feat[backend](billing): allow uploading and replacing the LICENSE

Author: Kbayero

backend/modules/audit/domain/event_type.go

@@ -161,6 +161,10 @@ const (
 	DATASOURCE_GROUP_UPDATE_SUCCESS  ApplicationEventType = "DATASOURCE_GROUP_UPDATE_SUCCESS"
 	DATASOURCE_GROUP_DELETE_ATTEMPT  ApplicationEventType = "DATASOURCE_GROUP_DELETE_ATTEMPT"
 	DATASOURCE_GROUP_DELETE_SUCCESS  ApplicationEventType = "DATASOURCE_GROUP_DELETE_SUCCESS"
+
+	// Replacing the signed LICENSE envelope (admin-only).
+	LICENSE_UPLOAD_ATTEMPT ApplicationEventType = "LICENSE_UPLOAD_ATTEMPT"
+	LICENSE_UPLOAD_SUCCESS ApplicationEventType = "LICENSE_UPLOAD_SUCCESS"
 	// SERVER_MODULE_CREATE_ATTEMPT       ApplicationEventType = "SERVER_MODULE_CREATE_ATTEMPT"
 	// SERVER_MODULE_CREATE_SUCCESS       ApplicationEventType = "SERVER_MODULE_CREATE_SUCCESS"
 	// SERVER_MODULE_UPDATE_ATTEMPT       ApplicationEventType = "SERVER_MODULE_UPDATE_ATTEMPT"

backend/modules/billing/domain/errors.go

@@ -0,0 +1,7 @@
+package domain
+
+import "errors"
+
+// ErrInvalidLicense is returned when an uploaded LICENSE envelope fails to
+// decrypt/verify against this instance, cannot be parsed, or is already expired.
+var ErrInvalidLicense = errors.New("invalid license")

backend/modules/billing/handler/license.go

@@ -1,14 +1,21 @@
 package handler
 
 import (
+	"errors"
+	"io"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
+	"github.com/threatwinds/go-sdk/catcher"
+	"github.com/utmstack/utmstack/backend/modules/audit"
+	audit_connectors "github.com/utmstack/utmstack/backend/modules/audit/connectors"
+	audit_domain "github.com/utmstack/utmstack/backend/modules/audit/domain"
 	"github.com/utmstack/utmstack/backend/modules/billing/domain"
 )
 
 type licenseProvider interface {
 	Current() domain.License
+	Replace(envelope []byte) (domain.License, error)
 }
 
 type LicenseHandler struct {
@@ -32,3 +39,52 @@ func NewLicenseHandler(license licenseProvider) *LicenseHandler {
 func (h *LicenseHandler) Get(c *gin.Context) {
 	c.JSON(http.StatusOK, h.license.Current())
 }
+
+// Upload godoc
+//
+//	@Summary     Upload/replace the signed LICENSE envelope (admin only)
+//	@Description Validates the uploaded LICENSE against this instance and, only if
+//	@Description valid (signature + not expired), atomically replaces the stored
+//	@Description license and returns the newly evaluated edition.
+//	@Tags        Billing
+//	@Security    BearerAuth
+//	@Accept      multipart/form-data
+//	@Produce     json
+//	@Param       file formData file true "LICENSE envelope file"
+//	@Success     200 {object} domain.License
+//	@Failure     400 {object} map[string]string
+//	@Failure     500 {object} map[string]string
+//	@Router      /billing/license [post]
+func (h *LicenseHandler) Upload(c *gin.Context) {
+	file, err := c.FormFile("file")
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "license file is required (multipart field 'file')"})
+		return
+	}
+	f, err := file.Open()
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "cannot open uploaded file"})
+		return
+	}
+	defer func() { _ = f.Close() }()
+
+	envelope, err := io.ReadAll(f)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "cannot read uploaded file"})
+		return
+	}
+
+	lic, err := h.license.Replace(envelope)
+	audit.Record(c, audit_connectors.Event{Action: "license.upload", ResourceType: "license"},
+		audit_domain.LICENSE_UPLOAD_ATTEMPT, audit_domain.LICENSE_UPLOAD_SUCCESS, err)
+	if err != nil {
+		if errors.Is(err, domain.ErrInvalidLicense) {
+			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+			return
+		}
+		_ = catcher.Error("billing: license upload failed", err, nil)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to install license"})
+		return
+	}
+	c.JSON(http.StatusOK, lic)
+}

backend/modules/billing/routes.go

@@ -3,6 +3,7 @@ package billing
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/utmstack/utmstack/backend/modules/billing/handler"
+	"github.com/utmstack/utmstack/backend/pkg/http/middleware"
 )
 
 func RegisterRoutes(api *gin.RouterGroup, m *Module, userAuth gin.HandlerFunc) {
@@ -12,4 +13,5 @@ func RegisterRoutes(api *gin.RouterGroup, m *Module, userAuth gin.HandlerFunc) {
 	g := api.Group("/billing", userAuth)
 	g.GET("/version", vh.Get)
 	g.GET("/license", lh.Get)
+	g.POST("/license", middleware.RequireAdmin(), lh.Upload) // upload/replace the LICENSE
 }

backend/modules/billing/usecase/license.go

@@ -3,6 +3,7 @@ package usecase
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
@@ -97,26 +98,32 @@ func (s *LicenseService) evaluate() domain.License {
 	if err != nil {
 		return domain.Community() // no license installed → community
 	}
+	lic, err := s.validateAndParse(envelope)
+	if err != nil {
+		_ = catcher.Error("billing: license invalid", err, nil)
+		return domain.Community()
+	}
+	return lic
+}
 
+func (s *LicenseService) validateAndParse(envelope []byte) (domain.License, error) {
 	instanceID := s.instanceID()
 	if instanceID == "" || s.publicKey == "" || s.salt == "" {
-		return domain.Community()
+		return domain.License{}, fmt.Errorf("license verification not configured")
 	}
 
 	decrypted, err := lm.DecryptAndVerifyFromBase64(strings.TrimSpace(string(envelope)), []string{instanceID, s.salt}, s.publicKey)
 	if err != nil {
-		_ = catcher.Error("billing: license decrypt/verify failed", err, nil)
-		return domain.Community()
+		return domain.License{}, fmt.Errorf("decrypt/verify failed: %w", err)
 	}
 
 	var inner licenseInner
 	if err := json.Unmarshal([]byte(decrypted), &inner); err != nil {
-		_ = catcher.Error("billing: cannot parse license payload", err, nil)
-		return domain.Community()
+		return domain.License{}, fmt.Errorf("cannot parse license payload: %w", err)
 	}
 
 	if time.Now().After(inner.ExpiresAt) {
-		return domain.Community() // expired → community
+		return domain.License{}, fmt.Errorf("license expired at %s", inner.ExpiresAt.Format(time.RFC3339))
 	}
 
 	return domain.License{
@@ -125,7 +132,26 @@ func (s *LicenseService) evaluate() domain.License {
 		Datasources: inner.Datasources,
 		Type:        inner.Type,
 		ExpiresAt:   inner.ExpiresAt,
+	}, nil
+}
+
+func (s *LicenseService) Replace(envelope []byte) (domain.License, error) {
+	if _, err := s.validateAndParse(envelope); err != nil {
+		return domain.License{}, fmt.Errorf("%w: %v", domain.ErrInvalidLicense, err)
+	}
+	if err := s.writeLicenseFile(envelope); err != nil {
+		return domain.License{}, fmt.Errorf("billing: cannot write license file: %w", err)
+	}
+	return s.Refresh(), nil
+}
+
+func (s *LicenseService) writeLicenseFile(envelope []byte) error {
+	data := []byte(strings.TrimSpace(string(envelope)) + "\n")
+	tmp := s.licenseFile + ".tmp"
+	if err := os.WriteFile(tmp, data, 0o600); err != nil {
+		return err
 	}
+	return os.Rename(tmp, s.licenseFile)
 }
 
 func (s *LicenseService) instanceID() string {