@nietzsci/clavis 0.1.0

package/dist/index.mjs

@@ -0,0 +1,617 @@
+// src/errors.ts
+var ClavisError = class extends Error {
+  constructor(code, message) {
+    super(message);
+    this.name = "ClavisError";
+    this.code = code;
+  }
+};
+var ErrorCodes = {
+  // 网络
+  NETWORK_ERROR: "NETWORK_ERROR",
+  API_ERROR: "API_ERROR",
+  // 签名
+  INVALID_SIGNATURE: "INVALID_SIGNATURE",
+  MISSING_AUTH_HEADERS: "MISSING_AUTH_HEADERS",
+  TIMESTAMP_EXPIRED: "TIMESTAMP_EXPIRED",
+  // 授权码
+  LICENSE_NOT_FOUND: "LICENSE_NOT_FOUND",
+  LICENSE_EXPIRED: "LICENSE_EXPIRED",
+  LICENSE_REVOKED: "LICENSE_REVOKED",
+  ACTIVATION_LIMIT: "ACTIVATION_LIMIT",
+  ACTIVATION_NOT_FOUND: "ACTIVATION_NOT_FOUND",
+  // 离线验证
+  NO_CACHED_TOKEN: "NO_CACHED_TOKEN",
+  TOKEN_SIGNATURE_INVALID: "TOKEN_SIGNATURE_INVALID",
+  TOKEN_EXPIRED: "TOKEN_EXPIRED",
+  TOKEN_GRACE_EXPIRED: "TOKEN_GRACE_EXPIRED",
+  IDENTITY_MISMATCH: "IDENTITY_MISMATCH",
+  CLOCK_DRIFT_DETECTED: "CLOCK_DRIFT_DETECTED",
+  // 配置
+  MISSING_CONFIG: "MISSING_CONFIG",
+  INVALID_CONFIG: "INVALID_CONFIG"
+};
+
+// src/crypto.ts
+import nacl from "tweetnacl";
+import { decodeBase64 } from "tweetnacl-util";
+function fromBase64Url(b64url) {
+  let b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+  while (b64.length % 4 !== 0) b64 += "=";
+  return b64;
+}
+function verifyOfflineToken(token, publicKeyBase64) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 2) return null;
+    const [payloadBase64Url, signatureBase64Url] = parts;
+    const payloadB64 = fromBase64Url(payloadBase64Url);
+    const payloadBytes = Uint8Array.from(
+      atob(payloadB64),
+      (c) => c.charCodeAt(0)
+    );
+    const payloadJson = new TextDecoder().decode(payloadBytes);
+    const signatureB64 = fromBase64Url(signatureBase64Url);
+    const signatureBytes = decodeBase64(signatureB64);
+    const publicKeyBytes = decodeBase64(publicKeyBase64);
+    const messageBytes = new TextEncoder().encode(payloadJson);
+    const signedMessage = new Uint8Array(
+      signatureBytes.length + messageBytes.length
+    );
+    signedMessage.set(signatureBytes);
+    signedMessage.set(messageBytes, signatureBytes.length);
+    const verified = nacl.sign.open(signedMessage, publicKeyBytes);
+    if (!verified) return null;
+    return JSON.parse(payloadJson);
+  } catch {
+    return null;
+  }
+}
+
+// src/hmac.ts
+import crypto from "crypto";
+function signRequest(params) {
+  const timestamp = Math.floor(Date.now() / 1e3).toString();
+  const nonce = crypto.randomUUID();
+  const bodyHash = crypto.createHash("sha256").update(params.body || "").digest("hex");
+  const stringToSign = `${params.method.toUpperCase()}
+${params.path}
+${timestamp}
+${nonce}
+${bodyHash}`;
+  const signature = crypto.createHmac("sha256", params.appSecret).update(stringToSign).digest("hex");
+  return {
+    "x-app-id": params.appId,
+    "x-timestamp": timestamp,
+    "x-nonce": nonce,
+    "x-signature": signature
+  };
+}
+function hashIdentity(identity, appSecret) {
+  return crypto.createHmac("sha256", appSecret).update(identity).digest("hex");
+}
+
+// src/fingerprint.ts
+import crypto2 from "crypto";
+import os from "os";
+function getMachineCode(appSecret) {
+  const cpus = os.cpus();
+  const data = [
+    os.hostname(),
+    os.platform(),
+    os.arch(),
+    cpus[0]?.model || "",
+    cpus.length.toString(),
+    os.totalmem().toString()
+  ].join("|");
+  const key = appSecret || "clavis-default-key";
+  const hash = crypto2.createHmac("sha256", key).update(data).digest("hex");
+  return `MC-${hash.substring(0, 4).toUpperCase()}-${hash.substring(4, 8).toUpperCase()}-${hash.substring(8, 12).toUpperCase()}-${hash.substring(12, 16).toUpperCase()}`;
+}
+function getDeviceInfo() {
+  const cpus = os.cpus();
+  return {
+    os: os.platform(),
+    osVersion: os.release(),
+    hostname: os.hostname(),
+    arch: os.arch(),
+    cpuModel: cpus[0]?.model || "unknown",
+    totalMemory: os.totalmem()
+  };
+}
+
+// src/storage.ts
+import fs from "fs";
+import path from "path";
+import crypto3 from "crypto";
+var FileStorage = class {
+  constructor(storagePath, appId) {
+    const safeName = appId.replace(/[^a-zA-Z0-9_-]/g, "_");
+    this.filePath = path.join(storagePath, `.clavis_${safeName}`);
+    this.encryptionKey = crypto3.createHash("sha256").update(appId).digest();
+  }
+  /** 保存缓存数据（AES-256-GCM 加密） */
+  save(data) {
+    const json = JSON.stringify(data);
+    const iv = crypto3.randomBytes(12);
+    const cipher = crypto3.createCipheriv("aes-256-gcm", this.encryptionKey, iv);
+    const encrypted = Buffer.concat([
+      cipher.update(json, "utf8"),
+      cipher.final()
+    ]);
+    const tag = cipher.getAuthTag();
+    const combined = Buffer.concat([iv, tag, encrypted]);
+    const dir = path.dirname(this.filePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(this.filePath, combined);
+  }
+  /** 读取缓存数据（解密） */
+  load() {
+    try {
+      if (!fs.existsSync(this.filePath)) return null;
+      const data = fs.readFileSync(this.filePath);
+      if (data.length < 28) return null;
+      const iv = data.subarray(0, 12);
+      const tag = data.subarray(12, 28);
+      const encrypted = data.subarray(28);
+      const decipher = crypto3.createDecipheriv(
+        "aes-256-gcm",
+        this.encryptionKey,
+        iv
+      );
+      decipher.setAuthTag(tag);
+      const decrypted = decipher.update(encrypted, void 0, "utf8") + decipher.final("utf8");
+      return JSON.parse(decrypted);
+    } catch {
+      return null;
+    }
+  }
+  /** 清除缓存文件 */
+  clear() {
+    try {
+      if (fs.existsSync(this.filePath)) {
+        fs.unlinkSync(this.filePath);
+      }
+    } catch {
+    }
+  }
+};
+
+// src/client.ts
+var Clavis = class {
+  constructor(config) {
+    this.statusListeners = [];
+    this.expiryListeners = [];
+    this.lastStatus = null;
+    this.currentLicenseKey = null;
+    this.currentIdentityHash = null;
+    if (!config.appId || !config.appSecret || !config.publicKey) {
+      throw new ClavisError(
+        ErrorCodes.MISSING_CONFIG,
+        "appId, appSecret, publicKey \u4E3A\u5FC5\u586B\u9879"
+      );
+    }
+    this.config = {
+      appId: config.appId,
+      appSecret: config.appSecret,
+      publicKey: config.publicKey,
+      baseUrl: (config.baseUrl || "https://c.nietzsci.com").replace(/\/+$/, ""),
+      storagePath: config.storagePath || process.cwd(),
+      offlineGraceDays: config.offlineGraceDays ?? 7,
+      heartbeatInterval: config.heartbeatInterval ?? 3600,
+      autoHeartbeat: config.autoHeartbeat ?? true
+    };
+    this.storage = new FileStorage(this.config.storagePath, this.config.appId);
+  }
+  // ===== 静态工具方法 =====
+  /** 生成设备机器码 */
+  static getMachineCode(appSecret) {
+    return getMachineCode(appSecret);
+  }
+  /** 获取设备信息 */
+  static getDeviceInfo() {
+    return getDeviceInfo();
+  }
+  // ===== 激活 =====
+  /**
+   * 激活授权码（需要联网）
+   *
+   * @param licenseKey 授权码，格式 XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
+   * @param identity   设备标识（机器码或自定义字符串），SDK 会自动 HMAC 哈希
+   */
+  async activate(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    const data = await this.apiPost("/api/v1/sdk/activate", body);
+    this.storage.save({
+      offlineToken: data.offline_token,
+      lastVerifiedAt: Math.floor(Date.now() / 1e3),
+      tokenVersion: 0,
+      // 激活时不知道具体版本，从 token 解析
+      licenseKey
+    });
+    this.currentLicenseKey = licenseKey;
+    this.currentIdentityHash = identityHash;
+    if (this.config.autoHeartbeat) {
+      this.startHeartbeat(licenseKey, identity);
+    }
+    const result = {
+      success: true,
+      tier: data.tier,
+      features: data.features,
+      expiresAt: data.expires_at,
+      offlineToken: data.offline_token
+    };
+    this.notifyStatusChange(this.buildStatusFromActivate(result, false));
+    return result;
+  }
+  // ===== 验证 =====
+  /**
+   * 检查授权状态（优先离线，失败则在线）
+   */
+  async checkLicense(identity) {
+    const offlineResult = this.verifyOffline(identity);
+    if (offlineResult.valid) return offlineResult;
+    const cached = this.storage.load();
+    if (!cached?.licenseKey) {
+      return offlineResult;
+    }
+    return this.verifyOnline(cached.licenseKey, identity);
+  }
+  /**
+   * 纯离线验证（零网络请求）
+   *
+   * @param identity 可选的设备标识，用于 identity_hash 匹配校验
+   */
+  verifyOffline(identity) {
+    const invalid = {
+      valid: false,
+      tier: "",
+      features: [],
+      expiresAt: null,
+      daysRemaining: null,
+      isOffline: true,
+      isTrial: false,
+      inGracePeriod: false
+    };
+    const cached = this.storage.load();
+    if (!cached?.offlineToken) {
+      return { ...invalid, tier: "none" };
+    }
+    const payload = verifyOfflineToken(
+      cached.offlineToken,
+      this.config.publicKey
+    );
+    if (!payload) {
+      return { ...invalid, tier: "invalid_signature" };
+    }
+    if (payload.app_id !== this.config.appId) {
+      return { ...invalid, tier: "app_mismatch" };
+    }
+    if (identity) {
+      const expectedHash = hashIdentity(identity, this.config.appSecret);
+      if (payload.identity_hash !== expectedHash) {
+        return { ...invalid, tier: "identity_mismatch" };
+      }
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (cached.lastVerifiedAt > now + 60) {
+      return { ...invalid, tier: "clock_drift" };
+    }
+    const isExpired = payload.expires_at !== null && payload.expires_at < now;
+    const inGracePeriod = isExpired && payload.grace_until > now;
+    const graceExpired = isExpired && payload.grace_until <= now;
+    if (graceExpired) {
+      return {
+        ...invalid,
+        tier: payload.tier,
+        features: payload.features,
+        expiresAt: payload.expires_at ? new Date(payload.expires_at * 1e3).toISOString() : null,
+        daysRemaining: 0
+      };
+    }
+    let daysRemaining = null;
+    if (payload.expires_at !== null) {
+      daysRemaining = Math.ceil((payload.expires_at - now) / 86400);
+      if (daysRemaining < 0) daysRemaining = 0;
+    }
+    this.storage.save({
+      ...cached,
+      lastVerifiedAt: now
+    });
+    const status = {
+      valid: true,
+      tier: payload.tier,
+      features: payload.features,
+      expiresAt: payload.expires_at ? new Date(payload.expires_at * 1e3).toISOString() : null,
+      daysRemaining,
+      isOffline: true,
+      isTrial: payload.tier === "trial",
+      inGracePeriod
+    };
+    this.notifyStatusChange(status);
+    this.checkExpiryReminders(daysRemaining);
+    return status;
+  }
+  /**
+   * 在线验证（备用）
+   */
+  async verifyOnline(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    try {
+      const data = await this.apiPost("/api/v1/sdk/verify", body);
+      if (data.offline_token) {
+        this.storage.save({
+          offlineToken: data.offline_token,
+          lastVerifiedAt: Math.floor(Date.now() / 1e3),
+          tokenVersion: 0,
+          licenseKey
+        });
+      }
+      const status = {
+        valid: data.valid,
+        tier: data.tier,
+        features: data.features,
+        expiresAt: data.expires_at,
+        daysRemaining: data.days_remaining,
+        isOffline: false,
+        isTrial: data.tier === "trial",
+        inGracePeriod: false
+      };
+      this.notifyStatusChange(status);
+      return status;
+    } catch (err) {
+      return {
+        valid: false,
+        tier: "",
+        features: [],
+        expiresAt: null,
+        daysRemaining: null,
+        isOffline: true,
+        isTrial: false,
+        inGracePeriod: false
+      };
+    }
+  }
+  /**
+   * 检查是否有某个功能
+   */
+  hasFeature(featureName) {
+    const cached = this.storage.load();
+    if (!cached?.offlineToken) return false;
+    const payload = verifyOfflineToken(
+      cached.offlineToken,
+      this.config.publicKey
+    );
+    if (!payload) return false;
+    return payload.features.includes(featureName);
+  }
+  // ===== 支付 =====
+  /**
+   * 获取定价方案列表
+   */
+  async getPricingPlans() {
+    const url = `${this.config.baseUrl}/api/v1/public/app-info?app_id=${encodeURIComponent(this.config.appId)}`;
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new ClavisError(
+        ErrorCodes.API_ERROR,
+        `\u83B7\u53D6\u5B9A\u4EF7\u65B9\u6848\u5931\u8D25: ${response.status}`
+      );
+    }
+    const json = await response.json();
+    if (!json.success || !json.data) {
+      throw new ClavisError(
+        ErrorCodes.API_ERROR,
+        json.error?.message || "\u83B7\u53D6\u5B9A\u4EF7\u65B9\u6848\u5931\u8D25"
+      );
+    }
+    return json.data.pricing || [];
+  }
+  /**
+   * 获取支付页面 URL
+   */
+  getPaymentUrl(planId, identity) {
+    let url = `${this.config.baseUrl}/activate/${this.config.appId}?plan=${encodeURIComponent(planId)}`;
+    if (identity) {
+      url += `&identity=${encodeURIComponent(identity)}`;
+    }
+    return url;
+  }
+  // ===== 生命周期 =====
+  /**
+   * 解绑当前设备（需要联网）
+   */
+  async deactivate(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    await this.apiPost("/api/v1/sdk/deactivate", body);
+    this.storage.clear();
+    this.stopHeartbeat();
+  }
+  /**
+   * 心跳（通常自动调用）
+   */
+  async heartbeat(licenseKey, identity) {
+    const identityHash = hashIdentity(identity, this.config.appSecret);
+    const body = JSON.stringify({
+      license_key: licenseKey,
+      identity_hash: identityHash
+    });
+    const data = await this.apiPost("/api/v1/sdk/heartbeat", body);
+    if (data.offline_token) {
+      this.storage.save({
+        offlineToken: data.offline_token,
+        lastVerifiedAt: Math.floor(Date.now() / 1e3),
+        tokenVersion: 0,
+        licenseKey
+      });
+    }
+    return {
+      serverTimestamp: data.server_timestamp,
+      status: data.status,
+      offlineToken: data.offline_token
+    };
+  }
+  /**
+   * 监听授权状态变化
+   * @returns 取消监听函数
+   */
+  onStatusChange(callback) {
+    this.statusListeners.push(callback);
+    return () => {
+      this.statusListeners = this.statusListeners.filter(
+        (cb) => cb !== callback
+      );
+    };
+  }
+  /**
+   * 到期前提醒
+   * @param daysBeforeExpiry 到期前多少天触发
+   * @returns 取消监听函数
+   */
+  onExpiring(daysBeforeExpiry, callback) {
+    const listener = { days: daysBeforeExpiry, callback, fired: false };
+    this.expiryListeners.push(listener);
+    return () => {
+      this.expiryListeners = this.expiryListeners.filter(
+        (l) => l !== listener
+      );
+    };
+  }
+  /**
+   * 销毁（清理心跳定时器和监听器）
+   */
+  destroy() {
+    this.stopHeartbeat();
+    this.statusListeners = [];
+    this.expiryListeners = [];
+    this.lastStatus = null;
+  }
+  // ===== 内部方法 =====
+  /** 发送带 HMAC 签名的 POST 请求 */
+  async apiPost(path2, body) {
+    const headers = signRequest({
+      method: "POST",
+      path: path2,
+      body,
+      appId: this.config.appId,
+      appSecret: this.config.appSecret
+    });
+    const url = `${this.config.baseUrl}${path2}`;
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        headers: {
+          ...headers,
+          "Content-Type": "application/json"
+        },
+        body
+      });
+    } catch (err) {
+      throw new ClavisError(
+        ErrorCodes.NETWORK_ERROR,
+        `\u7F51\u7EDC\u8BF7\u6C42\u5931\u8D25: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const json = await response.json();
+    if (!response.ok || !json.success) {
+      const code = json.error?.code || ErrorCodes.API_ERROR;
+      const message = json.error?.message || `API \u8BF7\u6C42\u5931\u8D25: ${response.status}`;
+      throw new ClavisError(code, message);
+    }
+    return json.data;
+  }
+  /** 启动自动心跳 */
+  startHeartbeat(licenseKey, identity) {
+    this.stopHeartbeat();
+    this.heartbeatTimer = setInterval(async () => {
+      try {
+        await this.heartbeat(licenseKey, identity);
+      } catch {
+      }
+    }, this.config.heartbeatInterval * 1e3);
+    if (this.heartbeatTimer && typeof this.heartbeatTimer === "object" && "unref" in this.heartbeatTimer) {
+      this.heartbeatTimer.unref();
+    }
+  }
+  /** 停止心跳 */
+  stopHeartbeat() {
+    if (this.heartbeatTimer) {
+      clearInterval(this.heartbeatTimer);
+      this.heartbeatTimer = void 0;
+    }
+  }
+  /** 通知状态变化 */
+  notifyStatusChange(status) {
+    if (this.lastStatus === null || this.lastStatus.valid !== status.valid || this.lastStatus.tier !== status.tier) {
+      this.lastStatus = status;
+      for (const cb of this.statusListeners) {
+        try {
+          cb(status);
+        } catch {
+        }
+      }
+    }
+  }
+  /** 检查到期提醒 */
+  checkExpiryReminders(daysRemaining) {
+    if (daysRemaining === null) return;
+    for (const listener of this.expiryListeners) {
+      if (!listener.fired && daysRemaining <= listener.days) {
+        listener.fired = true;
+        try {
+          listener.callback();
+        } catch {
+        }
+      }
+    }
+  }
+  /** 从激活结果构造 LicenseStatus */
+  buildStatusFromActivate(result, isOffline) {
+    let daysRemaining = null;
+    if (result.expiresAt) {
+      const expiresMs = new Date(result.expiresAt).getTime();
+      daysRemaining = Math.ceil((expiresMs - Date.now()) / (86400 * 1e3));
+      if (daysRemaining < 0) daysRemaining = 0;
+    }
+    return {
+      valid: result.success,
+      tier: result.tier,
+      features: result.features,
+      expiresAt: result.expiresAt,
+      daysRemaining,
+      isOffline,
+      isTrial: result.tier === "trial",
+      inGracePeriod: false
+    };
+  }
+};
+
+// src/index.ts
+var index_default = Clavis;
+export {
+  Clavis,
+  ClavisError,
+  ErrorCodes,
+  FileStorage,
+  index_default as default,
+  getDeviceInfo,
+  getMachineCode,
+  hashIdentity,
+  signRequest,
+  verifyOfflineToken
+};

package/examples/browser-example.html

@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>Clavis SDK - 浏览器示例</title>
+  <style>
+    body { font-family: system-ui, sans-serif; max-width: 600px; margin: 40px auto; padding: 0 20px; }
+    h1 { font-size: 1.5rem; }
+    .card { border: 1px solid #ddd; border-radius: 8px; padding: 16px; margin: 16px 0; }
+    .status { padding: 8px 16px; border-radius: 4px; font-weight: bold; }
+    .status.valid { background: #d4edda; color: #155724; }
+    .status.invalid { background: #f8d7da; color: #721c24; }
+    input { width: 100%; padding: 8px; margin: 8px 0; box-sizing: border-box; }
+    button { padding: 8px 16px; background: #0066ff; color: white; border: none; border-radius: 4px; cursor: pointer; }
+    button:hover { background: #0052cc; }
+    pre { background: #f5f5f5; padding: 12px; border-radius: 4px; overflow-x: auto; font-size: 0.85rem; }
+  </style>
+</head>
+<body>
+  <h1>Clavis SDK 浏览器示例</h1>
+
+  <div class="card">
+    <h3>配置</h3>
+    <input id="appId" placeholder="App ID (nc_xxx)" value="" />
+    <input id="publicKey" placeholder="Ed25519 公钥 (base64)" value="" />
+    <input id="baseUrl" placeholder="API 地址" value="https://c.nietzsci.com" />
+  </div>
+
+  <div class="card">
+    <h3>离线验证</h3>
+    <p>粘贴 offline_token 进行纯离线验证（不发送网络请求）：</p>
+    <textarea id="offlineToken" rows="4" style="width:100%;box-sizing:border-box;" placeholder="base64url(payload).base64url(signature)"></textarea>
+    <br /><br />
+    <button onclick="verifyToken()">验证 Token</button>
+    <div id="result"></div>
+  </div>
+
+  <div class="card">
+    <h3>购买授权</h3>
+    <button onclick="openPayment()">打开购买页面</button>
+  </div>
+
+  <!-- 说明：浏览器环境不能使用 HMAC 签名（appSecret 不能暴露在前端）   -->
+  <!-- 浏览器端只能做：离线验证（公钥验签）、打开支付页面               -->
+  <!-- 激活/心跳/解绑 等需要 appSecret 的操作必须放在后端              -->
+
+  <script type="module">
+    // 浏览器环境用 ES module 导入构建产物
+    // import { verifyOfflineToken } from '@clavis/sdk';
+
+    // 简化版：直接内联 tweetnacl 的验签逻辑用于演示
+    // 生产环境请使用构建后的 @clavis/sdk
+
+    window.verifyToken = function () {
+      const token = document.getElementById('offlineToken').value.trim();
+      const publicKey = document.getElementById('publicKey').value.trim();
+      const resultDiv = document.getElementById('result');
+
+      if (!token || !publicKey) {
+        resultDiv.innerHTML = '<p class="status invalid">请填写 Token 和公钥</p>';
+        return;
+      }
+
+      resultDiv.innerHTML = '<pre>验证中... (生产环境使用 @clavis/sdk 的 verifyOfflineToken)</pre>';
+
+      // 实际使用：
+      // const payload = verifyOfflineToken(token, publicKey);
+      // if (payload) {
+      //   resultDiv.innerHTML = `<p class="status valid">授权有效</p><pre>${JSON.stringify(payload, null, 2)}</pre>`;
+      // } else {
+      //   resultDiv.innerHTML = '<p class="status invalid">签名验证失败</p>';
+      // }
+    };
+
+    window.openPayment = function () {
+      const appId = document.getElementById('appId').value.trim();
+      const baseUrl = document.getElementById('baseUrl').value.trim();
+      if (!appId || !baseUrl) {
+        alert('请填写 App ID 和 API 地址');
+        return;
+      }
+      window.open(`${baseUrl}/activate/${appId}`, '_blank');
+    };
+  </script>
+</body>
+</html>