magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
Files
8aec2b21a9ed1a7e493c12f60189de2308619afa
wc-licensed-product-client/CHANGELOG.md
magdev e87a60926b Add security layer with response signature verification 
Security classes:
- ResponseSignature: HMAC-SHA256 signing and verification
- StringEncoder: XOR-based string obfuscation for source code
- IntegrityChecker: Source file hash verification
- SignatureException, IntegrityException for error handling

SecureLicenseClient:
- Verifies server response signatures
- Prevents response tampering and replay attacks
- Per-license derived signing keys
- Optional code integrity checking

Documentation:
- docs/server-implementation.md with complete WordPress/WooCommerce
  integration guide for signing responses

Tests:
- 34 new security tests (66 total, all passing)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 16:16:59 +01:00

43 lines
1.5 KiB
Markdown
Raw Blame History

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.0.2] - 2026-01-22
### Added
- Object-oriented client library (`LicenseClient`, `LicenseClientInterface`)
- DTO classes for API responses (`LicenseInfo`, `LicenseStatus`, `ActivationResult`)
- `LicenseState` enum for license status values
- Comprehensive exception hierarchy for error handling
- PSR-3 logging support (optional)
- PSR-6 caching support (optional)
- PSR dependencies (`psr/log`, `psr/cache`, `psr/http-client`)
- PHPUnit test suite with 32 tests covering DTOs, exceptions, and client
- `SecureLicenseClient` with response signature verification (HMAC-SHA256)
- `ResponseSignature` class for signing and verifying API responses
- `StringEncoder` for basic string obfuscation in source code
- `IntegrityChecker` for verifying source file integrity
- `SignatureException` and `IntegrityException` for security errors
- Server implementation documentation (`docs/server-implementation.md`)
- Security test suite (34 additional tests)
### Changed
- Updated README with usage examples
## [0.0.1] - 2026-01-22
### Added
- Initial composer project setup
- Package configuration with PSR-4 autoloading
- Symfony HttpClient dependency (^7.0)
- Project documentation (README.md, CHANGELOG.md)
- OpenAPI specification reference in tmp/openapi.json
Reference in New Issue View Git Blame Copy Permalink