dwindown/dewemoji
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: harden billing verification and add browse route parity

Browse Source
This commit is contained in:
Dwindi Ramadhana
2026-02-04 08:52:22 +07:00
parent ccec406d6d
commit a4d2031117
20 changed files with 2080 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
billing-sandbox-live.md Normal file
View File

@@ -0,0 +1,58 @@
# Billing Mode Switch (`sandbox` -> `live`)
This project supports two license verification modes via env:
- `DEWEMOJI_BILLING_MODE=sandbox`
Any non-empty license key is treated as valid Pro.
- `DEWEMOJI_BILLING_MODE=live`
Key must pass live validation rules (`DEWEMOJI_LICENSE_ACCEPT_ALL`, `DEWEMOJI_PRO_KEYS`, or provider validation).
## Recommended local setup
Use sandbox while building:
```env
DEWEMOJI_BILLING_MODE=sandbox
DEWEMOJI_LICENSE_ACCEPT_ALL=false
DEWEMOJI_PRO_KEYS=
```
## Staging/live setup
Use live mode:
```env
DEWEMOJI_BILLING_MODE=live
DEWEMOJI_LICENSE_ACCEPT_ALL=false
DEWEMOJI_PRO_KEYS=key_1,key_2,key_3
DEWEMOJI_VERIFY_CACHE_TTL=300
DEWEMOJI_GUMROAD_ENABLED=true
DEWEMOJI_GUMROAD_PRODUCT_IDS=prod_abc123
DEWEMOJI_MAYAR_ENABLED=false
DEWEMOJI_MAYAR_API_BASE=https://api.mayar.id
DEWEMOJI_MAYAR_ENDPOINT_VERIFY=/v1/license/verify
DEWEMOJI_MAYAR_SECRET_KEY=
```
## Provider notes
- Gumroad validation uses configured `DEWEMOJI_GUMROAD_VERIFY_URL` + first `DEWEMOJI_GUMROAD_PRODUCT_IDS`.
- Mayar validation uses `DEWEMOJI_MAYAR_VERIFY_URL` + `DEWEMOJI_MAYAR_API_KEY`.
- Or use `DEWEMOJI_MAYAR_API_BASE` + `DEWEMOJI_MAYAR_ENDPOINT_VERIFY` + `DEWEMOJI_MAYAR_SECRET_KEY`.
- For local QA (no external billing call), you can define:
- `DEWEMOJI_GUMROAD_TEST_KEYS=dev_key_1,dev_key_2`
- `DEWEMOJI_MAYAR_TEST_KEYS=dev_key_3`
## API endpoints affected
- `POST /v1/license/verify`
- `POST /v1/license/activate`
- `POST /v1/license/deactivate`
- Tier-aware API access such as `GET /v1/emojis` (free/pro behavior)
## Notes
- Current provider integration is baseline and safe-fallback (`false` on network/API mismatch).
- Keep `DEWEMOJI_PRO_KEYS` for emergency fallback during migration cutover.
- `POST /v1/license/verify` includes provider fields on success: `source`, `plan`, `product_id`, `expires_at`.
- Invalid live checks include `details.gumroad` and `details.mayar` for diagnostics.