Session TTL & Heartbeats redesign

RAZKOM · RAZKOM · commit da8c3129c19e · 2026-04-22T00:52:38.000-05:00
diff --git a/AGENTS.md b/AGENTS.md
@@ -57,10 +57,18 @@ int main() {
 | `appId` | `std::string` | yes | — | Application ID |
 | `appSecret` | `std::string` | yes | — | Application secret |
 | `heartbeatMode` | `std::string` | yes | — | `"SERVER"` or `"LOCAL"` |
-| `heartbeatInterval` | `int` | no | `900` | Seconds between heartbeats |
+| `heartbeatInterval` | `int` | no | `900` | Seconds between heartbeats (any value ≥ 1 is supported; revocations apply on the next heartbeat) |
 | `apiBaseUrl` | `std::string` | no | `kDefaultApiBaseUrl` (`https://auth.authforge.cc`) | API base URL |
 | `onFailure` | `std::function<void(const std::string&, const std::exception*)>` | no | `nullptr` | Failure callback; if null, `std::exit(1)` |
 | `requestTimeout` | `int` | no | `15` | HTTP timeout (seconds) |
+| `ttlSeconds` | `int` | no | `0` (server default: 86400) | Requested session token lifetime. `0` means "server default". Server clamps to `[3600, 604800]`; preserved across heartbeat refreshes. |
+
+## Billing model
+
+- `Login()` calls `/auth/validate` and costs **1 credit**.
+- Heartbeats cost **1 credit per 10 successful calls** (billed on every 10th heartbeat).
+- Any heartbeat interval ≥ 1 second is economically safe — cost scales with how many heartbeats you send, not how often.
+- Revocations take effect on the **next** heartbeat regardless of interval.
 
 ## Methods
 
@@ -77,6 +85,9 @@ int main() {
 
 invalid_app, invalid_key, expired, revoked, hwid_mismatch, no_credits, blocked, rate_limited, replay_detected, session_expired, app_disabled, bad_request
 
+Notes:
+- `rate_limited` and `replay_detected` are only returned from `/auth/validate`. Heartbeats are not IP rate-limited and do not enforce nonce replay.
+
 ## Common patterns
 
 ### Reading license variables (feature gating)
diff --git a/README.md b/README.md
@@ -64,10 +64,18 @@ target_link_libraries(yourapp PRIVATE AuthForge::authforge_sdk)
 | `appSecret` | string | required | Your application secret from the AuthForge dashboard |
 | `publicKey` | string | required | App Ed25519 public key (base64) from dashboard |
 | `heartbeatMode` | string | required | `"SERVER"` or `"LOCAL"` (see below) |
-| `heartbeatInterval` | int | `900` | Seconds between heartbeat checks (default 15 min) |
+| `heartbeatInterval` | int | `900` | Seconds between heartbeat checks (any value ≥ 1; default 15 min) |
 | `apiBaseUrl` | string | `https://auth.authforge.cc` | API endpoint |
 | `onFailure` | std::function | `nullptr` | Callback `(const string&, const exception*)` on auth failure |
 | `requestTimeout` | int | `15` | HTTP request timeout in seconds |
+| `ttlSeconds` | int | `0` (server default: 86400) | Requested session token lifetime. `0` means "server default". Server clamps to `[3600, 604800]`; preserved across heartbeat refreshes. |
+
+## Billing
+
+- **One `Login()` call = 1 credit** (one `/auth/validate` debit).
+- **10 heartbeats on the same session = 1 credit** (debited on every 10th successful heartbeat).
+
+Any heartbeat interval is safe economically: a desktop app running 6h/day at a 15-minute interval burns ~3–4 credits/day; a server app running 24/7 at a 1-minute interval burns ~145 credits/day. Choose your interval based on how quickly you need revocations to propagate (they always land on the **next** heartbeat).
 
 ## Methods
 
diff --git a/authforge_sdk.cpp b/authforge_sdk.cpp
@@ -180,7 +180,8 @@ AuthForgeClient::AuthForgeClient(
     int heartbeatInterval,
     std::string apiBaseUrl,
     std::function<void(const std::string &, const std::exception *)> onFailure,
-    int requestTimeout)
+    int requestTimeout,
+    int ttlSeconds)
     : appId_(std::move(appId)),
       appSecret_(std::move(appSecret)),
       publicKey_(std::move(publicKey)),
@@ -189,6 +190,7 @@ AuthForgeClient::AuthForgeClient(
       apiBaseUrl_(std::move(apiBaseUrl)),
       onFailure_(std::move(onFailure)),
       requestTimeout_(requestTimeout),
+      ttlSeconds_(ttlSeconds > 0 ? ttlSeconds : 0),
       heartbeatStarted_(false) {
   if (appId_.empty()) {
     throw std::invalid_argument("app_id must be a non-empty string");
@@ -328,13 +330,19 @@ void AuthForgeClient::LocalHeartbeat() {
 
 void AuthForgeClient::ValidateAndStore(const std::string &licenseKey) {
   const std::string nonce = GenerateNonceHex32();
-  const std::string body = BuildJsonBody({
+  std::string body = BuildJsonBody({
       {"appId", appId_},
       {"appSecret", appSecret_},
       {"licenseKey", licenseKey},
       {"hwid", hwid_},
       {"nonce", nonce},
   });
+  // BuildJsonBody always emits string values; splice ttlSeconds in as a raw
+  // integer when the caller requested a custom session lifetime.
+  if (ttlSeconds_ > 0 && body.size() >= 2 && body.back() == '}') {
+    body.pop_back();
+    body += ",\"ttlSeconds\":" + std::to_string(ttlSeconds_) + "}";
+  }
   std::string usedNonce = nonce;
   const std::string response = PostJson("/auth/validate", body, &usedNonce);
   ApplySignedResponse(response, usedNonce, licenseKey, SigningContext::Validate);
diff --git a/authforge_sdk.h b/authforge_sdk.h
@@ -1,127 +1,132 @@
-#pragma once
-
-#include <cstdint>
-#include <exception>
-#include <functional>
-#include <mutex>
-#include <optional>
-#include <unordered_set>
-#include <string>
-#include <utility>
-#include <vector>
-
-namespace authforge {
-
-class AuthForgeClient {
-public:
-  static constexpr const char *kDefaultApiBaseUrl = "https://auth.authforge.cc";
-
-  AuthForgeClient(
-      std::string appId,
-      std::string appSecret,
-      std::string publicKey,
-      std::string heartbeatMode,
-      int heartbeatInterval = 900,
-      std::string apiBaseUrl = kDefaultApiBaseUrl,
-      std::function<void(const std::string &, const std::exception *)> onFailure = nullptr,
-      int requestTimeout = 15);
-
-  bool Login(const std::string &licenseKey);
-  void Logout();
-  bool IsAuthenticated() const;
-  std::optional<std::string> GetSessionDataJson() const;
-  std::optional<std::string> GetAppVariablesJson() const;
-  std::optional<std::string> GetLicenseVariablesJson() const;
-
-private:
-  struct JsonValue {
-    bool exists = false;
-    bool isString = false;
-    std::string value;
-  };
-
-  enum class SigningContext { Validate, Heartbeat };
-
-  void StartHeartbeatOnce();
-  void HeartbeatLoop() noexcept;
-  void ServerHeartbeat();
-  void LocalHeartbeat();
-  void ValidateAndStore(const std::string &licenseKey);
-  void ApplySignedResponse(const std::string &responseJson, const std::string &expectedNonce, const std::optional<std::string> &licenseKey, SigningContext context);
-
-  std::string PostJson(const std::string &path, const std::string &bodyJson, std::string *usedNonce = nullptr) const;
-  std::string ExtractServerError(const std::string &responseJson) const;
-  void Fail(const std::string &reason, const std::exception *exc = nullptr) const noexcept;
-
-  std::string GetHwid() const;
-  std::string SafeMacAddress() const;
-  std::string SafeCpuInfo() const;
-  std::string SafeDiskSerial() const;
-  std::string RunCommand(const std::string &command) const;
-
-  static bool ExtractJsonValue(const std::string &json, const std::string &key, JsonValue &outValue);
-  static std::optional<std::string> ExtractJsonString(const std::string &json, const std::string &key);
-  static std::optional<long long> ExtractJsonInt(const std::string &json, const std::string &key);
-  static std::string BuildJsonBody(const std::vector<std::pair<std::string, std::string>> &pairs);
-  static std::string EscapeJsonString(const std::string &value);
-  static std::string UnescapeJsonString(const std::string &value, bool &ok);
-  static std::string Trim(const std::string &value);
-  static std::string ToLower(std::string value);
-
-  static std::string GenerateNonceHex32();
-  static std::vector<unsigned char> Sha256Bytes(const std::string &input);
-  static std::string Sha256Hex(const std::string &input);
-  static std::string BytesToHexLower(const std::vector<unsigned char> &bytes);
-  static std::vector<unsigned char> DecodeBase64Any(const std::string &value);
-  static std::vector<unsigned char> DecodeBase64WithAlphabet(const std::string &value, bool urlSafe);
-  static std::string AddBase64Padding(const std::string &value);
-  static bool IsSuccessStatus(const JsonValue &status);
-  static std::optional<long long> ExtractExpiresInFromSessionToken(const std::string &sessionToken);
-  static std::optional<std::string> DecodeSessionTokenBody(const std::string &sessionToken);
-  void VerifySignature(const std::string &rawPayloadB64, const std::string &signature) const;
-
-  std::string appId_;
-  std::string appSecret_;
-  std::string publicKey_;
-  std::string heartbeatMode_;
-  int heartbeatInterval_;
-  std::string apiBaseUrl_;
-  std::function<void(const std::string &, const std::exception *)> onFailure_;
-  int requestTimeout_;
-
-  mutable std::mutex lock_;
-  bool heartbeatStarted_;
-
-  std::string licenseKey_;
-  std::string sessionToken_;
-  std::optional<long long> sessionExpiresIn_;
-  std::string lastNonce_;
-  std::string rawPayloadB64_;
-  std::string signature_;
-  std::string keyId_;
-  std::vector<unsigned char> verifyPublicKeyBytes_;
-  std::string sessionDataJson_;
-  std::string appVariablesJson_;
-  std::string licenseVariablesJson_;
-  bool authenticated_ = false;
-  bool heartbeatStop_ = false;
-  std::string hwid_;
-  std::unordered_set<std::string> knownServerErrors_ = {
-      "invalid_app",
-      "invalid_key",
-      "expired",
-      "revoked",
-      "hwid_mismatch",
-      "no_credits",
-      "app_burn_cap_reached",
-      "blocked",
-      "rate_limited",
-      "replay_detected",
-      "app_disabled",
-      "session_expired",
-      "bad_request",
-      "system_error",
-  };
-};
-
-} // namespace authforge
+#pragma once
+
+#include <cstdint>
+#include <exception>
+#include <functional>
+#include <mutex>
+#include <optional>
+#include <unordered_set>
+#include <string>
+#include <utility>
+#include <vector>
+
+namespace authforge {
+
+class AuthForgeClient {
+public:
+  static constexpr const char *kDefaultApiBaseUrl = "https://auth.authforge.cc";
+
+  AuthForgeClient(
+      std::string appId,
+      std::string appSecret,
+      std::string publicKey,
+      std::string heartbeatMode,
+      int heartbeatInterval = 900,
+      std::string apiBaseUrl = kDefaultApiBaseUrl,
+      std::function<void(const std::string &, const std::exception *)> onFailure = nullptr,
+      int requestTimeout = 15,
+      int ttlSeconds = 0);
+
+  bool Login(const std::string &licenseKey);
+  void Logout();
+  bool IsAuthenticated() const;
+  std::optional<std::string> GetSessionDataJson() const;
+  std::optional<std::string> GetAppVariablesJson() const;
+  std::optional<std::string> GetLicenseVariablesJson() const;
+
+private:
+  struct JsonValue {
+    bool exists = false;
+    bool isString = false;
+    std::string value;
+  };
+
+  enum class SigningContext { Validate, Heartbeat };
+
+  void StartHeartbeatOnce();
+  void HeartbeatLoop() noexcept;
+  void ServerHeartbeat();
+  void LocalHeartbeat();
+  void ValidateAndStore(const std::string &licenseKey);
+  void ApplySignedResponse(const std::string &responseJson, const std::string &expectedNonce, const std::optional<std::string> &licenseKey, SigningContext context);
+
+  std::string PostJson(const std::string &path, const std::string &bodyJson, std::string *usedNonce = nullptr) const;
+  std::string ExtractServerError(const std::string &responseJson) const;
+  void Fail(const std::string &reason, const std::exception *exc = nullptr) const noexcept;
+
+  std::string GetHwid() const;
+  std::string SafeMacAddress() const;
+  std::string SafeCpuInfo() const;
+  std::string SafeDiskSerial() const;
+  std::string RunCommand(const std::string &command) const;
+
+  static bool ExtractJsonValue(const std::string &json, const std::string &key, JsonValue &outValue);
+  static std::optional<std::string> ExtractJsonString(const std::string &json, const std::string &key);
+  static std::optional<long long> ExtractJsonInt(const std::string &json, const std::string &key);
+  static std::string BuildJsonBody(const std::vector<std::pair<std::string, std::string>> &pairs);
+  static std::string EscapeJsonString(const std::string &value);
+  static std::string UnescapeJsonString(const std::string &value, bool &ok);
+  static std::string Trim(const std::string &value);
+  static std::string ToLower(std::string value);
+
+  static std::string GenerateNonceHex32();
+  static std::vector<unsigned char> Sha256Bytes(const std::string &input);
+  static std::string Sha256Hex(const std::string &input);
+  static std::string BytesToHexLower(const std::vector<unsigned char> &bytes);
+  static std::vector<unsigned char> DecodeBase64Any(const std::string &value);
+  static std::vector<unsigned char> DecodeBase64WithAlphabet(const std::string &value, bool urlSafe);
+  static std::string AddBase64Padding(const std::string &value);
+  static bool IsSuccessStatus(const JsonValue &status);
+  static std::optional<long long> ExtractExpiresInFromSessionToken(const std::string &sessionToken);
+  static std::optional<std::string> DecodeSessionTokenBody(const std::string &sessionToken);
+  void VerifySignature(const std::string &rawPayloadB64, const std::string &signature) const;
+
+  std::string appId_;
+  std::string appSecret_;
+  std::string publicKey_;
+  std::string heartbeatMode_;
+  int heartbeatInterval_;
+  std::string apiBaseUrl_;
+  std::function<void(const std::string &, const std::exception *)> onFailure_;
+  int requestTimeout_;
+  // Requested session token lifetime in seconds for /auth/validate. 0 means
+  // "let the server pick its default" (24h today). Server clamps to
+  // [3600, 604800]; preserved across heartbeat refreshes.
+  int ttlSeconds_;
+
+  mutable std::mutex lock_;
+  bool heartbeatStarted_;
+
+  std::string licenseKey_;
+  std::string sessionToken_;
+  std::optional<long long> sessionExpiresIn_;
+  std::string lastNonce_;
+  std::string rawPayloadB64_;
+  std::string signature_;
+  std::string keyId_;
+  std::vector<unsigned char> verifyPublicKeyBytes_;
+  std::string sessionDataJson_;
+  std::string appVariablesJson_;
+  std::string licenseVariablesJson_;
+  bool authenticated_ = false;
+  bool heartbeatStop_ = false;
+  std::string hwid_;
+  std::unordered_set<std::string> knownServerErrors_ = {
+      "invalid_app",
+      "invalid_key",
+      "expired",
+      "revoked",
+      "hwid_mismatch",
+      "no_credits",
+      "app_burn_cap_reached",
+      "blocked",
+      "rate_limited",
+      "replay_detected",
+      "app_disabled",
+      "session_expired",
+      "bad_request",
+      "system_error",
+  };
+};
+
+} // namespace authforge
