@urateam/cli 0.1.11 → 0.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/license-command.test.js +80 -21
- package/dist/__tests__/license-command.test.js.map +1 -1
- package/dist/commands/license.d.ts +6 -3
- package/dist/commands/license.d.ts.map +1 -1
- package/dist/commands/license.js +25 -11
- package/dist/commands/license.js.map +1 -1
- package/package.json +3 -3
|
@@ -1,22 +1,30 @@
|
|
|
1
|
-
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
|
|
2
2
|
import { generateKeyPairSync, createPublicKey, verify } from "node:crypto";
|
|
3
3
|
import { issueLicense } from "../commands/license.js";
|
|
4
|
+
const SIGNING_KEY_VARS = ["URATEAM_LICENSE_SIGNING_KEY", "URATEAM_LICENSE_SIGNING_KEY_DER_B64"];
|
|
5
|
+
function snapshotSigningKeyEnv() {
|
|
6
|
+
return Object.fromEntries(SIGNING_KEY_VARS.map((k) => [k, process.env[k]]));
|
|
7
|
+
}
|
|
8
|
+
function restoreSigningKeyEnv(snapshot) {
|
|
9
|
+
for (const k of SIGNING_KEY_VARS) {
|
|
10
|
+
if (snapshot[k] === undefined)
|
|
11
|
+
delete process.env[k];
|
|
12
|
+
else
|
|
13
|
+
process.env[k] = snapshot[k];
|
|
14
|
+
}
|
|
15
|
+
}
|
|
4
16
|
describe("issueLicense", () => {
|
|
5
17
|
let publicKeyDer;
|
|
6
|
-
let
|
|
18
|
+
let envSnapshot;
|
|
7
19
|
beforeEach(() => {
|
|
8
20
|
const { publicKey, privateKey } = generateKeyPairSync("ed25519");
|
|
9
21
|
publicKeyDer = Buffer.from(publicKey.export({ format: "der", type: "spki" }));
|
|
10
|
-
|
|
11
|
-
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64
|
|
22
|
+
envSnapshot = snapshotSigningKeyEnv();
|
|
23
|
+
delete process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64;
|
|
24
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY = Buffer.from(privateKey.export({ format: "der", type: "pkcs8" })).toString("base64");
|
|
12
25
|
});
|
|
13
26
|
afterEach(() => {
|
|
14
|
-
|
|
15
|
-
delete process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64;
|
|
16
|
-
}
|
|
17
|
-
else {
|
|
18
|
-
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64 = originalSigningKey;
|
|
19
|
-
}
|
|
27
|
+
restoreSigningKeyEnv(envSnapshot);
|
|
20
28
|
});
|
|
21
29
|
function decodeJwt(token) {
|
|
22
30
|
const [h, p] = token.split(".");
|
|
@@ -54,30 +62,81 @@ describe("issueLicense", () => {
|
|
|
54
62
|
const pk = createPublicKey({ key: publicKeyDer, format: "der", type: "spki" });
|
|
55
63
|
expect(verify(null, signingInput, pk, sig)).toBe(true);
|
|
56
64
|
});
|
|
57
|
-
it("
|
|
65
|
+
it("accepts a PEM-wrapped PKCS8 key", () => {
|
|
66
|
+
const { publicKey, privateKey } = generateKeyPairSync("ed25519");
|
|
67
|
+
const pubDer = Buffer.from(publicKey.export({ format: "der", type: "spki" }));
|
|
68
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY = privateKey
|
|
69
|
+
.export({ format: "pem", type: "pkcs8" })
|
|
70
|
+
.toString();
|
|
71
|
+
const token = issueLicense({
|
|
72
|
+
customerId: "cust_pem",
|
|
73
|
+
tier: "pro",
|
|
74
|
+
seats: 5,
|
|
75
|
+
expiresAt: new Date(Date.now() + 86_400_000),
|
|
76
|
+
});
|
|
77
|
+
const [h, p, s] = token.split(".");
|
|
78
|
+
const sig = Buffer.from(s.replace(/-/g, "+").replace(/_/g, "/") + "=".repeat((4 - (s.length % 4)) % 4), "base64");
|
|
79
|
+
const pk = createPublicKey({ key: pubDer, format: "der", type: "spki" });
|
|
80
|
+
expect(verify(null, Buffer.from(`${h}.${p}`), pk, sig)).toBe(true);
|
|
81
|
+
});
|
|
82
|
+
it("tolerates whitespace around a DER-base64 key", () => {
|
|
83
|
+
const { privateKey } = generateKeyPairSync("ed25519");
|
|
84
|
+
const b64 = Buffer.from(privateKey.export({ format: "der", type: "pkcs8" })).toString("base64");
|
|
85
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY = `\n ${b64}\n`;
|
|
86
|
+
expect(() => issueLicense({
|
|
87
|
+
customerId: "cust_ws",
|
|
88
|
+
tier: "pro",
|
|
89
|
+
seats: 1,
|
|
90
|
+
expiresAt: new Date(Date.now() + 86_400_000),
|
|
91
|
+
})).not.toThrow();
|
|
92
|
+
});
|
|
93
|
+
it("falls back to deprecated URATEAM_LICENSE_SIGNING_KEY_DER_B64 with a warning", () => {
|
|
94
|
+
const { privateKey } = generateKeyPairSync("ed25519");
|
|
95
|
+
delete process.env.URATEAM_LICENSE_SIGNING_KEY;
|
|
96
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64 = Buffer.from(privateKey.export({ format: "der", type: "pkcs8" })).toString("base64");
|
|
97
|
+
const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => { });
|
|
98
|
+
expect(() => issueLicense({
|
|
99
|
+
customerId: "cust_legacy",
|
|
100
|
+
tier: "pro",
|
|
101
|
+
seats: 1,
|
|
102
|
+
expiresAt: new Date(Date.now() + 86_400_000),
|
|
103
|
+
})).not.toThrow();
|
|
104
|
+
expect(warnSpy).toHaveBeenCalledWith(expect.stringContaining("deprecated"));
|
|
105
|
+
warnSpy.mockRestore();
|
|
106
|
+
});
|
|
107
|
+
it("rejects a non-Ed25519 key (e.g. RSA) before producing a mismatched JWT", () => {
|
|
108
|
+
const { privateKey } = generateKeyPairSync("rsa", { modulusLength: 2048 });
|
|
109
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY = privateKey
|
|
110
|
+
.export({ format: "pem", type: "pkcs8" })
|
|
111
|
+
.toString();
|
|
112
|
+
expect(() => issueLicense({
|
|
113
|
+
customerId: "cust_rsa",
|
|
114
|
+
tier: "pro",
|
|
115
|
+
seats: 1,
|
|
116
|
+
expiresAt: new Date(Date.now() + 86_400_000),
|
|
117
|
+
})).toThrow(/must be an Ed25519 key, got rsa/);
|
|
118
|
+
});
|
|
119
|
+
it("throws when no signing key env var is set", () => {
|
|
120
|
+
delete process.env.URATEAM_LICENSE_SIGNING_KEY;
|
|
58
121
|
delete process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64;
|
|
59
122
|
expect(() => issueLicense({
|
|
60
123
|
customerId: "cust_test",
|
|
61
124
|
tier: "pro",
|
|
62
125
|
seats: 25,
|
|
63
126
|
expiresAt: new Date(Date.now() + 86_400_000),
|
|
64
|
-
})).toThrow(/
|
|
127
|
+
})).toThrow(/URATEAM_LICENSE_SIGNING_KEY/);
|
|
65
128
|
});
|
|
66
129
|
});
|
|
67
130
|
describe("licenseCommand action", () => {
|
|
68
|
-
let
|
|
131
|
+
let envSnapshot;
|
|
69
132
|
beforeEach(() => {
|
|
70
133
|
const { privateKey } = generateKeyPairSync("ed25519");
|
|
71
|
-
|
|
72
|
-
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64
|
|
134
|
+
envSnapshot = snapshotSigningKeyEnv();
|
|
135
|
+
delete process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64;
|
|
136
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY = Buffer.from(privateKey.export({ format: "der", type: "pkcs8" })).toString("base64");
|
|
73
137
|
});
|
|
74
138
|
afterEach(() => {
|
|
75
|
-
|
|
76
|
-
delete process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64;
|
|
77
|
-
}
|
|
78
|
-
else {
|
|
79
|
-
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64 = originalSigningKey;
|
|
80
|
-
}
|
|
139
|
+
restoreSigningKeyEnv(envSnapshot);
|
|
81
140
|
});
|
|
82
141
|
it("rejects --seats 0 instead of silently issuing an unlimited license", async () => {
|
|
83
142
|
const { licenseCommand } = await import("../commands/license.js");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"license-command.test.js","sourceRoot":"","sources":["../../src/__tests__/license-command.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"license-command.test.js","sourceRoot":"","sources":["../../src/__tests__/license-command.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAEtD,MAAM,gBAAgB,GAAG,CAAC,6BAA6B,EAAE,qCAAqC,CAAU,CAAC;AAEzG,SAAS,qBAAqB;IAC5B,OAAO,MAAM,CAAC,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,oBAAoB,CAAC,QAA4C;IACxE,KAAK,MAAM,CAAC,IAAI,gBAAgB,EAAE,CAAC;QACjC,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;;YAChD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAI,YAAoB,CAAC;IACzB,IAAI,WAA+C,CAAC;IAEpD,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACjE,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC9E,WAAW,GAAG,qBAAqB,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,MAAM,CAAC,IAAI,CACnD,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CACpD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,SAAS,SAAS,CAAC,KAAa;QAC9B,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,EAAE,CAC/B,MAAM,CAAC,IAAI,CACT,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EACtC,QAAQ,CACT,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACnF,CAAC;IAED,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,KAAK,GAAG,YAAY,CAAC;YACzB,UAAU,EAAE,WAAW;YACvB,IAAI,EAAE,YAAY;YAClB,KAAK,EAAE,GAAG;YACV,SAAS,EAAE,IAAI,IAAI,CAAC,sBAAsB,CAAC;SAC5C,CAAC,CAAC;QAEH,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,KAAK,GAAG,YAAY,CAAC;YACzB,UAAU,EAAE,WAAW;YACvB,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;SAC7C,CAAC,CAAC;QACH,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,CAAC,GAAW,EAAE,EAAE,CACjC,MAAM,CAAC,IAAI,CACT,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;YACvC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EACxC,QAAQ,CACT,CAAC;QACJ,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,UAAU;aACjD,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aACxC,QAAQ,EAAE,CAAC;QAEd,MAAM,KAAK,GAAG,YAAY,CAAC;YACzB,UAAU,EAAE,UAAU;YACtB,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;SAC7C,CAAC,CAAC;QAEH,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CACrB,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAC9E,QAAQ,CACT,CAAC;QACF,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChG,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,OAAO,GAAG,IAAI,CAAC;QAEzD,MAAM,CAAC,GAAG,EAAE,CACV,YAAY,CAAC;YACX,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;SAC7C,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACrF,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACtD,OAAO,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,MAAM,CAAC,IAAI,CAC3D,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CACpD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACrB,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEvE,MAAM,CAAC,GAAG,EAAE,CACV,YAAY,CAAC;YACX,UAAU,EAAE,aAAa;YACzB,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;SAC7C,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAChB,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAAC;QAC5E,OAAO,CAAC,WAAW,EAAE,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,UAAU;aACjD,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aACxC,QAAQ,EAAE,CAAC;QAEd,MAAM,CAAC,GAAG,EAAE,CACV,YAAY,CAAC;YACX,UAAU,EAAE,UAAU;YACtB,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,CAAC;YACR,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;SAC7C,CAAC,CACH,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,OAAO,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;QAC/C,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;QACvD,MAAM,CAAC,GAAG,EAAE,CACV,YAAY,CAAC;YACX,UAAU,EAAE,WAAW;YACvB,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;SAC7C,CAAC,CACH,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,IAAI,WAA+C,CAAC;IAEpD,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACtD,WAAW,GAAG,qBAAqB,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,MAAM,CAAC,IAAI,CACnD,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CACpD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAClE,cAAc,CAAC,YAAY,EAAE,CAAC,CAAC,oDAAoD;QAEnF,MAAM,MAAM,CACV,cAAc,CAAC,UAAU,CACvB;YACE,OAAO;YACP,eAAe,EAAE,WAAW;YAC5B,QAAQ,EAAE,KAAK;YACf,WAAW,EAAE,YAAY;YACzB,SAAS,EAAE,GAAG;SACf,EACD,EAAE,IAAI,EAAE,MAAM,EAAE,CACjB,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAClE,cAAc,CAAC,YAAY,EAAE,CAAC;QAE9B,MAAM,MAAM,CACV,cAAc,CAAC,UAAU,CACvB;YACE,OAAO;YACP,eAAe,EAAE,WAAW;YAC5B,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,YAAY;SAC1B,EACD,EAAE,IAAI,EAAE,MAAM,EAAE,CACjB,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAClE,cAAc,CAAC,YAAY,EAAE,CAAC;QAE9B,MAAM,MAAM,CACV,cAAc,CAAC,UAAU,CACvB;YACE,OAAO;YACP,eAAe,EAAE,WAAW;YAC5B,QAAQ,EAAE,KAAK;YACf,WAAW,EAAE,YAAY;SAC1B,EACD,EAAE,IAAI,EAAE,MAAM,EAAE,CACjB,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -9,9 +9,12 @@ export interface IssueOptions {
|
|
|
9
9
|
/**
|
|
10
10
|
* Sign a urateam license JWT with the operator's Ed25519 private key.
|
|
11
11
|
*
|
|
12
|
-
* The signing key is read from
|
|
13
|
-
*
|
|
14
|
-
*
|
|
12
|
+
* The signing key is read from URATEAM_LICENSE_SIGNING_KEY (preferred) or
|
|
13
|
+
* URATEAM_LICENSE_SIGNING_KEY_DER_B64 (deprecated, kept for backwards
|
|
14
|
+
* compatibility). Both accept either raw base64 PKCS8 DER (as emitted by
|
|
15
|
+
* scripts/generate-license-keypair.ts) or a PEM-wrapped PKCS8 string (as
|
|
16
|
+
* emitted by the urateam-licensing Worker's gen-signing-key.ts). The key
|
|
17
|
+
* is operator-only and must never enter the urateam runtime.
|
|
15
18
|
*/
|
|
16
19
|
export declare function issueLicense(opts: IssueOptions): string;
|
|
17
20
|
export declare const licenseCommand: Command;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../../src/commands/license.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,KAAK,GAAG,YAAY,CAAC;IAC3B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAUD
|
|
1
|
+
{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../../src/commands/license.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,KAAK,GAAG,YAAY,CAAC;IAC3B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAUD;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,CAoDvD;AAED,eAAO,MAAM,cAAc,SAmCxB,CAAC"}
|
package/dist/commands/license.js
CHANGED
|
@@ -10,21 +10,35 @@ function b64url(buf) {
|
|
|
10
10
|
/**
|
|
11
11
|
* Sign a urateam license JWT with the operator's Ed25519 private key.
|
|
12
12
|
*
|
|
13
|
-
* The signing key is read from
|
|
14
|
-
*
|
|
15
|
-
*
|
|
13
|
+
* The signing key is read from URATEAM_LICENSE_SIGNING_KEY (preferred) or
|
|
14
|
+
* URATEAM_LICENSE_SIGNING_KEY_DER_B64 (deprecated, kept for backwards
|
|
15
|
+
* compatibility). Both accept either raw base64 PKCS8 DER (as emitted by
|
|
16
|
+
* scripts/generate-license-keypair.ts) or a PEM-wrapped PKCS8 string (as
|
|
17
|
+
* emitted by the urateam-licensing Worker's gen-signing-key.ts). The key
|
|
18
|
+
* is operator-only and must never enter the urateam runtime.
|
|
16
19
|
*/
|
|
17
20
|
export function issueLicense(opts) {
|
|
18
|
-
const
|
|
19
|
-
|
|
20
|
-
|
|
21
|
+
const raw = process.env.URATEAM_LICENSE_SIGNING_KEY ??
|
|
22
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64;
|
|
23
|
+
if (!raw) {
|
|
24
|
+
throw new Error("URATEAM_LICENSE_SIGNING_KEY env var is not set. " +
|
|
21
25
|
"Run scripts/generate-license-keypair.ts to create one.");
|
|
22
26
|
}
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
27
|
+
if (process.env.URATEAM_LICENSE_SIGNING_KEY === undefined &&
|
|
28
|
+
process.env.URATEAM_LICENSE_SIGNING_KEY_DER_B64 !== undefined) {
|
|
29
|
+
console.warn("URATEAM_LICENSE_SIGNING_KEY_DER_B64 is deprecated; rename to URATEAM_LICENSE_SIGNING_KEY (same value, both PEM and base64 DER accepted).");
|
|
30
|
+
}
|
|
31
|
+
const privateKey = raw.includes("BEGIN PRIVATE KEY")
|
|
32
|
+
? createPrivateKey({ key: raw, format: "pem", type: "pkcs8" })
|
|
33
|
+
: createPrivateKey({
|
|
34
|
+
key: Buffer.from(raw.trim(), "base64"),
|
|
35
|
+
format: "der",
|
|
36
|
+
type: "pkcs8",
|
|
37
|
+
});
|
|
38
|
+
if (privateKey.asymmetricKeyType !== "ed25519") {
|
|
39
|
+
throw new Error(`URATEAM_LICENSE_SIGNING_KEY must be an Ed25519 key, got ${privateKey.asymmetricKeyType}. ` +
|
|
40
|
+
"JWT header advertises alg=EdDSA — signing with any other key type would produce an unverifiable token.");
|
|
41
|
+
}
|
|
28
42
|
const header = { alg: "EdDSA", typ: "JWT" };
|
|
29
43
|
const now = Math.floor(Date.now() / 1000);
|
|
30
44
|
const payload = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"license.js","sourceRoot":"","sources":["../../src/commands/license.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAUrD,SAAS,MAAM,CAAC,GAAW;IACzB,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED
|
|
1
|
+
{"version":3,"file":"license.js","sourceRoot":"","sources":["../../src/commands/license.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAUrD,SAAS,MAAM,CAAC,GAAW;IACzB,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,YAAY,CAAC,IAAkB;IAC7C,MAAM,GAAG,GACP,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACvC,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;IAClD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,kDAAkD;YAChD,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IACD,IACE,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,SAAS;QACrD,OAAO,CAAC,GAAG,CAAC,mCAAmC,KAAK,SAAS,EAC7D,CAAC;QACD,OAAO,CAAC,IAAI,CACV,0IAA0I,CAC3I,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAClD,CAAC,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC9D,CAAC,CAAC,gBAAgB,CAAC;YACf,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,QAAQ,CAAC;YACtC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IAEP,IAAI,UAAU,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CACb,2DAA2D,UAAU,CAAC,iBAAiB,IAAI;YACzF,wGAAwG,CAC3G,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,OAAO,GAA4B;QACvC,GAAG,EAAE,cAAc;QACnB,GAAG,EAAE,IAAI,CAAC,UAAU;QACpB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;KACjD,CAAC;IACF,IAAI,IAAI,CAAC,QAAQ;QAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAEpD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;IAClD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,CAAC,CAAC;IAEpE,OAAO,GAAG,YAAY,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC;KACjD,WAAW,CAAC,qCAAqC,CAAC;KAClD,UAAU,CACT,IAAI,OAAO,CAAC,OAAO,CAAC;KACjB,WAAW,CAAC,oCAAoC,CAAC;KACjD,cAAc,CAAC,oBAAoB,EAAE,iCAAiC,CAAC;KACvE,cAAc,CAAC,eAAe,EAAE,yBAAyB,CAAC;KAC1D,cAAc,CAAC,sBAAsB,EAAE,sCAAsC,CAAC;KAC9E,MAAM,CAAC,aAAa,EAAE,sDAAsD,CAAC;KAC7E,MAAM,CAAC,kBAAkB,EAAE,iDAAiD,CAAC;KAC7E,MAAM,CAAC,CAAC,IAA8F,EAAE,EAAE;IACzG,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,KAAK,GAAkB,IAAI,CAAC;IAChC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC/C,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;QAC7E,CAAC;QACD,KAAK,GAAG,MAAM,CAAC;IACjB,CAAC;IACD,MAAM,KAAK,GAAG,YAAY,CAAC;QACzB,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK;QACL,SAAS;QACT,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;KACpF,CAAC,CAAC;IACH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AACrB,CAAC,CAAC,CACL,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@urateam/cli",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.12",
|
|
4
4
|
"license": "BUSL-1.1",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -22,8 +22,8 @@
|
|
|
22
22
|
"better-sqlite3": "^11.8.0",
|
|
23
23
|
"commander": "^13.1.0",
|
|
24
24
|
"postgres": "^3.4.0",
|
|
25
|
-
"@urateam/
|
|
26
|
-
"@urateam/
|
|
25
|
+
"@urateam/dashboard": "0.1.10",
|
|
26
|
+
"@urateam/core": "0.1.15"
|
|
27
27
|
},
|
|
28
28
|
"devDependencies": {
|
|
29
29
|
"@types/better-sqlite3": "^7.6.0",
|