grant/recap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2544cf7dde5a0e1e1e4851950c9186809ec91855
recap/server/license-middleware.js
T
Keysat 9439154c25 Tighten license-poll cadence; add opportunistic online refresh 
Three changes that together make license state changes feel
near-instant in the UI without burning real I/O / network budget:

  1. File-poll interval: 30s → 5s
     Action-set keys (via "Set Recap License") get picked up almost
     immediately. Cost: a single stat per file every 5s, negligible.

  2. Online validation interval: 6h → 30min
     A license revoked on Keysat now flips to invalid within 30 min
     worst-case, instead of sitting unnoticed for hours. Bounded
     latency makes revocation usable in production.

  3. Opportunistic online refresh on /api/license-status
     If the cached LIC was last validated more than 10 min ago, fire
     validateOnline() in the background (non-blocking) when the web
     UI hits the status endpoint. Since the UI hits status on every
     page load, revocations get caught the next time anyone opens
     the app — usually well under the scheduled 30 min tick.

Three new env vars for tuning:
  RECAP_LICENSE_FILE_POLL_MS         (default 5000)
  RECAP_VALIDATE_INTERVAL_MS         (default 1800000)
  RECAP_OPPORTUNISTIC_REFRESH_MS     (default 600000)
2026-05-09 19:36:46 -05:00

279 lines
11 KiB
JavaScript
Raw Blame History

// License gate, Pro-tier feature gates, license routes, and the free-
// tier concurrency lock. All license-aware request-handling lives here.
//
// LIC is exported as a `let` binding (ESM live binding) — importers
// reading it get the current value. The activate / deactivate routes
// and refreshLicenseOnline mutate it inside the module.
import * as license from "./license.js";
// ── Module state ────────────────────────────────────────────────────────────
// LIC is the in-memory snapshot of the current license state, refreshed
// on startup, periodically against the licensing server, and after each
// activate / deactivate.
export let LIC = license.checkLicense();
console.log(
`[license] state=${LIC.state} entitlements=[${[...LIC.entitlements].join(",")}]` +
(LIC.reason ? ` reason=${LIC.reason}` : "")
);
// Free-tier concurrency lock. Unlicensed users may process one video at
// a time — second submission while another is in flight returns 409 from
// /api/process. The /api/process handler calls tryAcquireFreeSlot() at
// entry and releaseFreeSlot() in its finally block.
let freeJobInFlight = false;
// ── Online validation tunables ──────────────────────────────────────────────
// 30 min default scheduled cycle catches revocations / suspensions /
// expirations within at most half an hour. Bounded so a key revoked on
// Keysat doesn't sit unnoticed for hours on the customer's machine.
const VALIDATE_INTERVAL_MS = parseInt(
process.env.RECAP_VALIDATE_INTERVAL_MS || String(30 * 60 * 1000),
10
);
const ACTIVATE_VALIDATE_TIMEOUT_MS = 8000;
// 5 s file poll is the fast path for keys set via the StartOS "Set Recap
// License" action — the cost is one stat call per file every 5 s, which
// is negligible.
const LICENSE_FILE_POLL_MS = parseInt(
process.env.RECAP_LICENSE_FILE_POLL_MS || "5000",
10
);
// Opportunistic refresh: when /api/license-status is hit and the cached
// LIC was last validated more than this long ago, fire validateOnline in
// the background. The web UI hits license-status on every page load, so
// revocations get caught the next time anyone opens the app — usually
// well under the scheduled 30 min tick.
const OPPORTUNISTIC_REFRESH_THRESHOLD_MS = parseInt(
process.env.RECAP_OPPORTUNISTIC_REFRESH_MS || String(10 * 60 * 1000),
10
);
// ── Online refresh ──────────────────────────────────────────────────────────
// Calls the licensing server (with the network-error grace logic in
// license.validateOnline) and updates LIC. Logs only on state/reason
// changes to keep a clean log on healthy machines.
export async function refreshLicenseOnline(reason) {
const prev = LIC;
try {
LIC = await license.validateOnline();
} catch (e) {
console.error(`[license] refresh threw (${reason}):`, e?.message || e);
return;
}
if (LIC.state !== prev.state || LIC.reason !== prev.reason) {
console.log(
`[license] refresh (${reason}): state=${LIC.state}` +
(LIC.reason ? ` reason=${LIC.reason}` : "") +
` entitlements=[${[...LIC.entitlements].join(",")}]`
);
}
}
// Kick off a startup refresh and the periodic poll. Async startup so the
// server doesn't block on a slow Keysat round-trip.
export function startLicenseRefresh() {
refreshLicenseOnline("startup").catch(() => {});
setInterval(() => {
refreshLicenseOnline("scheduled").catch(() => {});
}, VALIDATE_INTERVAL_MS);
// Faster offline-only re-read so a license set via the "Set Recap
// License" StartOS action (or a manual edit to license.txt) is picked
// up within seconds instead of 6 h. Calls checkLicense() rather than
// validateOnline() to avoid hammering Keysat — the next scheduled
// validateOnline tick will confirm with the server. If a fresh key
// appears, kick an immediate online check too so an unrevoked Pro
// license doesn't get stuck pending until the 6 h tick.
setInterval(() => {
const prev = LIC;
const next = license.checkLicense();
if (next.licenseId !== prev.licenseId || next.state !== prev.state) {
LIC = next;
console.log(
`[license] file refresh: state=${LIC.state}` +
(LIC.reason ? ` reason=${LIC.reason}` : "") +
` entitlements=[${[...LIC.entitlements].join(",")}]`
);
if (next.state === "licensed") {
refreshLicenseOnline("file change").catch(() => {});
}
}
}, LICENSE_FILE_POLL_MS);
}
// ── Free-tier slot management ───────────────────────────────────────────────
// Whether the current LIC counts as a "free" (unlicensed / no core) user.
export function isFreeUser() {
return !(LIC.state === "licensed" && LIC.entitlements.has("core"));
}
// Returns true if the slot was acquired, false if another free job is in
// flight. The /api/process handler must release via releaseFreeSlot()
// in a finally block on every exit path.
export function tryAcquireFreeSlot() {
if (freeJobInFlight) return false;
freeJobInFlight = true;
return true;
}
export function releaseFreeSlot() {
freeJobInFlight = false;
}
// ── Endpoints reachable without a license ───────────────────────────────────
// /api/process is open so unlicensed (free-tier) users can summarize one
// video at a time with their own Gemini key. The route handler enforces
// BYO-key + the concurrency lock for free users.
const LICENSE_OPEN_PATHS = new Set([
"/api/health",
"/api/heartbeat",
"/api/status",
"/api/license-status",
"/api/license/activate",
"/api/license/deactivate",
"/api/process",
]);
// ── Pro-tier feature gates ──────────────────────────────────────────────────
// Each entry maps URL prefixes → required entitlement; first match wins.
// A licensed user without the right entitlement gets a clean 402
// feature_not_in_tier (vs. the generic activation gate above).
const PRO_FEATURE_GATES = [
{
prefixes: ["/api/subscriptions", "/api/auto-queue", "/api/sub-check-log"],
entitlement: "subscriptions",
feature: "subscriptions",
message:
"Channel subscriptions and auto-queue require a Pro license. Upgrade to unlock.",
},
{
prefixes: ["/api/history"],
entitlement: "history",
feature: "history",
message:
"Summary history requires a Pro license. Upgrade to unlock.",
},
{
prefixes: ["/api/library"],
entitlement: "library",
feature: "library",
message:
"Library import/export requires a Pro license. Upgrade to unlock.",
},
];
// ── Middleware setup ────────────────────────────────────────────────────────
// Registers the activation gate + Pro-tier gates on the given Express
// app. Order matters — both must be in the chain BEFORE any /api/*
// route registration, so call this early in boot.
export function setupLicenseMiddleware(app) {
// Activation-screen gate: any /api/* request without a valid license is
// rejected with 402, except the allowlist above. Non-/api requests
// (the static frontend, /assets, etc.) pass through so the UI can load.
app.use((req, res, next) => {
if (!req.path.startsWith("/api/")) return next();
if (LICENSE_OPEN_PATHS.has(req.path)) return next();
if (LIC.state === "licensed" && LIC.entitlements.has("core")) return next();
return res.status(402).json({
error: "license_required",
message:
LIC.state === "licensed"
? "Your license is missing the 'core' entitlement. Contact the seller."
: "This feature requires a Recap license. Upgrade to unlock.",
state: LIC.state,
reason: LIC.reason,
activate_url: "/#activate",
keysat_base_url: license.KEYSAT_BASE_URL,
product_slug: license.PRODUCT_SLUG,
});
});
// Pro-tier feature gates run after the activation gate.
app.use((req, res, next) => {
for (const gate of PRO_FEATURE_GATES) {
if (gate.prefixes.some((p) => req.path.startsWith(p))) {
if (LIC.entitlements.has(gate.entitlement)) return next();
return res.status(402).json({
error: "feature_not_in_tier",
feature: gate.feature,
message: gate.message,
keysat_base_url: license.KEYSAT_BASE_URL,
product_slug: license.PRODUCT_SLUG,
});
}
}
next();
});
}
// ── License management endpoints ────────────────────────────────────────────
// Open by virtue of being in LICENSE_OPEN_PATHS — the gate lets them
// through unauthenticated.
export function setupLicenseRoutes(app) {
app.get("/api/license-status", (_req, res) => {
// Opportunistic refresh: if the cached state is more than
// OPPORTUNISTIC_REFRESH_THRESHOLD_MS old, fire a validateOnline in
// the background. Doesn't block the response — the next status hit
// (or the next browser refresh) sees the updated state. Caps the
// worst-case revocation-detection latency for active users at the
// threshold value (default 10 min).
if (LIC.state === "licensed") {
const lastValidated = LIC.lastValidatedAt
? new Date(LIC.lastValidatedAt).getTime()
: 0;
const ageMs = Date.now() - lastValidated;
if (ageMs > OPPORTUNISTIC_REFRESH_THRESHOLD_MS) {
refreshLicenseOnline("opportunistic").catch(() => {});
}
}
res.json(license.publicView(LIC));
});
app.post("/api/license/activate", async (req, res) => {
try {
LIC = license.activate(req.body && req.body.license_key);
} catch (e) {
if (e && e.code === "bad_format") {
return res.status(400).json({
error: "bad_format",
message: "Expected a license key starting with 'LIC1-'.",
});
}
return res.status(500).json({ error: "activation_failed", message: e?.message });
}
if (LIC.state !== "licensed") {
// Offline signature check failed — no point hitting the server.
return res.status(400).json({
ok: false,
error: LIC.reason || "invalid",
...license.publicView(LIC),
});
}
// Offline check passed. Confirm with the licensing server so a key
// that was revoked before activation gets rejected immediately. Cap
// the wait so a slow server doesn't hang the activation UI — if we
// time out, accept the offline-verified state and let the periodic
// poll catch up.
await Promise.race([
refreshLicenseOnline("activation"),
new Promise((resolve) => setTimeout(resolve, ACTIVATE_VALIDATE_TIMEOUT_MS)),
]);
if (LIC.state === "licensed") {
return res.json({ ok: true, ...license.publicView(LIC) });
}
return res.status(400).json({
ok: false,
error: LIC.reason || "invalid",
...license.publicView(LIC),
});
});
app.post("/api/license/deactivate", (_req, res) => {
LIC = license.deactivate();
res.json({ ok: true, ...license.publicView(LIC) });
});
}
Reference in New Issue View Git Blame Copy Permalink