.

license/service.go

@@ -92,20 +92,33 @@ func ValidateLicenseHandler(db storage.Database) fiber.Handler {
 			return fiber.NewError(fiber.StatusBadRequest, "Invalid base64 payload")
 		}
 
+		// 1. 校验签名
 		if !VerifySignature(GetPublicKey(), payloadBytes, lf.Signature) {
 			return fiber.NewError(fiber.StatusUnauthorized, "Invalid license signature")
 		}
 
+		// 2. 解析 payload
 		var req LicenseRequest
 		if err := json.Unmarshal(payloadBytes, &req); err != nil {
 			return fiber.NewError(fiber.StatusBadRequest, "Malformed payload")
 		}
 
+		// 3. 验证是否过期
 		expiry, err := time.Parse("2006-01-02", req.Expiry)
 		if err != nil || time.Now().After(expiry) {
 			return fiber.NewError(fiber.StatusForbidden, "License expired")
 		}
 
+		// ✅ 4. 关键补充：校验调用者的 MachineID 与 license 中一致
+		// 从请求 Header 或 Body 读取实际设备 ID（假设从 Header 传）
+		clientMachineID := c.Get("X-Machine-ID")
+		if clientMachineID == "" {
+			return fiber.NewError(fiber.StatusBadRequest, "Missing machine ID in header")
+		}
+		if clientMachineID != req.MachineID {
+			return fiber.NewError(fiber.StatusForbidden, "Machine ID mismatch")
+		}
+
 		return c.JSON(fiber.Map{
 			"valid":    true,
 			"features": req.Features,

test_api_validate.sh

@@ -1,6 +1,7 @@
 curl -X POST http://localhost:13579/api/license/validate \
   -H "Content-Type: application/json" \
+  -H "X-Machine-ID: ABCDEF123456" \
   -d '{
     "payload": "eyJtYWNoaW5lX2lkIjoiQUJDREVGMTIzNDU2IiwiZXhwaXJ5IjoiMjAyNi0xMi0zMSIsImZlYXR1cmVzIjpbImdwdSIsIm9jciJdfQ==",
     "signature": "MEUCIQCIlcIopjSQE9UQpwnvZUn+GNNRuEHx2FzRdoLn50teNwIgHh5MXRWC36NEippKsSZoQjv2jE2ff3ihsbtRLYVFZ9Y="
-  }'
+  }'