Merge branch 'dev_v5.x'

Author: SciChartTeam

AdvancedLicensing/README.md

@@ -12,7 +12,7 @@ Before implementing, [submit a support request](https://support.scichart.com/sup
 
 ### [Simple Server Validation](SimpleServerSideLicensing/)
 
-Server computes an HMAC-SHA256 token using a hex key from MyAccount. No native binaries, no FFI, no challenge/response. Requires a license with the `"SV"` feature flag.
+Server computes an HMAC-SHA256 token using a hex key from MyAccount. No native binaries, no FFI, no asymmetric challenge/response. Two modes (inline or round-trip with client nonce) selected per-licence. Requires a license with the `SV:H:V:N` feature flag.
 
 **Use this if:** you have a web server you control, or are building an Electron or Tauri desktop app, and want the easiest possible integration.
 

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/.gitignore

@@ -0,0 +1,9 @@
+[Dd]ebug/
+[Rr]elease/
+[Bb]in/
+[Oo]bj/
+.vs/
+*.user
+pack/
+*.nupkg
+*.snupkg

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/ISciChartLicenseTokenService.cs

@@ -0,0 +1,26 @@
+namespace SciChart.AspNetCore.SimpleLicensing;
+
+/// <summary>
+/// Generates SciChart Simple Server Validation v2 tokens.
+/// </summary>
+public interface ISciChartLicenseTokenService
+{
+    /// <summary>
+    /// Returns an inline token of the form <c>v2:serverNonce:serverNow:hmac</c>.
+    /// Servable to many clients and embeddable in HTML via a meta tag.
+    /// </summary>
+    string CreateInlineToken();
+
+    /// <summary>
+    /// Returns a round-trip token of the form <c>v2:clientNonce:serverNonce:serverNow:hmac</c>.
+    /// The client nonce is echoed verbatim — caller must validate it first.
+    /// </summary>
+    string CreateRoundTripToken(string clientNonce);
+
+    /// <summary>
+    /// Checks whether the given string is shaped as a valid client nonce
+    /// (8–64 hex characters). Use before passing untrusted input to
+    /// <see cref="CreateRoundTripToken"/>.
+    /// </summary>
+    bool IsValidClientNonce(string clientNonce);
+}

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/LICENSE.txt

@@ -0,0 +1,15 @@
+SciChart.AspNetCore.SimpleLicensing
+Copyright (c) SciChart Ltd. All rights reserved.
+
+This package is licensed under the SciChart End User License Agreement.
+
+You may only use this package together with a valid SciChart.js licence that
+includes the Simple Server Validation (SV) feature. Use without such a licence
+is not permitted.
+
+The current SciChart EULA is available at:
+    https://www.scichart.com/scichart-eula/
+
+For licensing enquiries, contact:
+    sales@scichart.com    — commercial licences
+    support@scichart.com  — technical support

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/README.md

@@ -0,0 +1,137 @@
+# SciChart.AspNetCore.SimpleLicensing
+
+ASP.NET Core integration for [SciChart.js](https://www.scichart.com) **Simple Server Validation v2** — server-signed license tokens using HMAC-SHA256, no native dependency.
+
+This package contains:
+
+- `ISciChartLicenseTokenService` — generates v2 tokens (inline + round-trip).
+- `<scichart-license />` tag helper — embeds the token in `<head>` as `<meta name="x-scichart-license" content="v2:..." />`.
+- `MapSciChartLicenseEndpoint()` — minimal-API endpoint that serves the token over `GET /api/license`.
+
+Use both together. The tag helper covers initial validation on every full page load (no XHR needed). The endpoint covers re-validation when the cached `scLicense` cookie expires — long-running SPAs eventually outlive `valid_time` and need a fresh token without a reload — and is also the only path the client uses when the licence has `validate_nonce=1`.
+
+## Prerequisites
+
+- ASP.NET Core 8.0 or newer
+- A SciChart license with the `SV:H:V:N` feature flag, where:
+  - `max_skew` — accepted client/server clock skew as `H` or `H.MM`
+  - `valid_time` — token validity in the client's wall clock (`H.MM`)
+  - `validate_nonce` — `0` permissive (inline or round-trip); `1` restricted (round-trip only)
+- A 64-char hex Server Secret from [SciChart MyAccount](https://www.scichart.com/profile)
+
+Contact [support@scichart.com](mailto:support@scichart.com) to have an SV v2 feature added to your license.
+
+## Usage
+
+### 1. Install
+
+```bash
+dotnet add package SciChart.AspNetCore.SimpleLicensing
+```
+
+### 2. Configure
+
+`appsettings.json`:
+
+```json
+{
+  "SciChart": {
+    "ServerSecret": "0123456789abcdef..."
+  }
+}
+```
+
+### 3. Register
+
+`Program.cs`:
+
+```csharp
+builder.Services.AddSciChartSimpleLicensing(builder.Configuration.GetSection("SciChart"));
+
+// ... after `var app = builder.Build();`
+app.MapSciChartLicenseEndpoint();
+```
+
+Alternative inline configuration:
+
+```csharp
+builder.Services.AddSciChartSimpleLicensing(opts =>
+    opts.ServerSecret = "0123456789abcdef...");
+```
+
+### 4. Register the tag helper
+
+`Views/_ViewImports.cshtml`:
+
+```cshtml
+@addTagHelper *, SciChart.AspNetCore.SimpleLicensing
+```
+
+### 5. Emit the meta tag
+
+`Views/Shared/_Layout.cshtml`:
+
+```cshtml
+<!DOCTYPE html>
+<html>
+<head>
+    <scichart-license />
+    <!-- other head content -->
+</head>
+<body>
+    @RenderBody()
+</body>
+</html>
+```
+
+### 6. Client side
+
+The client still sets its runtime license key as usual:
+
+```ts
+SciChartSurface.setRuntimeLicenseKey("YOUR_CLIENT_LICENSE_KEY");
+```
+
+That's it. Any page rendered through the layout carries a fresh server-signed v2 token in its head; the SciChart WASM runtime picks it up on `SciChartSurface.create(...)` and validates it offline.
+
+## How the token gets to the client
+
+Initial validation on every full page load — no XHR:
+
+```
+Server-rendered page:
+  <head>
+    <meta name="x-scichart-license"
+          content="v2:<serverNonce>:<serverNow>:<hmac>" />
+  </head>
+
+SciChart WASM verifies HMAC against the runtime licence key's
+embedded server secret, checks clock skew against max_skew,
+enforces monotonicity, and caches the result in `scLicense`
+until valid_time has elapsed.
+```
+
+Re-validation when the cached cookie expires — uses the mapped endpoint:
+
+```
+Browser (SciChart.js)
+  → GET /api/license?orderid=<X>[&nonce=<hex>]
+  ← 200 OK  body: v2:[clientNonce:]serverNonce:serverNow:hmac
+```
+
+A long-running SPA that stays open past `valid_time` will hit this path; the meta tag from the original page render is no longer fresh enough. Licences with `validate_nonce=1` use the same endpoint and additionally echo a client-generated nonce.
+
+## Why a singleton
+
+`ISciChartLicenseTokenService` is registered as a singleton — the secret is hex-decoded to bytes once at first resolution. To rotate the secret, restart the host (the standard ASP.NET Core options pattern would otherwise hot-reload `IOptionsMonitor<T>`, but a token-signing key change is a security-sensitive event that warrants an explicit restart).
+
+## Differences from Advanced Server Licensing
+
+|                             | Simple (this package)                | Advanced (`SciChart.Server.Licensing`) |
+| --------------------------- | ------------------------------------ | -------------------------------------- |
+| Server dependency           | None (stdlib HMAC)                   | Native DLL + FFI                       |
+| Crypto                      | Symmetric HMAC-SHA256                | Asymmetric NaCl box                    |
+| Token validity              | Per-licence (`valid_time`)           | 7 days, daily re-validation            |
+| Cross-origin replay defence | Round-trip shape + client nonce      | Encrypted challenge enforces domain    |
+| Clock-skew tolerance        | Per-licence (`max_skew`, 0 disables) | Anchored on client time                |
+| Required feature flag       | `SV:H:V:N`                           | none                                   |

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/SciChart.AspNetCore.SimpleLicensing.csproj

@@ -0,0 +1,39 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <NoWarn>$(NoWarn);CS1591</NoWarn>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <PackageId>SciChart.AspNetCore.SimpleLicensing</PackageId>
+    <Version>1.0.0</Version>
+    <Authors>SciChart Ltd</Authors>
+    <Company>SciChart Ltd</Company>
+    <Product>SciChart.js Advanced Licensing</Product>
+    <Description>Server-side support for SciChart.js Simple Server Validation v2 in ASP.NET Core: token service, tag helper for inline meta-tag delivery, and an endpoint mapper for the round-trip shape.</Description>
+    <PackageProjectUrl>https://www.scichart.com</PackageProjectUrl>
+    <RepositoryUrl>https://github.com/ABTSoftware/SciChart.JS.Examples</RepositoryUrl>
+    <RepositoryType>git</RepositoryType>
+    <PackageLicenseFile>LICENSE.txt</PackageLicenseFile>
+    <PackageTags>scichart;licensing;aspnetcore;hmac</PackageTags>
+    <PackageReadmeFile>README.md</PackageReadmeFile>
+    <IsPackable>true</IsPackable>
+    <IncludeSymbols>true</IncludeSymbols>
+    <SymbolPackageFormat>snupkg</SymbolPackageFormat>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <FrameworkReference Include="Microsoft.AspNetCore.App" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Include="README.md" Pack="true" PackagePath="\" />
+    <None Include="LICENSE.txt" Pack="true" PackagePath="\" />
+  </ItemGroup>
+
+</Project>

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/SciChartLicenseTokenService.cs

@@ -0,0 +1,60 @@
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.RegularExpressions;
+using Microsoft.Extensions.Options;
+
+namespace SciChart.AspNetCore.SimpleLicensing;
+
+internal sealed class SciChartLicenseTokenService : ISciChartLicenseTokenService
+{
+    private static readonly Regex ClientNoncePattern =
+        new("^[0-9a-fA-F]{8,64}$", RegexOptions.Compiled);
+
+    private readonly byte[] _secretBytes;
+
+    public SciChartLicenseTokenService(IOptions<SciChartSimpleLicensingOptions> options)
+    {
+        var secret = options.Value.ServerSecret;
+        if (string.IsNullOrWhiteSpace(secret))
+        {
+            throw new InvalidOperationException(
+                "SciChartSimpleLicensingOptions.ServerSecret is not set. " +
+                "Configure it from SciChart MyAccount — a 64-character hex string.");
+        }
+        try
+        {
+            _secretBytes = Convert.FromHexString(secret);
+        }
+        catch (FormatException ex)
+        {
+            throw new InvalidOperationException(
+                "SciChartSimpleLicensingOptions.ServerSecret must be a hex string.", ex);
+        }
+    }
+
+    public string CreateInlineToken()
+    {
+        var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
+        var serverNonce = NewServerNonce();
+        return Sign($"v2:{serverNonce}:{now}");
+    }
+
+    public string CreateRoundTripToken(string clientNonce)
+    {
+        var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
+        var serverNonce = NewServerNonce();
+        return Sign($"v2:{clientNonce}:{serverNonce}:{now}");
+    }
+
+    public bool IsValidClientNonce(string clientNonce) =>
+        !string.IsNullOrEmpty(clientNonce) && ClientNoncePattern.IsMatch(clientNonce);
+
+    private static string NewServerNonce() =>
+        Convert.ToHexString(RandomNumberGenerator.GetBytes(8)).ToLowerInvariant();
+
+    private string Sign(string payload)
+    {
+        var mac = HMACSHA256.HashData(_secretBytes, Encoding.UTF8.GetBytes(payload));
+        return $"{payload}:{Convert.ToHexString(mac).ToLowerInvariant()}";
+    }
+}

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/SciChartSimpleLicensingEndpointRouteBuilderExtensions.cs

@@ -0,0 +1,41 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
+
+namespace SciChart.AspNetCore.SimpleLicensing;
+
+public static class SciChartSimpleLicensingEndpointRouteBuilderExtensions
+{
+    /// <summary>
+    /// Maps <c>GET {pattern}</c> (default <c>/api/license</c>) to serve SciChart v2 license tokens.
+    /// Returns the inline shape by default; if the request carries <c>?nonce=&lt;hex&gt;</c>, returns
+    /// the round-trip shape with the client nonce echoed and signed.
+    /// </summary>
+    /// <remarks>
+    /// Call this alongside the <c>&lt;scichart-license /&gt;</c> tag helper. The tag helper covers
+    /// initial validation on each full page load; this endpoint covers re-validation when the
+    /// cached <c>scLicense</c> cookie expires (after <c>valid_time</c>) without a page reload —
+    /// e.g. long-running SPA sessions — and is also the only path used when the licence has
+    /// <c>validate_nonce=1</c>.
+    /// </remarks>
+    public static RouteHandlerBuilder MapSciChartLicenseEndpoint(
+        this IEndpointRouteBuilder endpoints,
+        string pattern = "/api/license")
+    {
+        ArgumentNullException.ThrowIfNull(endpoints);
+
+        return endpoints.MapGet(pattern, (ISciChartLicenseTokenService svc, HttpContext ctx) =>
+        {
+            var rawNonce = ctx.Request.Query["nonce"].ToString();
+            if (!string.IsNullOrEmpty(rawNonce))
+            {
+                if (!svc.IsValidClientNonce(rawNonce))
+                {
+                    return Results.Text("Error: malformed client nonce", "text/plain", statusCode: 400);
+                }
+                return Results.Text(svc.CreateRoundTripToken(rawNonce), "text/plain");
+            }
+            return Results.Text(svc.CreateInlineToken(), "text/plain");
+        });
+    }
+}

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/SciChartSimpleLicensingOptions.cs

@@ -0,0 +1,13 @@
+namespace SciChart.AspNetCore.SimpleLicensing;
+
+/// <summary>
+/// Configuration for SciChart Simple Server Validation v2.
+/// </summary>
+public sealed class SciChartSimpleLicensingOptions
+{
+    /// <summary>
+    /// Server Secret from SciChart MyAccount (64 hex characters). Required.
+    /// Hex is decoded to raw bytes for the HMAC key — do not hex-decode it yourself.
+    /// </summary>
+    public string ServerSecret { get; set; } = string.Empty;
+}

AdvancedLicensing/SciChart.AspNetCore.SimpleLicensing/SciChartSimpleLicensingServiceCollectionExtensions.cs

@@ -0,0 +1,34 @@
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace SciChart.AspNetCore.SimpleLicensing;
+
+public static class SciChartSimpleLicensingServiceCollectionExtensions
+{
+    /// <summary>
+    /// Registers <see cref="ISciChartLicenseTokenService"/> and binds options from a delegate.
+    /// </summary>
+    public static IServiceCollection AddSciChartSimpleLicensing(
+        this IServiceCollection services,
+        Action<SciChartSimpleLicensingOptions> configure)
+    {
+        ArgumentNullException.ThrowIfNull(configure);
+        services.Configure(configure);
+        services.AddSingleton<ISciChartLicenseTokenService, SciChartLicenseTokenService>();
+        return services;
+    }
+
+    /// <summary>
+    /// Registers <see cref="ISciChartLicenseTokenService"/> and binds options from a configuration section
+    /// (e.g. <c>builder.Configuration.GetSection("SciChart")</c>).
+    /// </summary>
+    public static IServiceCollection AddSciChartSimpleLicensing(
+        this IServiceCollection services,
+        IConfiguration configuration)
+    {
+        ArgumentNullException.ThrowIfNull(configuration);
+        services.Configure<SciChartSimpleLicensingOptions>(configuration);
+        services.AddSingleton<ISciChartLicenseTokenService, SciChartLicenseTokenService>();
+        return services;
+    }
+}