GeckoGuard API

Express-based license management API with Prisma (MySQL). Developers authenticate via Bearer API keys; end users authenticate per-application (KeyAuth-like model).

Contents

• Overview
• Quick start
• Environment variables
• Authentication (developer vs end-user)
• Database models
• Endpoints with examples
• CORS and security
• Project structure
• Notes and limitations

Overview

• Applications (apps) owned by developer accounts
• End users per app (AppUser)
• Pre-generated license keys that, when redeemed, grant/extend subscriptions
• Variables, blacklists, logs, teams

Quick start

npm install

# .env
PORT=3000
DATABASE_URL="mysql://USER:PASSWORD@HOST:PORT/DATABASE"

npm run dev:db:generate
npm run dev:db:push

npm start

Environment variables

• PORT: Port for the Express server.
• DATABASE_URL: MySQL connection string used by Prisma.
• Optional legacy JWT vars: JWT, JWT_SECRET, JWT_EXPIRES.

Authentication

• Developer (owner/team): Authorization: Bearer <apiKey>.
• End user (per app): use username/password to redeem license; recommended to add app-user JWT login.

Database models (Prisma)

• User, Application, AppUser
• LicenseKey, Subscription
• AppVariable, Blacklist, AppLog
• TeamMember

Endpoints

Auth routes (/api/auth)

POST /api/auth/login
POST /api/auth/register
POST /api/auth/sync

Apps

POST /api/apps/create
GET  /api/apps/list
POST /api/apps/delete

Licenses

POST /api/licenses/create
GET  /api/licenses/list?appId=...
POST /api/licenses/assign
POST /api/licenses/redeem
DELETE /api/licenses/delete
PATCH /api/licenses/reset-hwid

Users

GET /api/users/me
GET /api/users/list (admin)
GET /api/users/:id/licenses?appId=...

Dashboard

GET /api/dashboard/metrics

cURL examples

# Register
curl -s -X POST http://localhost:3000/api/auth/register   -H "Content-Type: application/json"   -d '{"email":"user@example.com","password":"pass","firstName":"A","lastName":"B"}'

# List products
curl -s http://localhost:3000/api/products/list   -H "Authorization: Bearer YOUR_API_KEY_HERE"

# Create 3 license keys
curl -s -X POST http://localhost:3000/api/licenses/create   -H "Authorization: Bearer YOUR_API_KEY_HERE"   -H "Content-Type: application/json"   -d '{"count":3,"productId":"PRODUCT_ID"}'

CORS and security

• Allowed origins: https://www.geckoguard.net, http://localhost:3000, http://localhost:3001
• Adjust allowedOrigins in the API server if needed.

Project structure

src/
  server.js                 Express app and route mounting
  prisma/schema.prisma      Prisma schema (MySQL)
  lib/
    prisma.js               PrismaClient singleton
    auth.js                 API-key auth helper (Bearer token)
    middleware/
      requireAuth.js        Enforces Bearer API-key auth
      requireAdmin.js       Requires role === 'admin'
      requireDevAccessToApp.js  Verifies developer has access to an app
  api/
    auth/                   login, register, sync
    apps/                   create, list, delete (developer)
    products/               create, list, delete
    licenses/               create, list, assign, redeem, delete, reset-hwid
    users/                  me, list, [id]/licenses
    dashboard/              metrics

Notes and limitations

• Admin checks require seeded/promoted admin users.
• Consider dedicated app-user register/login + JWT.
• Legacy JWT code exists but is not wired to current routers.