Licence key comms tested

gbro3n · gbro3n · commit 3a87b4e3ec55 · 2026-03-20T16:45:00.000Z
diff --git a/vs-code-extension/src/LicenceActivationService.ts b/vs-code-extension/src/LicenceActivationService.ts
@@ -146,11 +146,17 @@ export async function loadCachedLicenceState(
 }
 
 /**
- * Activate a licence key: verify cryptographically, persist state, and
- * fire a background server notification.
+ * Activate a licence key: verify cryptographically, check the server for
+ * revocation (with a short timeout), persist state, and return the result.
  *
- * Returns the resulting LicenceState immediately after local verification.
- * The server POST happens in the background and does not block the result.
+ * Flow:
+ *   1. Verify Ed25519 signature locally (instant, offline).
+ *   2. If valid, POST to the server with a 3-second timeout.
+ *   3. If the server responds 403/404 (revoked/unknown), return invalid.
+ *   4. If the server confirms (200) or is unreachable/errors, return valid.
+ *
+ * This ensures that revoked keys are caught immediately when online, while
+ * offline activation still works via the cryptographic signature alone.
  */
 export async function activateLicenceKey(
     key: string,
@@ -171,16 +177,18 @@ export async function activateLicenceKey(
         return invalidLicenceState();
     }
 
+    // Check with the server (short timeout -- don't block the user long).
+    const revoked = await checkServerRevocationStatus(trimmed, context);
+    if (revoked) {
+        await clearPersistedState(context.secrets);
+        return invalidLicenceState();
+    }
+
     // Build and persist valid state.
     const product = result.product as LicenceProduct;
     const state: LicenceState = { status: 'valid', product };
     await persistLicenceState(context.secrets, trimmed, state);
 
-    // Background server notification (non-blocking).
-    notifyServer(trimmed, context).catch(() => {
-        // Silently ignore -- server activation is best-effort.
-    });
-
     return state;
 }
 
@@ -235,26 +243,44 @@ export async function checkServerForRevocation(
     }
 }
 
-// ── Background server notification ─────────────────────────────────────────
+// ── Server revocation check at activation ──────────────────────────────────
 
-async function notifyServer(
+/**
+ * POST to the server to check whether a key has been revoked.
+ * Returns true if the server explicitly reports the key as revoked (403/404).
+ * Returns false (not revoked) if the server confirms (200), is unreachable,
+ * times out, or returns any other error -- offline-first, optimistic.
+ *
+ * Uses a short 3-second timeout so the user isn't blocked long.
+ */
+async function checkServerRevocationStatus(
     key: string,
     context: vscode.ExtensionContext,
-): Promise<void> {
-    const baseUrl = getBaseUrl();
-    const response = await fetch(`${baseUrl}/api/v1/licence/activate`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-            licenceKey: key,
-            deviceId: vscode.env.machineId,
-            deviceInfo: `VS Code ${vscode.version} / ${getOsPlatformLabel()}`,
-        }),
-        signal: AbortSignal.timeout(10_000),
-    });
-
-    if (response.ok) {
+): Promise<boolean> {
+    try {
+        const baseUrl = getBaseUrl();
+        const response = await fetch(`${baseUrl}/api/v1/licence/activate`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                licenceKey: key,
+                deviceId: vscode.env.machineId,
+                deviceInfo: `VS Code ${vscode.version} / ${getOsPlatformLabel()}`,
+            }),
+            signal: AbortSignal.timeout(3_000),
+        });
+
+        // Record successful server contact.
         await context.secrets.store(SECRET_LAST_SERVER_CHECK, Date.now().toString());
+
+        if (response.status === 403 || response.status === 404) {
+            return true; // revoked
+        }
+
+        return false; // confirmed or unknown error -- not revoked
+    } catch {
+        // Unreachable / timeout -- not revoked (optimistic).
+        return false;
     }
 }
 
diff --git a/vs-code-extension/src/extension.ts b/vs-code-extension/src/extension.ts
@@ -488,16 +488,39 @@ export async function activate(context: vscode.ExtensionContext): Promise<{ exte
     );
     /** Validate a licence key with appropriate UI feedback. */
     function validateLicenceKeyWithUI(key: string): void {
-        activateLicenceKey(key, context).then((state) => {
-            const wasValid = hasProEditorAccess(licenceState);
+        const activation = activateLicenceKey(key, context);
+
+        // Only show a progress spinner if the server check takes a while.
+        // Fast paths (ECONNREFUSED, local-only) resolve in <500ms and skip the spinner.
+        const progressTimer = setTimeout(() => {
+            vscode.window.withProgress(
+                { location: vscode.ProgressLocation.Notification, title: 'AS Notes: Verifying licence key...' },
+                () => activation,
+            );
+        }, 500);
+
+        activation.then((state) => {
+            clearTimeout(progressTimer);
+
             licenceState = state;
             if (licenceState.status === 'invalid' || licenceState.status === 'not-entered') {
                 showLicenceWarning();
-            } else if (licenceState.status === 'valid' && !wasValid) {
-                vscode.window.showInformationMessage('AS Notes: Licence activated successfully \u2714');
+            } else if (licenceState.status === 'valid') {
+
+                // Show licence activated regardless of whether licence was valid before or
+                // if product has changed - the user should always see confirmation
+                //
+                // const previousProduct = licenceState.product;
+                // const wasValid = hasProEditorAccess(licenceState);
+                // ...
+                // ... && (!wasValid || licenceState.product !== previousProduct)
+
+                const tierLabel = licenceState.product === 'pro_ai_sync' ? 'Pro AI & Sync' : 'Pro Editor';
+                vscode.window.showInformationMessage(`AS Notes: Licence activated - ${tierLabel} \u2714`);
             }
             updateFullModeStatusBar();
         }).catch((err) => {
+            clearTimeout(progressTimer);
             console.warn('as-notes: licence validation failed:', err);
         });
     }
diff --git a/vs-code-extension/src/test/LicenceActivationService.test.ts b/vs-code-extension/src/test/LicenceActivationService.test.ts
@@ -88,17 +88,16 @@ describe('activateLicenceKey', () => {
         expect(mockSecrets.has('as-notes.licenceKey')).toBe(false);
     });
 
-    it('returns valid pro_editor on successful verification', async () => {
+    it('returns valid pro_editor when server confirms (200)', async () => {
         mockVerifyResult.mockReturnValue(validResult('pro_editor'));
-        // Stub fetch so background notification doesn't fail
         vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: true, status: 200 }));
 
         const result = await activateLicenceKey('ASNO-VALID-KEY', buildContext() as any);
         expect(result.status).toBe('valid');
         expect(result.product).toBe('pro_editor');
     });
 
-    it('returns valid pro_ai_sync on successful verification', async () => {
+    it('returns valid pro_ai_sync when server confirms (200)', async () => {
         mockVerifyResult.mockReturnValue(validResult('pro_ai_sync'));
         vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: true, status: 200 }));
 
@@ -107,6 +106,35 @@ describe('activateLicenceKey', () => {
         expect(result.product).toBe('pro_ai_sync');
     });
 
+    it('returns invalid when server reports 403 (revoked)', async () => {
+        mockVerifyResult.mockReturnValue(validResult('pro_editor'));
+        vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: false, status: 403 }));
+
+        const result = await activateLicenceKey('ASNO-VALID-KEY', buildContext() as any);
+        expect(result.status).toBe('invalid');
+        expect(result.product).toBeNull();
+        expect(mockSecrets.has('as-notes.licenceKey')).toBe(false);
+        expect(mockSecrets.has('as-notes.licenceState')).toBe(false);
+    });
+
+    it('returns invalid when server reports 404 (not found)', async () => {
+        mockVerifyResult.mockReturnValue(validResult('pro_editor'));
+        vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: false, status: 404 }));
+
+        const result = await activateLicenceKey('ASNO-VALID-KEY', buildContext() as any);
+        expect(result.status).toBe('invalid');
+        expect(result.product).toBeNull();
+    });
+
+    it('returns valid when server returns 500 (optimistic)', async () => {
+        mockVerifyResult.mockReturnValue(validResult('pro_editor'));
+        vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: false, status: 500 }));
+
+        const result = await activateLicenceKey('ASNO-VALID-KEY', buildContext() as any);
+        expect(result.status).toBe('valid');
+        expect(result.product).toBe('pro_editor');
+    });
+
     it('persists state to SecretStorage on success', async () => {
         mockVerifyResult.mockReturnValue(validResult('pro_editor'));
         vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: true, status: 200 }));
@@ -126,7 +154,7 @@ describe('activateLicenceKey', () => {
         expect(result).not.toHaveProperty('serverUnreachable');
     });
 
-    it('returns valid even when server notification fails (non-blocking)', async () => {
+    it('returns valid when server is unreachable (offline-first)', async () => {
         mockVerifyResult.mockReturnValue(validResult('pro_editor'));
         vi.stubGlobal('fetch', vi.fn().mockRejectedValue(new Error('Network error')));
 
