-
marooned3d@yandex.ru authored
Backend (gitlab.seriousgames.ru/products/controlcenter/backend): - Models: User (admin/editor), Product, Customer, License (perpetual + revoke + max_activations), Activation (HWID-bind), AuditLog. - Crypto: RSA-2048 keypair gen-on-first-start (KEYS_DIR), RSA-PSS подпись blob'а (base64-JSON {v, license_id, key, product, customer, hwid, kind, features, issued_at, expires_at, nonce}). Public.pem отдаётся через GET /api/public/key для встраивания в клиентов. - Auth: JWT (HS256, 30 дней), bcrypt-пароли, idempotent admin seed (test@8vision.ru / Test4096+). - Public API: POST /api/public/activate — обмен (key, hwid) → подписанный blob POST /api/public/validate — heartbeat: проверка revoked, last_seen GET /api/public/key — RSA public.pem - Admin API под JWT: Products list/update; Customers CRUD; Licenses CRUD + revoke; Activations list + force-deactivate; Audit log. - Audit middleware: async-write всех успешных POST/PUT/PATCH/DELETE на /api/admin/* в audit_logs. - Seed: 6 канонических продуктов (avatar, digital-library, digital-museum, laser-touch, municipal-navigator, spektr). Deploy: - Dockerfile (multi-stage, internal registry node:20-alpine). - docker-compose.{yml,prod.yml}: postgres + app, volume cckeys для RSA-ключей. - .gitlab-ci.yml: build-push + deploy (port 8094, host nginx → controlcenter.8vision.ru). - nginx site config с certbot-friendly SSL. Client: - C# skeleton (client/csharp/BlobVerifier.cs): локальная RSA-PSS проверка blob'а + DTO. Под LaserTouch и будущие desktop-продукты. Frontend Angular admin — следующая итерация. Co-Authored-By:Claude Opus 4.7 (1M context) <noreply@anthropic.com>
a8bbc7ec
Loading