feat: add license validation and entitlements (Rust) (#46 )

Introduces the offline license infrastructure for the Base/Premium editions. - jsonwebtoken (EdDSA) verifies license JWTs against an embedded Ed25519 public key. The exp claim is mandatory (CWE-613) and is enforced via Validation::set_required_spec_claims. - Activation tokens (server-issued, machine-bound) prevent license.key copying between machines. Storage is wired up; the actual issuance flow ships with Issue #49. - get_edition() fails closed to "free" when the license is missing, invalid, expired, or activated for a different machine. - New commands/entitlements module centralizes feature → tier mapping so Issue #48 (and any future gate) reads from a single source of truth. - machine-uid provides the cross-platform machine identifier; OS reinstall invalidates the activation token by design. - Tests cover happy path, expiry, wrong-key signature, malformed JWT, unknown edition, and machine_id matching for activation tokens. The embedded PUBLIC_KEY_PEM is the RFC 8410 §10.3 test vector, clearly labelled as a development placeholder; replacing it with the production public key is a release-time task.
Merge pull request 'fix(ci): install Node.js in the rust job' (#62 ) from fix/check-workflow-rust-node into main
2026-04-09 10:02:02 -04:00 · 2026-04-09 14:01:39 +00:00 · 2026-04-09 09:44:24 -04:00
1 changed files with 7 additions and 4 deletions
--- a/.forgejo/workflows/check.yml
+++ b/.forgejo/workflows/check.yml
@ -20,16 +20,19 @@ jobs:
      PATH: /root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      CARGO_TERM_COLOR: always
    steps:
-      - name: Install system dependencies
+      - name: Install system dependencies, Node.js and Rust
        run: |
          apt-get update
          apt-get install -y --no-install-recommends \
            curl wget git ca-certificates build-essential pkg-config \
            libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev libssl-dev
-
-      - name: Install Rust toolchain (stable)
-        run: |
+          # Node.js is required by actions/checkout and actions/cache (they
+          # are JavaScript actions and need `node` in the container PATH).
+          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+          apt-get install -y nodejs
+          # Rust toolchain
          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal
+          node --version
          rustc --version
          cargo --version