From ad3e92fff091c969fca576611293a31e01f03345 Mon Sep 17 00:00:00 2001
From: Alex Tran <alex.tran1502@gmail.com>
Date: Wed, 5 Jun 2024 01:56:37 -0500
Subject: [PATCH] feat(server): license verification

---
 open-api/immich-openapi-specs.json        | 21 ++++++++++++++++++
 server/src/controllers/auth.controller.ts | 27 ++++++++++++++++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/open-api/immich-openapi-specs.json b/open-api/immich-openapi-specs.json
index eeef262ea0..c08a39c08e 100644
--- a/open-api/immich-openapi-specs.json
+++ b/open-api/immich-openapi-specs.json
@@ -2299,6 +2299,27 @@
         ]
       }
     },
+    "/auth/validate-license": {
+      "get": {
+        "operationId": "validateLicense",
+        "parameters": [],
+        "responses": {
+          "200": {
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "description": ""
+          }
+        },
+        "tags": [
+          "Authentication"
+        ]
+      }
+    },
     "/auth/validateToken": {
       "post": {
         "operationId": "validateAccessToken",
diff --git a/server/src/controllers/auth.controller.ts b/server/src/controllers/auth.controller.ts
index 7dcef9df5f..e6411819de 100644
--- a/server/src/controllers/auth.controller.ts
+++ b/server/src/controllers/auth.controller.ts
@@ -1,6 +1,7 @@
-import { Body, Controller, HttpCode, HttpStatus, Post, Req, Res } from '@nestjs/common';
+import { Body, Controller, Get, HttpCode, HttpStatus, Post, Req, Res } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { Request, Response } from 'express';
+import * as crypto from 'node:crypto';
 import { AuthType } from 'src/constants';
 import {
   AuthDto,
@@ -75,4 +76,28 @@ export class AuthController {
       ImmichCookie.IS_AUTHENTICATED,
     ]);
   }
+
+  @Get('validate-license')
+  validateLicense(@Body() dto: { licenseKey: string }) {
+    console.log(dto);
+    const publicKey =
+      'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE3Sy8yd3ZLUS9NdU8ydi9MUm5saAoyUy9zTHhDOGJiTEw1UUlKOGowQ3BVZW40YURlY2dYMUpKUmtGNlpUVUtpNTdTbEhtS3RSM2JOTzJmdTBUUVg5Ck5WMEJzVzllZVB0MmlTMWl4VVFmTzRObjdvTjZzbEtac01qd29RNGtGRGFmM3VHTlZJc0dMb3UxVWRLUVhpeDEKUlRHcXVTb3NZVjNWRlk3Q1hGYTVWaENBL3poVXNsNGFuVXp3eEF6M01jUFVlTXBaenYvbVZiQlRKVzBPSytWZgpWQUJvMXdYMkVBanpBekVHVzQ3Vko4czhnMnQrNHNPaHFBNStMQjBKVzlORUg5QUpweGZzWE4zSzVtM00yNUJVClZXcTlRYStIdHRENnJ0bnAvcUFweXVkWUdwZk9HYTRCUlZTR1MxMURZM0xrb2FlRzYwUEU5NHpoYjduOHpMWkgKelFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tDQo=';
+    const licenseKey = 'TN6F-4DN5-733W-24VT-NC6P-D49S-WPX6-SDK4';
+    const activationKey =
+      'x2BH8Oq-pPtSxkNv1yexzTJELTW8fblk_VZmYHsrV7aJ3s79RPsfk547JSmtmTWAv28Bmw5m8rTxutYxNX7ws6ysysqHg0OinRBykH_LJHNbURzSjrmDXOffbFQWchqnuSXZYt-SN5rpI_2sZDlUxZ72wkhhrrKUb3UQXHhsQt6MQNnumgLfswvJQVKnvhJ3tzHEDYOHuKo4w-p0l7rIi0WRUWW2FrNOIh9HrvccEBLIwfIWjKz9xIJaN-Qwp0xYuwUqQ-p5jJn6XqEXWUQmRer8RWxk589qiTi238MMG_YvkTRd68Iqn10OyxJ4N0ua0qXS64xhgK5dfCsEVQfCMA';
+
+    const publicKeyBuffer = Buffer.from(publicKey, 'base64');
+    const publicPaymentKey = crypto.createPublicKey({
+      key: publicKeyBuffer,
+      type: 'spki',
+      format: 'pem',
+    });
+
+    const verifier = crypto.createVerify('SHA256');
+    verifier.update(licenseKey);
+    verifier.end();
+
+    const activationKeyBuffer = Buffer.from(activationKey, 'base64');
+    return verifier.verify(publicPaymentKey, activationKeyBuffer);
+  }
 }