{"id":13606558,"url":"https://github.com/usrbinsam/jwt-key-server","last_synced_at":"2026-01-21T19:14:38.515Z","repository":{"id":54152295,"uuid":"113112942","full_name":"usrbinsam/jwt-key-server","owner":"usrbinsam","description":"JWT based remote licensing server.","archived":false,"fork":false,"pushed_at":"2023-05-05T02:24:06.000Z","size":605,"stargazers_count":146,"open_issues_count":8,"forks_count":41,"subscribers_count":13,"default_branch":"legacy","last_synced_at":"2025-04-12T08:40:26.944Z","etag":null,"topics":["gin","go","keyserver","license-generator","license-keys","license-management","software-licensing"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/usrbinsam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-05T00:55:50.000Z","updated_at":"2025-02-22T07:30:45.000Z","dependencies_parsed_at":"2024-06-20T06:57:09.088Z","dependency_job_id":"4b170061-44a0-4a20-bc57-98294c950607","html_url":"https://github.com/usrbinsam/jwt-key-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/usrbinsam/jwt-key-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrbinsam%2Fjwt-key-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrbinsam%2Fjwt-key-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrbinsam%2Fjwt-key-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrbinsam%2Fjwt-key-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/usrbinsam","download_url":"https://codeload.github.com/usrbinsam/jwt-key-server/tar.gz/refs/heads/legacy","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usrbinsam%2Fjwt-key-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28640641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T18:04:35.752Z","status":"ssl_error","status_checked_at":"2026-01-21T18:03:55.054Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gin","go","keyserver","license-generator","license-keys","license-management","software-licensing"],"created_at":"2024-08-01T19:01:10.228Z","updated_at":"2026-01-21T19:14:38.498Z","avatar_url":"https://github.com/usrbinsam.png","language":"Go","readme":"# mini-key-server\n\n\u003e :star: This repo has not been maintained since 2019 but will being receiving updates again soon. :star:\n\nThis web application provides a restful API for your desktop and other applications licensing needs.\n\n### TODO\n\n- [ ] Backend re-write in Go\n- [ ] Frontend re-write with VueJS\n\n### Key View\n\n![key view](etc/KeyView.png)\n![key detail](etc/KeyDetail.png)\n![add key](etc/AddKey.png)\n\n### Application View\n\n![app view](etc/AppView.png)\n![app detail](etc/AppDetail.png)\n\n### API Example\n\n![cURL](etc/cURLExample.png)\n\n## Requirements\n\nAside from the python module requirements listed in [requirements.txt](requirements.txt), the following is required:\n* Python 3.6 or later.\n* PostgreSQL (or other SQLAlchemy supported backend)\n\n\n## Installation\n\nThis software should be used from a [viritualenv](https://virtualenv.pypa.io/en/stable/)\nenvironment.\n\n```sh\nvirtualenv venv\nsource venv/bin/activate\npip3 install -U -r requirements.txt\n```\n\nThen edit the config:\n\n```sh\nmv keyserv/config.example.py keyserv/config.py\n```\n\nMake sure you set `SECRET_KEY` to a randomly generated value, then change `SQLALCHEMY_DATABASE_URI`\nto the URI for the database you create below.\n\n## Database Setup\n\nThe following commands will create a suitable database for the keyserver to use.\n\n```sh\nsu - postgres\ncreateuser keyserver\ncreatedb -O keyserver keyserver\n```\n\n## User Setup\n\nThis creates a user and password on the command line. Currently there's no user creation available\nin the user interface.\n\n```sh\nexport FLASK_APP=keyserver.py\nflask create-user username password\n```\n\n## Key Creation \u0026 Usage\n\n1. Create an Application at the `/add/app` URL.\n2. Create a Key at the `/add/key` URL. Activations set to `-1` means unlimited activations\n\n### API Endpoints\n\n#### `/api/check` GET\n\nUsed to check if a key is valid. Your application should exit if the response code is not `201`.\nA response of `404` means the key does not exist. This endpoint only accepts the GET method.\n\n404 response:\n```json\n{\"result\": \"failure\", \"error\": \"invalid key\"}\n```\n\n201 OK response:\n```json\n{\"result\": \"ok\"}\n```\n\nArguments:\n- `token` - The token of the key to check for\n- `app_id` - Required ID of the application attempting to activate. An app-specific support message\nwill be included in the response body if the response failed.\n- `machine` - The NetBIOS or domain name of the machine\n- `user` - The name of the currently logged in user\n- `hwid` - The same `hwid` provided during /api/activate (see below)\n\n#### `/api/activate` POST\n\nUsed to activate the application. If successful, the number of remaining activations will decrement\nby one. After activation, your application should store the token in an obscure location and use the\n`/api/check` endpoint each time it starts up. This endpoint only supports the POST method.\n\n404 Invalid Key response:\n```json\n{\"result\": \"failure\", \"error\": \"invalid activation token\", \"support_message\": \"call 555-555-5555 for support or email support@example.com\"}\n```\n\n410 Out of Activations response:\n```json\n{\"result\": \"failure\", \"error\": \"key is out of activations\", \"support_message\": \"visit https://example.com/ for support\"}\n```\n\n201 Activation Successful response:\n```json\n{\"result\": \"ok\", \"remainingActivations\": 1}\n```\nThe number of remaining activations will be returned in the JSON payload. `-1` indicates unlimited\nactivations.\n\nArguments:\n- `token` - The token of the key to check for\n- `app_id` - Required ID of the application attempting to activate. An app-specific support message\nwill be included in the response body if the response failed. The ID is provided when an application is created\n- `machine` - The NetBIOS or domain name of the machine\n- `user` - The name of the currently logged in user\n- `hwid` - Something that identifies the machine this token is being activated on. This should not be stored on the client side but should be unique for each client and should be generated on the client machine (MAC address, etc.)\n\nExample:\n\n```sh\ncurl localhost:5001/api/activate -X POST -d token=2SZRHXZBNB3GUCHM375FTB8DJ -d machine=ICEBREAKER -d user=sam\n{\n    \"result\": \"ok\",\n    \"remainingActivations\": \"9\"\n}\n```\n\n## Database Notice\n\nThe database schema is likely to change as this software is still young. Appropriate `ALTER TABLE` queries will come with the commit message.\n\n## Implications\n\n- Please run this software behind HTTPS, otherwise keys can be spoofed. Use [Qualys SSL Labs](https://www.ssllabs.com/) to verify. I recommend setting up HTTP Public Key Pinning - otherwise a bogus CA root can be issued to also spoof an instance of your domain. Setting up HPKP is not within the scope of this project.\n- Keys can be shared between machines, if disallowing this is important to you, use a different product. I am working on a way to seed activations via a mini-key-server client library.\n\n## TODO\n\n- Client-side library (in progress)\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusrbinsam%2Fjwt-key-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fusrbinsam%2Fjwt-key-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusrbinsam%2Fjwt-key-server/lists"}