# Lizenzserver Konfiguration Implementation

## Overview
✅ COMPLETED: Implemented client configuration management and single-session enforcement for Account Forger software.

## Implementation Status (2025-06-21)
✅ License activation works (consumes device slots)
✅ Basic verification exists at `/api/license/verify`
✅ Heartbeat system implemented (30-second intervals)
✅ Single-session enforcement implemented
✅ Admin panel has full UI and backend for "Lizenzserver Konfiguration"
✅ Session management and monitoring
✅ Automatic cleanup of expired sessions

## Requirements
1. **Single Session Enforcement**: Only one device can run the software at a time (even if activated on multiple devices)
2. **Heartbeat System**: 30-second heartbeats to track active sessions
3. **Version Management**: Control minimum supported version and update notifications
4. **Client Configuration**: Manage Account Forger settings from admin panel

## Completed Features

### 1. Database Schema ✅

#### Admin Panel Database
```sql
-- Client configuration (one row for Account Forger)
CREATE TABLE client_configs (
    id SERIAL PRIMARY KEY,
    client_name VARCHAR(100) NOT NULL DEFAULT 'Account Forger',
    api_key VARCHAR(255) NOT NULL,
    heartbeat_interval INTEGER DEFAULT 30, -- seconds
    session_timeout INTEGER DEFAULT 60, -- seconds (2x heartbeat)
    current_version VARCHAR(20) NOT NULL,
    minimum_version VARCHAR(20) NOT NULL,
    download_url TEXT,
    whats_new TEXT,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- Active sessions tracking
CREATE TABLE active_sessions (
    id SERIAL PRIMARY KEY,
    license_id INTEGER REFERENCES licenses(id) ON DELETE CASCADE,
    hardware_id VARCHAR(255) NOT NULL,
    ip_address INET,
    client_version VARCHAR(20),
    session_token VARCHAR(255) UNIQUE NOT NULL,
    started_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    last_heartbeat TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    UNIQUE(license_id) -- Only one active session per license
);

-- Session history for debugging
CREATE TABLE session_history (
    id SERIAL PRIMARY KEY,
    license_id INTEGER REFERENCES licenses(id) ON DELETE CASCADE,
    hardware_id VARCHAR(255) NOT NULL,
    ip_address INET,
    client_version VARCHAR(20),
    started_at TIMESTAMP,
    ended_at TIMESTAMP,
    end_reason VARCHAR(50) -- 'normal', 'timeout', 'forced', 'replaced'
);
```

### 2. License Server Endpoints ✅

#### Implemented endpoints in `/v2_lizenzserver/app/api/license.py`:

1. **POST /api/license/session/start**
   - Input: license_key, machine_id, hardware_hash, version
   - Check: License valid? Already active session?
   - If active session exists: Return error "Es ist nur eine Sitzung erlaubt, stelle sicher, dass nirgendwo sonst das Programm läuft"
   - If no session: Create session, return session_token and version info
   - Response includes: session_token, whats_new (if newer version), download_url

2. **POST /api/license/session/heartbeat**
   - Input: session_token, license_key
   - Update last_heartbeat timestamp
   - Return: success status

3. **POST /api/license/session/end**
   - Input: session_token
   - Mark session as ended
   - Log to session_history

4. **Background job**: Clean up sessions older than 60 seconds without heartbeat

### 3. Admin Panel Implementation ✅

#### Implemented routes in `/v2_adminpanel/routes/admin_routes.py`:

1. **GET /lizenzserver/config**
   - Show current client configuration
   - Display active sessions count

2. **POST /lizenzserver/config/update**
   - Update version, download URL, what's new
   - Update minimum supported version

3. **GET /lizenzserver/sessions**
   - List all active sessions
   - Show: License key, Customer name, Hardware ID, IP, Started at, Last heartbeat

4. **POST /lizenzserver/sessions/{session_id}/terminate**
   - Force close a session (admin only: rac00n, w@rh@mm3r)

5. **GET /lizenzserver/config/client/new** ✅
   - Shows client configuration page
   - Handles initial client config and updates

### 4. Security

- API key required for all client requests
- License key validates ownership  
- Hardware ID ensures device authenticity
- Session tokens prevent replay attacks

### 5. Client Flow

1. **Startup**:
   ```
   POST /api/license/session/start
   -> Get session_token or error
   -> Show version update if available
   ```

2. **Running** (every 30 seconds):
   ```
   POST /api/license/session/heartbeat
   -> Keep session alive
   ```

3. **Shutdown**:
   ```
   POST /api/license/session/end
   -> Clean session exit
   ```

### 6. Error Handling

- Network interruption: Session expires after 60s
- Software crash: Session expires after 60s
- Multiple launch attempts: Show error message
- Version too old: Block with message to update

### 7. Admin Features

- View active sessions
- Force terminate sessions
- Update version requirements
- View session history (last 24h)
- Manage client configuration

## Implementation Completed

1. ✅ Created database tables (client_configs, license_sessions, session_history)
2. ✅ Implemented session management in license server
3. ✅ Added heartbeat endpoint
4. ✅ Created admin panel routes for configuration
5. ✅ Implemented session viewing/management with terminate capability
6. ✅ Added background cleanup job (runs every 60 seconds)
7. ⏳ Ready for testing with Account Forger client

## Implementation Notes
- ✅ YAGNI: One global config for all Account Forger instances
- ✅ No per-customer settings
- ✅ No grace period for session reclaim
- ✅ Generic error messages (no "who's using it" info)
- ✅ Version format: 1.0.0
- ✅ Session tokens: UUID format
- ✅ Background cleanup: Every 60 seconds
- ✅ API Key: Single global key stored in client_configs

## UI Improvements (2025-06-21)

### Single-Page Administration
- ✅ Merged all configuration into the main administration page
- ✅ Removed separate "Account Forger Konfiguration" page
- ✅ Removed "Neuer Client" button (not needed with single global config)

### Account Forger Configuration Section
- ✅ Inline version management (current and minimum version)
- ✅ API key display with copy-to-clipboard functionality
- ✅ Removed download_url and whats_new fields (handled elsewhere)
- ✅ Direct save without page navigation

### Live Session Monitor
- ✅ Real-time session count with badge
- ✅ Mini table showing last 5 active sessions
- ✅ Auto-refresh every 30 seconds via AJAX
- ✅ "Alle anzeigen" link to full session management page

### Technical Settings
- ✅ Feature flags in collapsible accordion
- ✅ Rate limits in collapsible accordion
- ✅ Clean separation between daily operations and technical settings

### Database Schema Updates
- ✅ Removed download_url column from client_configs
- ✅ Removed whats_new column from client_configs
- ✅ Simplified to only essential configuration fields