 解析
+      licenseKey
+    });
+    this.currentLicenseKey = licenseKey;
+    this.currentIdentityHash = identityHash;
+    if (this.config.autoHeartbeat) {
+      this.startHeartbeat(licenseKey, identity);
+    }
+    const result = {
+      success: true,
+      tier: data.tier,
+      features: data.features,
+      expiresAt: data.expires_at,
+      offlineToken: data.offline_token
+    };
+    this.notifyStatusChange(this.buildStatusFromActivate(result, false));
+    return result;
+  }
+  // ===== 验证 =====
+  /**
+   * 检查授权状态（优先离线，失败则在线）
+   */
+  async checkLicense(identity) {
+    const offlineResult = this.verifyOffline(identity);
+    if (offlineResult.valid) return offlineResult;
+    const cached = this.storage.load();
+    if (!cached?.licenseKey) {
+      return offlineResult;
+    }
+    return this.verifyOnline(cached.licenseKey, identity);
+  }
+  /**
+   * 纯离线验证（零网络请求）
+   *
+   * @param identity 可选的设备标识，用于 identity_hash 匹配校验
+   */
+  verifyOffline(identity) {
+    const invalid = {
+      valid: false,
+      tier: "",
+      features: [],
+      expiresAt: null,
+      daysRemaining: null,
+      isOffline: true,
+      isTrial: false,
+      inGracePeriod: false
+    };
+    const cached = this.storage.load();
+    if (!cached?.offlineToken) {
+      return { ...invalid, tier: "none" };
+    }
+    const payload = verifyOfflineToken(
+      cached.offlineToken,
+      this.config.publicKey
+    );
+    if (!payload) {
+      return { ...invalid, tier: "invalid_signature" };
+    }
+    if (payload.app_id !== this.config.appId) {
+      return { ...invalid, tier: "app_mismatch" };
+    }
+    if (identity) {
+      const expectedHash = hashIdentity(identity, this.config.appSecret);
+      if (payload.identity_hash !== expectedHash) {
+        return { ...invalid, tier: "identity_mismatch" };
+      }
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (cached.lastVerifiedAt > now + 60) {
+      return { ...invalid, tier: "clock_drift" };
+    }
+    const isExpired = payload.expires_at !== null && payload.expires_at < now;
+    const inGracePeriod = isExpired && payload.grace_until > now;
+    const graceExpired = isExpired && payload.grace_until <= now;
+    if (graceExpired) {
+      return {
+        ...invalid,
+        tier: payload.tier,
+        features: payload.features,
+        expiresAt: payload.expires_at ? new Date(payload.expires_at * 1e3).toISOString() : null,
+        daysRemaining: 0
+      };
+    }
+    let daysRemaining = null;
+    if (payload.expires_at !== null) {
+      daysRemaining = Math.ceil((payload.expires_at - now) / 86400);
+      if (daysRemaining < 0) daysRemaining = 0;
+    }
+    this.storage.save({
+      ...cached,
+      lastVerifiedAt: now
+    });
+    const status = {
+      valid: true,
+      tier: payload.tier,
+      features: payload.features,
+      expiresAt: payload.expires_at ? new Date(payload.expires_at * 1e3).toISOString() : null,
+      daysRemaining,
+      isOffline: true,
+      isTrial: payload.tier === "trial",
+      inGracePeriod
+    };
+    this.notifyStatusChange(status);
+    this.checkExpiryReminders(daysRemaining);
+    return status;
+  }
+  /**
+   * 在线验证（备用）
+   */
+  async verifyOnline(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    try {
+      const data = await this.apiPost("/api/v1/sdk/verify", body);
+      if (data.offline_token) {
+        this.storage.save({
+          offlineToken: data.offline_token,
+          lastVerifiedAt: Math.floor(Date.now() / 1e3),
+          tokenVersion: 0,
+          licenseKey
+        });
+      }
+      const status = {
+        valid: data.valid,
+        tier: data.tier,
+        features: data.features,
+        expiresAt: data.expires_at,
+        daysRemaining: data.days_remaining,
+        isOffline: false,
+        isTrial: data.tier === "trial",
+        inGracePeriod: false
+      };
+      this.notifyStatusChange(status);
+      return status;
+    } catch (err) {
+      return {
+        valid: false,
+        tier: "",
+        features: [],
+        expiresAt: null,
+        daysRemaining: null,
+        isOffline: true,
+        isTrial: false,
+        inGracePeriod: false
+      };
+    }
+  }
+  /**
+   * 检查是否有某个功能
+   */
+  hasFeature(featureName) {
+    const cached = this.storage.load();
+    if (!cached?.offlineToken) return false;
+    const payload = verifyOfflineToken(
+      cached.offlineToken,
+      this.config.publicKey
+    );
+    if (!payload) return false;
+    return payload.features.includes(featureName);
+  }
+  // ===== 支付 =====
+  /**
+   * 获取定价方案列表
+   */
+  async getPricingPlans() {
+    const url = `${this.config.baseUrl}/api/v1/public/app-info?app_id=${encodeURIComponent(this.config.appId)}`;
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new ClavisError(
+        ErrorCodes.API_ERROR,
+        `\u83B7\u53D6\u5B9A\u4EF7\u65B9\u6848\u5931\u8D25: ${response.status}`
+      );
+    }
+    const json = await response.json();
+    if (!json.success || !json.data) {
+      throw new ClavisError(
+        ErrorCodes.API_ERROR,
+        json.error?.message || "\u83B7\u53D6\u5B9A\u4EF7\u65B9\u6848\u5931\u8D25"
+      );
+    }
+    return json.data.pricing || [];
+  }
+  /**
+   * 获取支付页面 URL
+   */
+  getPaymentUrl(planId, identity) {
+    let url = `${this.config.baseUrl}/activate/${this.config.appId}?plan=${encodeURIComponent(planId)}`;
+    if (identity) {
+      url += `&identity=${encodeURIComponent(identity)}`;
+    }
+    return url;
+  }
+  // ===== 生命周期 =====
+  /**
+   * 解绑当前设备（需要联网）
+   */
+  async deactivate(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    await this.apiPost("/api/v1/sdk/deactivate", body);
+    this.storage.clear();
+    this.stopHeartbeat();
+  }
+  /**
+   * 心跳（通常自动调用）
+   */
+  async heartbeat(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    const data = await this.apiPost("/api/v1/sdk/heartbeat", body);
+    if (data.offline_token) {
+      this.storage.save({
+        offlineToken: data.offline_token,
+        lastVerifiedAt: Math.floor(Date.now() / 1e3),
+        tokenVersion: 0,
+        licenseKey
+      });
+    }
+    return {
+      serverTimestamp: data.server_timestamp,
+      status: data.status,
+      offlineToken: data.offline_token
+    };
+  }
+  /**
+   * 监听授权状态变化
+   * @returns 取消监听函数
+   */
+  onStatusChange(callback) {
+    this.statusListeners.push(callback);
+    return () => {
+      this.statusListeners = this.statusListeners.filter(
+        (cb) => cb !== callback
+      );
+    };
+  }
+  /**
+   * 到期前提醒
+   * @param daysBeforeExpiry 到期前多少天触发
+   * @returns 取消监听函数
+   */
+  onExpiring(daysBeforeExpiry, callback) {
+    const listener = { days: daysBeforeExpiry, callback, fired: false };
+    this.expiryListeners.push(listener);
+    return () => {
+      this.expiryListeners = this.expiryListeners.filter(
+        (l) => l !== listener
+      );
+    };
+  }
+  /**
+   * 销毁（清理心跳定时器和监听器）
+   */
+  destroy() {
+    this.stopHeartbeat();
+    this.statusListeners = [];
+    this.expiryListeners = [];
+    this.lastStatus = null;
+  }
+  // ===== 内部方法 =====
+  /** 发送带 HMAC 签名的 POST 请求 */
+  async apiPost(path2, body) {
+    const headers = signRequest({
+      method: "POST",
+      path: path2,
+      body,
+      appId: this.config.appId,
+      appSecret: this.config.appSecret
+    });
+    const url = `${this.config.baseUrl}${path2}`;
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        headers: {
+          ...headers,
+          "Content-Type": "application/json"
+        },
+        body
+      });
+    } catch (err) {
+      throw new ClavisError(
+        ErrorCodes.NETWORK_ERROR,
+        `\u7F51\u7EDC\u8BF7\u6C42\u5931\u8D25: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const json = await response.json();
+    if (!response.ok || !json.success) {
+      const code = json.error?.code || ErrorCodes.API_ERROR;
+      const message = json.error?.message || `API \u8BF7\u6C42\u5931\u8D25: ${response.status}`;
+      throw new ClavisError(code, message);
+    }
+    return json.data;
+  }
+  /** 启动自动心跳 */
+  startHeartbeat(licenseKey, identity) {
+    this.stopHeartbeat();
+    this.heartbeatTimer = setInterval(async () => {
+      try {
+        await this.heartbeat(licenseKey, identity);
+      } catch {
+      }
+    }, this.config.heartbeatInterval * 1e3);
+    if (this.heartbeatTimer && typeof this.heartbeatTimer === "object" && "unref" in this.heartbeatTimer) {
+      this.heartbeatTimer.unref();
+    }
+  }
+  /** 停止心跳 */
+  stopHeartbeat() {
+    if (this.heartbeatTimer) {
+      clearInterval(this.heartbeatTimer);
+      this.heartbeatTimer = void 0;
+    }
+  }
+  /** 通知状态变化 */
+  notifyStatusChange(status) {
+    if (this.lastStatus === null || this.lastStatus.valid !== status.valid || this.lastStatus.tier !== status.tier) {
+      this.lastStatus = status;
+      for (const cb of this.statusListeners) {
+        try {
+          cb(status);
+        } catch {
+        }
+      }
+    }
+  }
+  /** 检查到期提醒 */
+  checkExpiryReminders(daysRemaining) {
+    if (daysRemaining === null) return;
+    for (const listener of this.expiryListeners) {
+      if (!listener.fired && daysRemaining <= listener.days) {
+        listener.fired = true;
+        try {
+          listener.callback();
+        } catch {
+        }
+      }
+    }
+  }
+  /** 从激活结果构造 LicenseStatus */
+  buildStatusFromActivate(result, isOffline) {
+    let daysRemaining = null;
+    if (result.expiresAt) {
+      const expiresMs = new Date(result.expiresAt).getTime();
+      daysRemaining = Math.ceil((expiresMs - Date.now()) / (86400 * 1e3));
+      if (daysRemaining < 0) daysRemaining = 0;
+    }
+    return {
+      valid: result.success,
+      tier: result.tier,
+      features: result.features,
+      expiresAt: result.expiresAt,
+      daysRemaining,
+      isOffline,
+      isTrial: result.tier === "trial",
+      inGracePeriod: false
+    };
+  }
+};
+
+// src/index.ts
+var index_default = Clavis;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Clavis,
+  ClavisError,
+  ErrorCodes,
+  FileStorage,
+  getDeviceInfo,
+  getMachineCode,
+  hashIdentity,
+  signRequest,
+  verifyOfflineToken
+});