license experiments

Author: valhuber

.vscode/launch.json

@@ -26,6 +26,28 @@
             "justMyCode": false,
             "console": "integratedTerminal"
         },
+        {
+            "name": "  - license generator",
+            "type": "debugpy",
+            "request": "launch",
+            "cwd": "${workspaceFolder}/docker/webgenie_docker/webgen_ai_docker/license",
+            "env": {"APILOGICSERVER_AUTO_OPEN": ""},
+            "program": "license_generator.py",
+            "redirectOutput": true,
+            "justMyCode": false,
+            "console": "integratedTerminal"
+        },
+        {
+            "name": "  - license checker",
+            "type": "debugpy",
+            "request": "launch",
+            "cwd": "${workspaceFolder}/docker/webgenie_docker/webgen_ai_docker/license",
+            "env": {"APILOGICSERVER_AUTO_OPEN": ""},
+            "program": "license_checker.py",
+            "redirectOutput": true,
+            "justMyCode": false,
+            "console": "integratedTerminal"
+        },
         {
             "name": "  - GenAI tests",
             "type": "debugpy",

api_logic_server_cli/prototypes/manager/system/genai/webg_local/docker-compose-webg.yml

@@ -0,0 +1,27 @@
+# Run WebGenAI locally from docker container
+
+# Before running, update ./system/genai/webg_local/webg_config/web_genai.txt
+# See: https://apilogicserver.github.io/Docs/WebGenAI-CLI/#configuration
+
+# cd <manager>  
+
+# docker-compose -f system/genai/webg_local/docker-compose-webg.yml up
+# docker-compose -f system/genai/webg_local/docker-compose-webg.yml down
+
+# if you have run docker compose up (above), you must run docker compose down to run directly:
+# docker run -it --rm --name webgenie -p 8282:80  --env-file ./system/genai/webg_local/webg_config/web_genai.txt -v ./system/genai/webg_local/webg_temp:/tmp  -v ./system/genai/webg_local/webg_projects:/opt/projects apilogicserver/web_genai
+
+name: webgenie
+services:
+    web_genai:
+        stdin_open: true
+        tty: true
+        container_name: webgenai
+        ports:
+            - 8282:80
+        env_file:
+            - ./../webg_local/webg_config/web_genai.txt
+        volumes:
+            - ./../webg_local/webg_temp:/tmp
+            - ./../webg_local/webg_projects:/opt/projects
+        image: apilogicserver/web_genai

api_logic_server_cli/prototypes/manager/system/genai/webg_local/webg_config/web_genai.txt

@@ -5,4 +5,8 @@ APILOGICSERVER_CHATGPT_APIKEY=sk-proj-< your api key >
 
 # WebGenAI security configuration
 # login password for the admin user
-# ADMIN_PASSWORD=password
+# ADMIN_PASSWORD=password
+
+# WebGenAI GitHub configuration
+GH_TOKEN={personal access token from github}
+GH_ORG=github.com/<gh-user-name>

docker/webgenie_docker/build_web_genie_local_license.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+
+set -e # exit on error
+
+contains()
+  # echo contains check $1 in $2
+  case "$1" in
+    (*"$2"*) true;;
+    (*) false;;
+  esac
+
+ostype=$(uname -a)
+if contains "Ubuntu" $ostype; then
+  ostype="ubuntu"
+fi
+# if contains "ubuntu" $ostype; then
+#   echo $ostype contains ubuntu
+# fi
+
+webgen_ai_docker='webgen_ai_docker'
+
+SRC_DIR=$(pwd)
+
+echo "\n\nBuild Web/GenAI Docker locally (no push to docker hub)"
+
+if [ $# -eq 0 ]
+  then
+    echo " "
+    # echo "shell: $SHELL"
+    echo "  on $ostype (version 7.0.15)\n"
+    echo " "
+    echo " Note: creates a folder at pwd: $webgen_ai_docker"
+    echo " "
+    echo "   > cd ~/dev/ApiLogicServer/ApiLogicServer-dev/org_git/ApiLogicServer-src"
+    echo "   > sh docker/webgenie_docker/build_web_genie_local.sh local "
+    echo " "
+    exit 0
+fi
+
+echo " "
+# ls 
+echo "pwd: $(pwd)\n"
+echo "To build api_logic_server_local image:"
+echo ".. 1. BLT (with tomato), or"
+echo ".. 2. See 'Internal' at docker/api_logic_server.Dockerfile"
+read -p "Verify pwd = ApiLogicServer-src, local image ready (see above)> "
+echo " "
+
+cd ..
+ORG_GIT_DIR=$(pwd)
+echo "pwd: $(pwd)"
+
+echo " "
+echo "\nClean $webgen_ai_docker\n"
+set -x
+
+rm -rf $webgen_ai_docker
+cp -r $SRC_DIR/docker/webgenie_docker/$webgen_ai_docker ./
+cd $webgen_ai_docker
+touch webgenai_env
+
+# Build wg:
+git clone https://github.com/ApiLogicServer/sra --depth=1
+git clone https://github.com/ApiLogicServer/webgenai
+cd webgenai
+git pull
+# git checkout so_release
+cd ..
+
+if [ "$1" = "local" ]
+  then
+    docker build -f $SRC_DIR/docker/webgenie_docker/webgen_ai_docker/webgenie_local_license.Dockerfile -t apilogicserver/web_genai --no-cache  --rm .
+  fi
+
+set +x
+
+# cd ~/dev/ApiLogicServer/ApiLogicServer-dev/org_git/ApiLogicServer-src
+# sh docker/webgenie_docker/build_web_genie_local_license.sh local
+
+# docker run -it --rm --name webgenie -p 8282:80  --env-file ./../../webg-local/webg-config/web_genai.txt -v ./../../webg-local/webg-temp:/tmp  -v ./../../webg-local/webg-projects:/opt/projects apilogicserver/web_genai
+
+cd $SRC_DIR
+echo "\npwd: $(pwd)\n"
+echo "  (wg-temp formerly at: docker cp webgenie:/tmp ~/Desktop/wg-temp \n"
+echo "projects, temp at ./../../webg-local -- eg, drag it to manager workspace"
+echo "you can 'clean' the webgenie_docker folder\n"
+echo " .. delete it: rm -rf ./../../webg-local  \n"
+echo " .. cp -r docker/webgenie_docker/webgen_ai_docker/webg-local_proto ./../../webg-local \n"
+echo "    .. AND, you will need 2 magic files under docker/webgenie_docker/webgen_ai_docker/webg-local_proto/webg-config"
+echo "Browse to: http://localhost:8282/"
+echo "\nrun: docker run -it --rm --name webgenai -p 8282:80  --env-file ./../../webg-local/webg-config/web_genai.txt  -v ./../../webg-local/webg-projects:/opt/projects -v ./../../webg-local/webg-temp:/tmp apilogicserver/web_genai \n "
+
+exit 0

docker/webgenie_docker/webgen_ai_docker/arun.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+#
+# Start the webgenie admin interface
+#
+
+function monitor() {
+    [[ -z ${MONITOR} ]] && return
+    # Run the monitor script to check project health
+    
+    while true; do
+        date
+        python database/manager.py -m
+        sleep 250
+    done
+}
+
+function start_dev() {
+    [[ -z ${VITE_DEV} ]] && return
+    # Start the web dev server
+    cd /opt/webgenai/simple-spa
+    if [[ ! -e node_modules ]]; then
+        echo "$PWD/node_modules does not exist"
+        
+        read -p "Do you want to continue? (y/n): " answer
+        if [ "$answer" != "${answer#[Nn]}" ] ;then
+            return
+        fi
+        npm i 
+    fi
+    VITE_PORT=5174 npm run dev &
+}
+
+function update_schema() {
+    # Update the schema
+    set +e
+    cd /opt/webgenai
+    bash database/update_schema.sh "${DB_URI}"
+    set -e
+}
+
+function start_nginx() {
+    NGINX_PORT=${WG_NGINX_PORT:-80}
+    sed -i "s/80 default_server/${NGINX_PORT} default_server/" /etc/nginx/sites-available/default
+    sed -i "s/80 default_server/${NGINX_PORT} default_server/" /etc/nginx/wg.conf
+    set +e
+    rm /opt/projects/wgadmin/nginx/*conf
+    set -e
+    # Start the nginx server
+    nginx -g 'daemon off;' &
+    echo "Nginx started"
+}
+
+set -e
+set -x
+cd /opt/webgenai
+[[ -f extra_scripts.sh ]] && source extra_scripts.sh
+
+export APILOGICPROJECT_SWAGGER_PORT=${APILOGICPROJECT_SWAGGER_PORT:-8282}
+export APILOGICPROJECT_EXTERNAL_PORT=${APILOGICPROJECT_EXTERNAL_PORT:-8282}
+
+export APILOGICPROJECT_SWAGGER_HOST=${APILOGICPROJECT_EXTERNAL_HOST:-localhost}
+export APILOGICPROJECT_PORT=${APILOGICPROJECT_PORT:-5657}
+export PROJ_ROOT="/opt/projects"
+export UPLOAD_FOLDER="${PROJ_ROOT}/wgupload"
+
+mkdir -p "${UPLOAD_FOLDER}" "${PROJ_ROOT}/wgadmin/nginx"
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m' # No Color
+
+start_nginx
+
+
+start_dev &
+
+# Enable security if password is set in container environment
+[[ -n "${ADMIN_PASSWORD}" ]] && export SECURITY_ENABLED="true"
+
+if [[ -z ${SECURITY_ENABLED} || ${SECURITY_ENABLED} == "false" || ${SECURITY_ENABLED} == "no" ]] ; then
+    echo -e "${RED}Authentication disabled (\$SECURITY_ENABLED=${SECURITY_ENABLED}) ${NC}"
+    export SECURITY_ENABLED="false"
+else
+    echo -e "${GREEN}Authentication enabled ${NC}"
+    export JWT_SECRET_KEY=${JWT_SECRET_KEY:-$(openssl rand -hex 32)}
+fi
+
+if [[ -z ${APILOGICSERVER_CHATGPT_APIKEY} ]]; then
+    echo 'No $APILOGICSERVER_CHATGPT_APIKEY, Please provide a valid key if you want to use GenAI'
+    echo -n '> '
+    read APILOGICSERVER_CHATGPT_APIKEY
+    export APILOGICSERVER_CHATGPT_APIKEY
+fi
+
+export PYTHONPATH=$PWD
+# Database
+export DB_URI=${DB_URI:-"${PROJ_ROOT}/wgadmin/db.sqlite"}
+export SQLALCHEMY_DATABASE_URI="sqlite:///${DB_URI}"
+export WG_SQLALCHEMY_DATABASE_URI="${SQLALCHEMY_DATABASE_URI}"
+( update_schema ${DB_URI} )
+# if [[ ! -e "${DB_URI}" ]]; then
+#     echo "Creating database at ${DB_URI}"
+#     python database/manager.py -c 2>/dev/null
+# fi
+
+python database/manager.py -c 2>/dev/null
+# Kill any running project / set "running" to false
+python database/manager.py -K &
+ln -sfr /opt/projects/by-ulid ~
+
+# Temp fix - ignore optlocking
+export OPT_LOCKING=${OPT_LOCKING:-ignored}
+#> /home/api_logic_server/api_logic_server_cli/templates/opt_locking.txt
+
+
+monitor &
+
+echo WG BUILD: $(cat build_ts.txt)
+export GUNICORN_CMD_ARGS=" --worker-tmp-dir=/dev/shm -b 0.0.0.0:${APILOGICPROJECT_PORT} --timeout 60 --workers 3 --threads 2 --reload"
+gunicorn api_logic_server_run:flask_app

docker/webgenie_docker/webgen_ai_docker/license/license.json

@@ -0,0 +1,6 @@
+{
+    "license_key": "ABCD-1234-EFGH-5678",
+    "license_type": "PRO",
+    "expiry": "2025-12-31",
+    "signature": "ExPd5FL9VI6jOpDruwgBUF3knikbD9xAxNgq0Yneah0"
+}

docker/webgenie_docker/webgen_ai_docker/license/license_checker.py

@@ -0,0 +1,76 @@
+import json
+import os
+import datetime
+import base64
+import hashlib
+import hmac
+
+# Secret key for signing (store securely!)
+SECRET_KEY = b"your-secure-secret-key"
+
+def load_license(license_path="license.json"):
+    """Load the license file from disk."""
+    if not os.path.exists(license_path):
+        print("License file not found.")
+        return None
+    try:
+        with open(license_path, "r") as file:
+            return json.load(file)
+    except json.JSONDecodeError:
+        print("Invalid license file format.")
+        return None
+
+def verify_signature(license_data):
+    """Verify that the license signature is valid."""
+    signature = license_data.pop("signature", None)  # Extract signature
+    if not signature:
+        print("Missing signature.")
+        return False
+
+    # Create a hash-based message authentication code (HMAC)
+    license_string = json.dumps(license_data, sort_keys=True).encode()
+    expected_signature = base64.b64encode(hmac.new(SECRET_KEY, license_string, hashlib.sha256).digest()).decode()
+
+    if signature != expected_signature:
+        print("Invalid license signature. Possible tampering detected.")
+        return False
+
+    return True
+
+def is_license_valid(license_data):
+    """Check if the license is still valid (not expired)."""
+    expiry_date = license_data.get("expiry")
+    if not expiry_date:
+        print("No expiry date found in license.")
+        return False
+
+    try:
+        expiry_date = datetime.datetime.strptime(expiry_date, "%Y-%m-%d")
+    except ValueError:
+        print("Invalid expiry date format.")
+        return False
+
+    if expiry_date < datetime.datetime.now():
+        print("License expired.")
+        return False
+
+    return True
+
+def check_license():
+    """Main function to validate the license."""
+    license_data = load_license()
+    if not license_data:
+        exit(1)
+
+    if not verify_signature(license_data):
+        print("License verification failed.")
+        exit(1)
+
+    if not is_license_valid(license_data):
+        print("License expired or invalid.")
+        exit(1)
+
+    print(f"License is valid! Type: {license_data['license_type']}, Expiry: {license_data['expiry']}")
+
+if __name__ == "__main__":
+    check_license()