What are you working on?

[ezekg]

I figured I'd try and kickstart some discussion by seeing what everybody is working on. Feel free to share! 😃

[NeverGray]

I need to create a "check-out/check-in" (or leasing) licensing for my program written with Python. Based on reading your website (very well written), I'll need to add heartbeat monitoring. Is any sample code available?

I successfully used the "example-python-machine-activation" for node-based licensing during my beta testing. My clients are interested in buying some licenses for multiple users (for example, 3 licenses for 5 or more users). I'm getting stuck on how to start this process.

[ezekg]

@NeverGray You'd want to use something like Python's threading package to perform heartbeat pings on a timer, according to the license's heartbeat requirements. That'd look like this method, which can be called after the machine is activated and you have the machine's unique ID:

import requests
import threading
import sys
import os

def ping_heartbeat(machine_id):
  ping = requests.post(
    "https://api.keygen.sh/v1/accounts/{}/machines/{}/actions/ping-heartbeat".format(os.environ['KEYGEN_ACCOUNT_ID'], machine_id),
    headers={
      "Authorization": "Bearer {}".format(os.environ['KEYGEN_ACTIVATION_TOKEN']),
      "Accept": "application/vnd.api+json"
    }
  ).json()

  # Handle any errors from the API
  if "errors" in ping:
    errs = ping["errors"]

    print(errs, file=sys.stderr)

    return

  # Call the heartbeat ping again in 60 seconds
  timer = threading.Timer(60.0, lambda: ping_heartbeat(machine_id))

  timer.start()

[NeverGray]

Thanks, Zeke,

I'll use this function in the security portion of my program. Do you have a complete sample, like the "example-python-machine-activation"? This was extremely helpful for the first licensing scheme I developed. Also, can you provide examples for setting up the KeyGen license? I got a little confused with the 'concurrent' and a few other settings.

I'm happy to contribute the licensing and security code that I eventually create to manage the licensing of my software. A few more pieces or examples would help me progress much faster.

[ezekg]

@NeverGray no problem. Here's an example: https://github.com/keygen-sh/example-python-machine-heartbeats.

[NeverGray]

Once again, thanks Zeke. I'll still need to create a python code for licensing scheme to pull from a pool of licenses. My software is no longer "node-locked".

A company purchases a pool of licenses (say three). Each user can then claims one license when starting the program. I didn't see any Python code for this type of scheme, with a heartbeat.

[ezekg]

Adding support for a floating license model is straight forward, which is how you'd typically implement that type of licensing model in Keygen. One license would be shared across all users, and each user would then activate their device. In your example, the policy would have a maximum machine limit of 3 (i.e. for 3 users).

Then, you would want to update the NO_MACHINE validation code check in the example to instead check for NO_MACHINES and FINGERPRINT_SCOPE_MISMATCH, since those codes are returned when the policy is floating, indicating there are no activations yet, or that there are activations but the current device is not activated, respectively.

So for that example, that'd look like this changeset, since these are both signals that we should attempt to active the current device and begin heartbeat pings for the newly activated device:

# Attempt to activate the machine if it's not already activated
-if validation_code == 'NO_MACHINE':
+if validation_code == 'NO_MACHINES' or validation_code == 'FINGERPRINT_SCOPE_MISMATCH':
  machine_id = activate_machine_for_license(license_id, machine_fingerprint)
  if machine_id == None:
    sys.exit(1)

[chrisle]

Working on Now Playing 2. It's an app for DJs who live stream. It automatically connects to your DJ equipment and adds the currently playing track to your Twitch / YouTube live stream. https://www.nowplaying2.com

I honestly wish I found keygen a LOT sooner because I'm now reworking a bunch of the app to make use of it. :)

[jleei]

I'm working on an electron based app. Testing the license function.

[taxilian]

I'm working on an electron app using a combination of offline license caching and verification. I'm a big typescript guy, so I'll share the helper I wrote to use axios for keygen requests but verify the responses. Hopefully this will save someone some time =]

It probably still needs to do a better job of handling error conditions, but should be useful for anyone wanting to use axios to talk to keygen in node.js or electron (and hopefully that'll give enough search terms to make this findable)

import axios, { AxiosRequestConfig, AxiosResponse, AxiosResponseHeaders } from "axios";
import crypto from "crypto";

// Replace this with your ed25519 public key
const EdPublicKey = 'MCow........=';

const verifyPubKey = crypto.createPublicKey({
  key: Buffer.from(EdPublicKey, "base64"),
  format: "der",
  type: "spki",
});

/**
 * Call this function instead of axios.request() in order to make a request to the keygen server
 * which does not 
 * @param opts Axios request options
 * @returns 
 */
export async function keygenRequest<T>(opts: AxiosRequestConfig) {
  const headers = {
    ...opts.headers || {},
    'Accept': 'application/vnd.api+json',
    'Content-Type': 'application/vnd.api+json',
    'Keygen-Accept-Signature': 'algorithm="ed25519"',
  }
  const resp = await axios.request<string>({
    ...opts,
    headers,
    transformResponse: (data: any) => data,
  });

  const uriObj = new URL(opts.url);
  const withoutHost = opts.url.substring(opts.url.indexOf(uriObj.pathname));
  verify(resp.data, resp.headers, withoutHost, opts.method?.toLowerCase() || 'get', uriObj.host);

  resp.data = JSON.parse(resp.data);
  return resp as unknown as AxiosResponse<T>;
}

interface KeyGenSignature {
  keyid: string;
  algorithm: string;
  signature: string;
  headers: string[];
}
function parseParameterizedHeader(header: string) {
  if (header == null) {
    return null;
  }

  const params = header.split(/\s*,\s*/g);
  const keyvalues = params.map((param) => {
    const [, key, value] = param.match(/([^=]+)="([^"]+)"/i);

    return [key, value];
  });

  return keyvalues.reduce(
    (o, [k, v]) => ((o[k] = v), o),
    {} as Record<string, string>
  ) as unknown as KeyGenSignature;
}

export function verify(body: any, headers: AxiosResponseHeaders, uri: string, method: string, host: string = 'api.keygen.sh') {
  // Parse and verify the response signature
  // Parse the signature header
  const header = parseParameterizedHeader(headers["keygen-signature"]);

  // Extract the algorithm and signature from the header
  const { algorithm, signature } = header;

  // Ensure signing algorithm is what we expect
  if (algorithm !== "ed25519") {
    throw new Error("Invalid signature algorithm");
  }

  // Verify integrity
  const hash = crypto.createHash("sha256").update(body);
  const digest = `sha-256=${hash.digest("base64")}`;
  if (digest !== headers['digest']) {
    throw new Error("Invalid digest");
  }

  // Reconstruct the signing data
  const date = headers['date'];
  const data = [
    `(request-target): ${method} ${uri}`,
    `host: ${host}`,
    `date: ${date}`,
    `digest: ${digest}`,
  ].join("\n");

  // Initialize our public key

  // Decode and verify the signature
  const signatureBytes = Buffer.from(signature, "base64");
  const dataBytes = Buffer.from(data);
  const ok = crypto.verify(null, dataBytes, verifyPubKey, signatureBytes);
  if (!ok) {
    throw new Error("invalid signature");
  }
}

[ezekg]

This looks great. Thanks for sharing @taxilian!

[fmg-pete]

I'm re-writing a 30 year-old, completely undocumented engineering app for Windows in C#. The legacy version was written in VB6 and relied on a klunky, manual licensing / billing / renewal system and a gigantic Excel spreadsheet. I aim to modernize it so that users can purchase and manage licenses through the business' website.

[ezekg]

Sounds fun. Working on a legacy app is hard work, but it's rewarding when you're able to refactor and modernize the it.

Good luck and thanks for sharing!

[SheereenHamza]

Hi,

Hope you all are doing well

I am working on a plugin which I am planning to license (feature-based subscription, online and offline, probably node-locked).

Regards,
Sheereen

[shafiq1530]

Hi,

Hope you all are doing well

I am working on a product which I am planning to license (online and offline for user-node-locked,node-locked and floating license).So I need to implement offline licensing .

Regards,
Mohamed Shafiq

[muhyuddin]

Hi,
Hope everyone is doing good.

I am working on deploying a product in docker swarm mode, and currently has keygen integration into the server end. I am currently hosting my docker images as artifacts on Keygen. Its working great, thanks to the whole team and community <3

I have hit a roadblock where i want to configure Swarmpit/swarm mode to check for docker image updates and redeployments, but cant figure out how to integrate with Keygen.sh, as its not a proper docker registery. Any help would be much appreciated.

Thanks for this wholesome product.