secure-electron-license-keys-cli icon indicating copy to clipboard operation
secure-electron-license-keys-cli copied to clipboard

Published 20 hours ago verified publisher icon reZach

Question Regarding Usage

Open bitblt900 opened this issue 3 years ago • 3 comments

This project looks really interesting. Hoping to gain some clarity though:

The public.key and license.data [by default] you will need to put in the root of your Electron app.

I'm confused. If the license is embedded in the app, what exactly are we verifying? Basically the app has been distributed with a permanently valid key/license pair?

And even if we don't embed the license.data and instead prompt the user for it, the same license key could be re-used for any instance of the app correct?

bitblt900 avatar Jun 24 '21 17:06 bitblt900

@bitblt900 The app can be distributed with a permanent valid key/license pair if you do not set any versions within the license.

secure-electron-license-keys-cli generates a key/license that's good for all versions.

secure-electron-license-keys-cli --major "7" generates a key/license that is good for all versions up to version 7.

secure-electron-license-keys-cli --expire "2022-12-25" generates a key/license that is valid up until December 25th, 2022.

secure-electron-license-keys-cli --user "[email protected]" generates a key/license that is valid up only for [email protected].

As a summary, whatever options you choose to set, the license data will have these values baked-into the license file output. Then, it's up to your front-end code to act upon these values and show dialogs/modals that their license is about to expire, or prevent them from using the app, etc. Taken from secure-electron-license-keys

import console from "node:console";
import React from "react";
import {
  validateLicenseRequest,
  validateLicenseResponse,
} from "secure-electron-license-keys";

class Component extends React.Component {
  constructor(props) {
    super(props);

    this.checkLicense = this.checkLicense.bind(this);
  }

  componentWillUnmount() {
    window.api.licenseKeys.clearRendererBindings();
  }

  componentDidMount() {
    // Set up binding to listen when the license key is
    // validated by the main process
    const _ = this;

    window.api.licenseKeys.onReceive(validateLicenseResponse, function (data) {
      console.log("License response:");

      // data.success = was license validation successful
      // data.appVersion = the value of package.json in your app
      // data.appVersion.major = the major version of your package.json in your app
      // data.appVersion.minor = the minor version of your package.json in your app
      // data.appVersion.patch = the patch version of your package.json in your app
      // data.major = the major version set in your license data file
      // data.minor = the minor version set in your license data file
      // data.patch = the patch version set in your license data file
      // data.user = the user value set in your license data file
      // data.expire = the expire value set in your license data file

      // ie.
      if (data.appVersion.major <= data.major) {
          // continue;
      } else {
          // user isn't able to use app
      }
    });
  }

  // Fire event to check the validity of our license
  checkLicense(event) {
    window.api.licenseKeys.send(validateLicenseRequest);
  }

  render() {
    return (
      <div>
        <button onClick={this.checkLicense}>Check license</button>
      </div>
    );
  }
}

I hope this gives a bit more clearer picture of how to use these libraries.

reZach avatar Jun 29 '21 02:06 reZach

That all makes sense. Can you walk me though how I might distribute an app that does not work (or works in a limited fashion) without a key, and then allow a user to purchase and apply a key locally? Is this possible?

taylorhadden avatar Sep 03 '21 18:09 taylorhadden

@taylorhadden That is out of scope of this library, but here is a rough outline of what I imagine could happen.

  1. Install secure-electron-license-keys-cli in your project
  2. Code up a payment screen where you can accept payment in your project
  3. Upon successful payment, call secure-electron-license-keys-cli and generate a key based on the user who just paid. You might have to use the --output command to make sure it gets into the right place in the app (which is the root of your Electron app)
  4. Make a window.api.licenseKeys.send(validateLicenseRequest) call as described here
  5. Your [Electron] backend (ie. main.js) will see the new license file and return a success message where you can show/hide functionality in your project

This library was designed to pre-bake the license data in your app, so the flow isn't as smooth as it could be but I think it's still possible to do what you are desiring.

reZach avatar Sep 10 '21 03:09 reZach