feat: netifyd licensing

Author: Tbaile

app/Http/Controllers/NetifyLicenceController.php

@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Logic\NetifydLicenceRepository;
+use App\NetifydLicenceType;
+use Exception;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Log;
+
+class NetifyLicenceController extends Controller
+{
+    public function community(NetifydLicenceRepository $licenceProvider): JsonResponse
+    {
+        return $this->run($licenceProvider, NetifydLicenceType::COMMUNITY);
+    }
+
+    private function run(NetifydLicenceRepository $licenceProvider, NetifydLicenceType $licenceType): JsonResponse
+    {
+        // If license is in cache, return it.
+        if (Cache::has($licenceType->cacheLabel())) {
+            Log::debug('Cache hit, serving license.');
+
+            return response()->json(Cache::get($licenceType->cacheLabel()));
+        }
+
+        Log::debug('Cache miss, listing licenses.');
+        // Check if the community license is on the remote server.
+        try {
+            $licences = $licenceProvider->listLicences();
+        } catch (Exception $e) {
+            return response()->json(['message' => $e->getMessage()], 500);
+        }
+        $license = array_find($licences['data'], fn ($item) => $item['issued_to'] == $licenceType->label());
+        // If it doesn't exist, create it.
+        if ($license == null) {
+            Log::debug('Requested license not found, creating it.');
+            try {
+                $license = $licenceProvider->createLicence($licenceType);
+            } catch (Exception $e) {
+                return response()->json(['message' => $e->getMessage()], 500);
+            }
+        }
+        // Got license, checking if everything is in place.
+        Log::debug('License found, checking renewal/expiration.');
+        $expiration = $license['expire_at']['unix'];
+        $creation = $license['created_at']['unix'];
+        $renewalThreshold = ($expiration - $creation) / 2 + $creation;
+        $now = now()->unix();
+        if ($renewalThreshold < $now) {
+            Log::debug('Licence can be renewed, renewing.');
+            try {
+                $license = $licenceProvider->renewLicence($licenceType, $license['serial']);
+            } catch (Exception $e) {
+                return response()->json(['message' => $e->getMessage()], 500);
+            }
+        }
+
+        $expiration = $license['expire_at']['unix'];
+        $creation = $license['created_at']['unix'];
+        Cache::put($licenceType->cacheLabel(), $license, ($expiration - $creation) / 2);
+
+        return response()->json($license);
+    }
+
+    public function enterprise(NetifydLicenceRepository $licenceProvider): JsonResponse
+    {
+        return $this->run($licenceProvider, NetifydLicenceType::ENTERPRISE);
+    }
+}

app/Logic/NetifydLicenceRepository.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace App\Logic;
+
+use App\NetifydLicenceType;
+use Exception;
+use Illuminate\Http\Client\ConnectionException;
+use Illuminate\Http\Client\RequestException;
+use Illuminate\Support\Facades\Http;
+
+class NetifydLicenceRepository
+{
+    public function __construct(private string $endpoint, private string $apiKey) {}
+
+    /**
+     * @throws Exception
+     */
+    public function listLicences(): array
+    {
+        try {
+            return Http::withHeader('x-api-key', $this->apiKey)
+                ->get($this->endpoint.'/api/v2/integrator/licenses?format=netifyd')
+                ->throw()
+                ->json('data');
+        } catch (ConnectionException|RequestException $e) {
+            throw new Exception('Could not list licences from netifyd: '.$e->getMessage());
+        }
+    }
+
+    /**
+     * @throws Exception
+     */
+    public function createLicence(NetifydLicenceType $licenceType): array
+    {
+        try {
+            return Http::withHeader('x-api-key', $this->apiKey)
+                ->post(config('netifyd.endpoint').'/api/v2/integrator/licenses', [
+                    'format' => 'object',
+                    'issued_to' => $licenceType->label(),
+                    'duration_days' => $licenceType->durationDays(),
+                    'description' => 'License provided to'.$licenceType->label().'instances.',
+                    'entitlements' => [
+                        'netify-proc-aggregator',
+                        'netify-proc-flow-actions',
+                    ],
+                ])->throw()
+                ->json('data');
+        } catch (ConnectionException|RequestException $e) {
+            throw new Exception('Could not create licence on netifyd: '.$e->getMessage());
+        }
+    }
+
+    /**
+     * @throws Exception
+     */
+    public function renewLicence(NetifydLicenceType $licenceType, string $serial): array
+    {
+        try {
+            return Http::withHeader('x-api-key', config('netifyd.api-key'))
+                ->post(config('netifyd.endpoint').'/api/v2/integrator/licenses/'.$serial.'/renew', [
+                    'duration_days' => $licenceType->durationDays(),
+                ])->throw()
+                ->json('data');
+
+        } catch (ConnectionException|RequestException $e) {
+            throw new Exception('Could not renew licence on netifyd: '.$e->getMessage());
+        }
+    }
+}

app/NetifydLicenceType.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App;
+
+use Illuminate\Support\Str;
+
+enum NetifydLicenceType: string
+{
+    case COMMUNITY = 'community';
+    case ENTERPRISE = 'enterprise';
+
+    public function label(): string
+    {
+        return match ($this) {
+            self::COMMUNITY => 'NethSecurity Community Edition',
+            self::ENTERPRISE => 'NethSecurity Enterprise Edition',
+        };
+    }
+
+    public function cacheLabel(): string
+    {
+        return Str::slug($this->label());
+    }
+
+    public function durationDays(): int
+    {
+        return match ($this) {
+            self::COMMUNITY => 3,
+            self::ENTERPRISE => 7,
+        };
+    }
+}

app/Providers/AppServiceProvider.php

@@ -3,6 +3,7 @@
 namespace App\Providers;
 
 use App\Logic\LicenceVerification;
+use App\Logic\NetifydLicenceRepository;
 use Illuminate\Support\ServiceProvider;
 
 class AppServiceProvider extends ServiceProvider
@@ -15,6 +16,9 @@ public function register(): void
         $this->app->singleton(LicenceVerification::class, function () {
             return new LicenceVerification(config('repositories.endpoints.enterprise'), config('repositories.endpoints.community'));
         });
+        $this->app->singleton(NetifydLicenceRepository::class, function () {
+            return new NetifydLicenceRepository(config('netifyd.api-key'), config('netifyd.endpoint'));
+        });
     }
 
     /**

config/netifyd.php

@@ -0,0 +1,10 @@
+<?php
+
+/**
+ * Netifyd configuration
+ */
+
+return [
+    'endpoint' => env('NETIFYD_API_ENDPOINT', 'https://agents.netify.ai'),
+    'api-key' => env('NETIFYD_API_KEY'),
+];

phpunit.xml

@@ -31,5 +31,6 @@
         <env name="SESSION_DRIVER" value="array"/>
         <env name="TELESCOPE_ENABLED" value="false"/>
         <env name="REPOSITORY_MILESTONE_TOKEN" value="testing" />
+        <env name="NETIFYD_API_KEY" value="key" />
     </php>
 </phpunit>

routes/web.php

@@ -1,5 +1,6 @@
 <?php
 
+use App\Http\Controllers\NetifyLicenceController;
 use App\Http\Controllers\RepositoryController;
 use App\Http\Middleware\CommunityLicenceCheck;
 use App\Http\Middleware\EnterpriseLicenceCheck;
@@ -28,4 +29,8 @@
     Route::get('/repository/enterprise/{repository:name}/{path}', RepositoryController::class)
         ->where('path', '.*')
         ->middleware(EnterpriseLicenceCheck::class);
+
+    Route::get('/netifyd/enterprise/licence', [NetifyLicenceController::class, 'enterprise']);
 });
+
+Route::get('/netifyd/community/licence', [NetifyLicenceController::class, 'community']);

tests/Feature/Http/Controllers/NetifyLicenceControllerTest.php

@@ -0,0 +1,161 @@
+<?php
+
+use App\Logic\LicenceVerification;
+use App\Logic\NetifydLicenceRepository;
+use App\NetifydLicenceType;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Http;
+use Mockery\MockInterface;
+
+use function Pest\Laravel\get;
+use function Pest\Laravel\partialMock;
+use function Pest\Laravel\withBasicAuth;
+
+it('cannot access enterprise licence without credentials', function () {
+    get('/netifyd/enterprise/licence')
+        ->assertUnauthorized()
+        ->assertHeader('WWW-Authenticate', 'Basic');
+});
+
+it('can access enterprise licence with credentials', function () {
+    partialMock(LicenceVerification::class, function (MockInterface $mock) {
+        $mock->expects('enterpriseCheck')
+            ->with('system-id', 'secret')
+            ->andReturnTrue();
+    });
+    Cache::expects('has')->with(NetifydLicenceType::ENTERPRISE->cacheLabel())->andReturnTrue();
+    Cache::expects('get')->with(NetifydLicenceType::ENTERPRISE->cacheLabel())->andReturn(['license_key' => 'cache']);
+    withBasicAuth('system-id', 'secret')
+        ->get('/netifyd/enterprise/licence')
+        ->assertOk()
+        ->assertJson(['license_key' => 'cache']);
+});
+
+it('serves correctly cache if present', function () {
+    Cache::expects('has')->with(NetifydLicenceType::COMMUNITY->cacheLabel())->andReturnTrue();
+    Cache::expects('get')->with(NetifydLicenceType::COMMUNITY->cacheLabel())->andReturn(['license_key' => 'cached-license-key']);
+    Http::preventStrayRequests();
+    Http::fake();
+    $response = get('/netifyd/community/licence');
+    $response->assertOk()
+        ->assertJson([
+            'license_key' => 'cached-license-key',
+        ]);
+});
+
+it('handles errors from netifyd server', function () {
+    partialMock(NetifydLicenceRepository::class, function (MockInterface $mock) {
+        $mock->expects('listLicences')
+            ->andThrow(new Exception('Netifyd server error'));
+    });
+    get('/netifyd/community/licence')
+        ->assertInternalServerError()
+        ->assertJson([
+            'message' => 'Netifyd server error',
+        ]);
+});
+
+it('list licences', function () {
+    $expiration = now()->addDays(2);
+    $creation = now()->subDay();
+    $licence = [
+        'issued_to' => NetifydLicenceType::COMMUNITY->label(),
+        'serial' => 'EXAMPLE-COMMUNITY-SERIAL',
+        'expire_at' => [
+            'unix' => $expiration->unix(),
+        ],
+        'created_at' => [
+            'unix' => $creation->unix(),
+        ],
+    ];
+    partialMock(NetifydLicenceRepository::class, function (MockInterface $mock) use ($licence) {
+        $mock->expects('listLicences')
+            ->andReturn([
+                'data' => [$licence],
+            ]);
+    });
+    Cache::expects('has')->with(NetifydLicenceType::COMMUNITY->cacheLabel())->andReturnFalse();
+    Cache::expects('put')->with(NetifydLicenceType::COMMUNITY->cacheLabel(), $licence, ($expiration->unix() - $creation->unix()) / 2);
+    get('/netifyd/community/licence')->assertOk()->json($licence);
+});
+
+it('licence not found', function () {
+    partialMock(NetifydLicenceRepository::class, function (MockInterface $mock) {
+        $mock->expects('listLicences')
+            ->andReturn([
+                'data' => [],
+            ]);
+        $mock->expects('createLicence')
+            ->with(NetifydLicenceType::COMMUNITY)
+            ->andreturn([]);
+    });
+    get('/netifyd/community/licence');
+});
+
+it('cannot create new licence', function () {
+    partialMock(NetifydLicenceRepository::class, function (MockInterface $mock) {
+        $mock->expects('listLicences')
+            ->andReturn([
+                'data' => [],
+            ]);
+        $mock->expects('createLicence')
+            ->with(NetifydLicenceType::COMMUNITY)
+            ->andThrow(new Exception('Cannot create licence'));
+    });
+    get('/netifyd/community/licence')
+        ->assertInternalServerError()
+        ->assertJson(['message' => 'Cannot create licence']);
+});
+
+it('renews older licence', function () {
+    $licence = [
+        'issued_to' => NetifydLicenceType::COMMUNITY->label(),
+        'serial' => 'EXAMPLE-COMMUNITY-SERIAL',
+        'expire_at' => [
+            'unix' => now()->addDay()->unix(),
+        ],
+        'created_at' => [
+            'unix' => now()->subDays(3)->unix(),
+        ],
+    ];
+    partialMock(NetifydLicenceRepository::class, function (MockInterface $mock) use ($licence) {
+        $mock->expects('listLicences')
+            ->andReturn([
+                'data' => [
+                    $licence,
+                ],
+            ]);
+        $mock->expects('renewLicence')
+            ->with(NetifydLicenceType::COMMUNITY, 'EXAMPLE-COMMUNITY-SERIAL')
+            ->andReturn($licence);
+    });
+    get('/netifyd/community/licence')
+        ->assertOk();
+});
+
+it('cannot renew licence', function () {
+    $licence = [
+        'issued_to' => NetifydLicenceType::COMMUNITY->label(),
+        'serial' => 'EXAMPLE-COMMUNITY-SERIAL',
+        'expire_at' => [
+            'unix' => now()->addDay()->unix(),
+        ],
+        'created_at' => [
+            'unix' => now()->subDays(3)->unix(),
+        ],
+    ];
+    partialMock(NetifydLicenceRepository::class, function (MockInterface $mock) use ($licence) {
+        $mock->expects('listLicences')
+            ->andReturn([
+                'data' => [
+                    $licence,
+                ],
+            ]);
+        $mock->expects('renewLicence')
+            ->with(NetifydLicenceType::COMMUNITY, 'EXAMPLE-COMMUNITY-SERIAL')
+            ->andThrow(new Exception('Cannot renew licence'));
+    });
+    get('/netifyd/community/licence')
+        ->assertInternalServerError()
+        ->assertJson(['message' => 'Cannot renew licence']);
+});