devlog > web

Writing bad crypto code

Captain's Log: Stardate 78089.3

Today I tried to slam out as much work as I could on the lower-level c++ code to do all the license activation stuff. Since I got all the PITA stuff done yesterday to get openssl, libcurl, etc, working, today was actually fairly productive. The c++ code now has APIs to call the license API server to register a new license key, save the signed key to disk, check if the key is still valid, and so on.

I find all this anti-piracy stuff pretty annoying/frustrating, since none of the work makes the plugin more fun to use. And one particular worry I have is that I want to make VERY sure that it never screws over someone who has paid for the software. So I have been thinking a lot about testing the license activation code. I wrote a few unit tests, but eventually got to the HTTP parts, and mocking out the HTTP responses just didn't feel great.

The solution I came to was to actually just write a bunch of integration tests that have the c++ license activation/verification code call the production license API server. I added some hidden/test-only APIs that allow the integration tests to reset the server state, and created a test-only license key. So the tests actually go through all the real flows a user will go through and make sure the c++ code and the API server talk to one another correctly, and that the API database reflects the correct state, etc.

I'm quite happy with this testing solution, because it gives me a ton of confidence that the client/server interactions all work the way they should. And since nothing is mocked, it's a really faithful test of what the actual binary will do.

Tomorrow I'll start on the c++ GUI for entering the license key and so on.

Ephemeral downloads and license keys

Captain's Log: Stardate 78086.6

Yesterday I finished up work on the website for now. It now has everything needed (at a basic level) to run a pre-alpha test. The last thing I finished up was using Cloudflare's R2 for storing binaries for download. During the pre-alpha, I'd really be sad if the binary leaked out, because if it got cracked while the paid version was not yet available, I can imagine curious people who'd otherwise like to pay for it would grab the cracked version. So I'm using ephemeral URLs for the downloads -- if one leaks to the broader web it will only be good for a few hours. Not bulletproof, but better than pure public URLs.

Today I got back to the plugin c++ code, working on the license key stuff. At the moment I'm implementing the code that makes the HTTP request to the server, gets a signed license key, verifies it, etc. This should all be simple, but I wasted a bunch of time on incidental complexity. I decided to use vcpkg for the crypto/http libraries, and hey, while I'm in there, I might as well upgrade the other packages right? Yeah, except the new versions have horrible bugs. And then it turns out that pinning package versions with vcpkg requires using it in a different way, and then... well anyway I got that all sorted out. After spending a couple weeks using "npm install whatever" I am spoiled and dealing with the insanity of library distribution under Windows is no fun.

This devlog is on the website now

Captain's Log: Stardate 78080.5

Today I pushed out the new version of the website that has the two blogs available (news and devlog). In addition to importing all of my old devlog entries from Discord, I also imported the newsletter entries from the Substack. This week I will be shutting down the Substack, because I am migrating the newsletter distribution to be fully controlled via the website. New newsletter entries will go on the blog and be emailed out to subscribes directly, rather than via Substack. (If you're wondering why, it's because I want that content hosted on anukari.com, not substack.com.)

Part of this new website push includes the new mechanism for launching the pre-alpha (NOT STARTED YET). I have some admin forms I can use to invite people to the pre-alpha when it starts, and they'll automatically get a license key emailed to them. It will also add them to the invite-list that allows them to register on the website. Anyone who's not on the list will be blocked.

I'm very close to wrapping up work on the website, and really hoping to do so this week. The big remaining TODO is to set up the infrastructure for downloading the installer. Other than that, there are a few small cleanups here and there, some updates to the legal docs, stuff like that.

We're getting much closer to a pre-alpha! I plan to wrap website work and immediately move on to the c++ registration code and installer. It's conceivable that the earliest pre-alpha testers could be invited within a few weeks. No guarantees, though.

Loading...

© 2024 Anukari LLC, All Rights Reserved
Contact Us|Legal