wip

app/Main.hs

@@ -3,6 +3,7 @@
 module Main where
 
 import           Config
+import           License
 import           Paths_toodles
 import           Server
 import           Types
@@ -15,17 +16,19 @@ import           Text.Printf              (printf)
 
 main :: IO ()
 main = do
+  dataDir <- getDataDir
+  hasLic <- readLicense (dataDir ++ "/toodles-license-public-key.pem") "/etc/toodles/license.json"
   userArgs <- toodlesArgs >>= setAbsolutePath
+  putStrLn $ show hasLic
   case userArgs of
     (ToodlesArgs _ _ _ _ True _) -> do
       sResults <- runFullSearch userArgs
       mapM_ (putStrLn . prettyFormat) $ todos sResults
     _ -> do
       let webPort = fromMaybe 9001 $ port userArgs
       ref <- newIORef Nothing
-      dataDir <- (++ "/web") <$> getDataDir
       putStrLn $ "serving on " ++ show webPort
-      run webPort $ app $ ToodlesState ref dataDir
+      run webPort $ app $ ToodlesState ref $ dataDir ++ "/web"
 
 prettyFormat :: TodoEntry -> String
 prettyFormat (TodoEntryHead _ l a p n entryPriority f _ _ _ _ _ _) =

package.yaml

@@ -17,6 +17,8 @@ data-files:
 - web/css/*
 - web/fonts/*
 - web/img/*
+- verify.py
+- toodles-license-public-key.pem
 
 synopsis:            Manage the TODO entries in your code
 description:
@@ -32,7 +34,7 @@ ghc-options:
   - -Wcompat
 
 dependencies:
-- base >= 4.0 && < 5
+- base >= 4.4.0 && < 5
 
 # TODO (avi|p=3|#dependencies) - dependencies need to be relaxed and
 # fixed to include other ghc versions
@@ -44,22 +46,29 @@ library:
   - Config
   - ToodlesApi
   - Server
+  - License
   dependencies:
   - hspec >= 2.4.4
   - hspec-expectations >=0.8.2
   - MissingH >=1.4.0.1
   - aeson ==1.3.1.1
+  - aeson-pretty 
   - blaze-html ==0.9.1.1
+  - bytestring
   - cmdargs ==0.10.20
   - directory ==1.3.1.5
   - extra ==1.6.13
   - megaparsec ==6.5.0
   - regex-posix ==0.95.2
+  - process
   - servant ==0.14.1
   - servant-blaze ==0.8
   - servant-server ==0.14.1
   - strict ==0.3.2
   - text ==1.2.3.1
+  - time
+  - RSA
+  - base64-bytestring
   - wai ==3.2.1.2
   - warp ==3.2.25
   - yaml ==0.8.32
@@ -81,19 +90,25 @@ executables:
     - hspec-expectations >=0.8.2
     - MissingH >=1.4.0.1
     - aeson ==1.3.1.1
+    - aeson-pretty 
     - blaze-html ==0.9.1.1
+    - bytestring
     - cmdargs ==0.10.20
     - directory ==1.3.1.5
     - extra ==1.6.13
     - megaparsec ==6.5.0
     - regex-posix ==0.95.2
     - servant ==0.14.1
+    - process
     - servant-blaze ==0.8
     - servant-server ==0.14.1
     - strict ==0.3.2
     - text ==1.2.3.1
     - wai ==3.2.1.2
     - warp ==3.2.25
+    - time
+    - RSA
+    - base64-bytestring
     - yaml ==0.8.32
 
 tests:
@@ -114,6 +129,7 @@ tests:
     - MissingH >=1.4.0.1
     - aeson ==1.3.1.1
     - blaze-html ==0.9.1.1
+    - bytestring
     - cmdargs ==0.10.20
     - directory ==1.3.1.5
     - extra ==1.6.13
@@ -124,6 +140,7 @@ tests:
     - servant-server ==0.14.1
     - strict ==0.3.2
     - text ==1.2.3.1
+    - time
     - wai ==3.2.1.2
     - warp ==3.2.25
     - yaml ==0.8.32

requirements.txt

@@ -0,0 +1 @@
+pycrypto

src/License.hs

@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveAnyClass      #-}
+{-# LANGUAGE DeriveGeneric       #-}
+{-# LANGUAGE GADTs               #-}
+{-# LANGUAGE OverloadedStrings   #-}
+{-# LANGUAGE ScopedTypeVariables #-}
+
+
+module License
+  (readLicense) where
+
+import           Paths_toodles
+
+import           Control.Exception
+import           Data.Aeson
+import           Data.Aeson.Encode.Pretty
+import qualified Data.ByteString.Base64.Lazy as B64
+import qualified Data.ByteString.Lazy.Char8  as LB
+import           Data.Maybe
+import           Data.Text                   (Text)
+import qualified Data.Text                   as T
+import           Data.Time.Clock.POSIX
+import           GHC.Generics
+import           System.Directory
+import           System.Process
+
+data UserTier
+  = BadLicense
+  | NoLiscense
+  | Individual
+  | Commercial
+  deriving (Show, Eq, Ord, Generic, ToJSON, FromJSON)
+
+data License = License {
+  payload          :: ToodlesLicense,
+  encoded          :: Text,
+  payloadSignature :: Text
+                       } deriving (Generic, FromJSON, ToJSON, Show)
+
+data ToodlesLicense = ToodlesLicense
+  { validStart :: Integer
+  , validEnd   :: Integer
+  , email      :: Text
+  , reference  :: Text
+  , product    :: Text
+  } deriving (Generic, FromJSON, ToJSON, Show)
+
+readLicense :: FilePath -> FilePath  -> IO (Either String UserTier)
+readLicense publicKeyPath licensePath  = do
+  licenseExists <- doesFileExist licensePath
+  putStrLn licensePath
+  if not licenseExists then
+    return $ Right NoLiscense
+  else do
+    parsedContents <- eitherDecodeFileStrict licensePath
+    either (return . Left) (isLicenseValid publicKeyPath) parsedContents
+
+isLicenseValid :: FilePath -> License -> IO (Either String UserTier)
+isLicenseValid publicKeyPath (License _ encodedPayload sig) = do
+  dataDir <- getDataDir
+  now <- ((* 1000) . round) `fmap` getPOSIXTime
+  let args =
+        [ dataDir ++ "/verify.py"
+        , publicKeyPath
+        , T.unpack sig
+        , T.unpack encodedPayload
+        ]
+      decodedPayload =
+        decode (B64.decodeLenient . LB.pack $ T.unpack encodedPayload)
+  result <-
+    catch
+      (readProcess "python" args "")
+      (\(e :: IOException) ->
+         return $ displayException e)
+  return $
+    let validated = ("True" == (T.strip $ T.pack result))
+    in if validated && (maybe 0 validEnd decodedPayload >= now)
+        then Right Commercial
+        else Left "Invalid license file"

stack.yaml

@@ -39,7 +39,7 @@ packages:
 # Dependency packages to be pulled from upstream that are not in the resolver
 # using the same syntax as the packages field.
 # (e.g., acme-missiles-0.3)
-# extra-deps: []
+extra-deps: []
 
 # Override default flag values for local packages and extra-deps
 # flags: {}

toodles-license-public-key.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrVba8B99vGOUvHUSNSv
+T6idquIYp3CdhRww2VckyrVwqCeFNePm6EDhHAsG4SVd94HQDpZdJd/Oohrqlt1I
+UccaPse4W3J9nMJx82H9BK91VuFWLKvPAEbeQn+uStRsSeAPeIBVo+y4i5cYPqdV
+eN6me2r79/cNwD21auTGTsTLJzY+RaiRA+pnmJuXvxhMjyER/GUn6hikJWrSF+6e
+9txokiJR9r2hCv2JQqYHWp/moF/nd/25aTrGEgiWz+RGY15P4UUk1Ju1DmNUQA4/
+RmOe1XnXw0X8aoKhuhTjZw5COsq5uHTq7tqC/CemQpldsETqj19XYO3TNi7ojmfa
+EQIDAQAB
+-----END PUBLIC KEY-----

toodles.cabal

@@ -4,7 +4,7 @@ cabal-version: 1.12
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: da3fad228f05c4c1dc5691eff2d8b7f26696e6ab636205bec8b4f89e831f1e50
+-- hash: 59929f0b70bb7a9408396d9c62a7f65052d229f674e2c8e97cc76ce7845aaa20
 
 name:           toodles
 version:        1.0.3
@@ -32,6 +32,8 @@ data-files:
     web/fonts/fontawesome-webfont.woff
     web/fonts/fontawesome-webfont.woff2
     web/img/favicon.png
+    verify.py
+    toodles-license-public-key.pem
 
 source-repository head
   type: git
@@ -44,28 +46,35 @@ library
       Config
       ToodlesApi
       Server
+      License
   other-modules:
       Paths_toodles
   hs-source-dirs:
       src
   ghc-options: -Wall -Wcompat
   build-depends:
       MissingH >=1.4.0.1
+    , RSA
     , aeson ==1.3.1.1
-    , base >=4.0 && <5
+    , aeson-pretty
+    , base >=4.4.0 && <5
+    , base64-bytestring
     , blaze-html ==0.9.1.1
+    , bytestring
     , cmdargs ==0.10.20
     , directory ==1.3.1.5
     , extra ==1.6.13
     , hspec >=2.4.4
     , hspec-expectations >=0.8.2
     , megaparsec ==6.5.0
+    , process
     , regex-posix ==0.95.2
     , servant ==0.14.1
     , servant-blaze ==0.8
     , servant-server ==0.14.1
     , strict ==0.3.2
     , text ==1.2.3.1
+    , time
     , wai ==3.2.1.2
     , warp ==3.2.25
     , yaml ==0.8.32
@@ -75,6 +84,7 @@ executable toodles
   main-is: Main.hs
   other-modules:
       Config
+      License
       Parse
       Server
       ToodlesApi
@@ -86,21 +96,27 @@ executable toodles
   ghc-options: -Wall -Wcompat -threaded -rtsopts -O3 -Wall -with-rtsopts=-N
   build-depends:
       MissingH >=1.4.0.1
+    , RSA
     , aeson ==1.3.1.1
-    , base >=4.0 && <5
+    , aeson-pretty
+    , base >=4.4.0 && <5
+    , base64-bytestring
     , blaze-html ==0.9.1.1
+    , bytestring
     , cmdargs ==0.10.20
     , directory ==1.3.1.5
     , extra ==1.6.13
     , hspec >=2.4.4
     , hspec-expectations >=0.8.2
     , megaparsec ==6.5.0
+    , process
     , regex-posix ==0.95.2
     , servant ==0.14.1
     , servant-blaze ==0.8
     , servant-server ==0.14.1
     , strict ==0.3.2
     , text ==1.2.3.1
+    , time
     , wai ==3.2.1.2
     , warp ==3.2.25
     , yaml ==0.8.32
@@ -111,6 +127,7 @@ test-suite toodles-test
   main-is: Spec.hs
   other-modules:
       Config
+      License
       Parse
       Server
       ToodlesApi
@@ -123,8 +140,9 @@ test-suite toodles-test
   build-depends:
       MissingH >=1.4.0.1
     , aeson ==1.3.1.1
-    , base >=4.0 && <5
+    , base >=4.4.0 && <5
     , blaze-html ==0.9.1.1
+    , bytestring
     , cmdargs ==0.10.20
     , directory ==1.3.1.5
     , extra ==1.6.13
@@ -137,6 +155,7 @@ test-suite toodles-test
     , servant-server ==0.14.1
     , strict ==0.3.2
     , text ==1.2.3.1
+    , time
     , toodles
     , wai ==3.2.1.2
     , warp ==3.2.25

verify.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+import sys
+from Crypto.PublicKey import RSA
+from Crypto.Signature import PKCS1_v1_5
+from Crypto.Hash import SHA512
+from base64 import b64decode, b64encode
+
+def verify_sign(public_key_loc, signature, data):
+    pub_key = open(public_key_loc, "r").read()
+    rsakey = RSA.importKey(pub_key)
+    signer = PKCS1_v1_5.new(rsakey)
+    digest = SHA512.new()
+    digest.update(data)
+    if signer.verify(digest, b64decode(signature)):
+        return True
+    return False
+
+if __name__ == "__main__":
+    print(verify_sign(sys.argv[1], sys.argv[2], sys.argv[3]))
+