magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
Files
8aec2b21a9ed1a7e493c12f60189de2308619afa
wc-licensed-product-client/CHANGELOG.md
magdev e87a60926b Add security layer with response signature verification 
Security classes:
- ResponseSignature: HMAC-SHA256 signing and verification
- StringEncoder: XOR-based string obfuscation for source code
- IntegrityChecker: Source file hash verification
- SignatureException, IntegrityException for error handling

SecureLicenseClient:
- Verifies server response signatures
- Prevents response tampering and replay attacks
- Per-license derived signing keys
- Optional code integrity checking

Documentation:
- docs/server-implementation.md with complete WordPress/WooCommerce
  integration guide for signing responses

Tests:
- 34 new security tests (66 total, all passing)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 16:16:59 +01:00

1.5 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.0.2] - 2026-01-22

Added

  • Object-oriented client library (LicenseClient, LicenseClientInterface)
  • DTO classes for API responses (LicenseInfo, LicenseStatus, ActivationResult)
  • LicenseState enum for license status values
  • Comprehensive exception hierarchy for error handling
  • PSR-3 logging support (optional)
  • PSR-6 caching support (optional)
  • PSR dependencies (psr/log, psr/cache, psr/http-client)
  • PHPUnit test suite with 32 tests covering DTOs, exceptions, and client
  • SecureLicenseClient with response signature verification (HMAC-SHA256)
  • ResponseSignature class for signing and verifying API responses
  • StringEncoder for basic string obfuscation in source code
  • IntegrityChecker for verifying source file integrity
  • SignatureException and IntegrityException for security errors
  • Server implementation documentation (docs/server-implementation.md)
  • Security test suite (34 additional tests)

Changed

  • Updated README with usage examples

[0.0.1] - 2026-01-22

Added

  • Initial composer project setup
  • Package configuration with PSR-4 autoloading
  • Symfony HttpClient dependency (^7.0)
  • Project documentation (README.md, CHANGELOG.md)
  • OpenAPI specification reference in tmp/openapi.json
Reference in New Issue View Git Blame Copy Permalink