[AUTH] Implement Premium License Keys

[nullcount]

We want to allow access to premium features. Similar to the microservice for generating backup access tokens (see #11), there should be another service to generate and validate premium license keys.

My initial thoughts are to leverage ethereum addresses for this purpose. The central server maintains an Ether wallet. Using the xpub, we can generate unlimited unique addresses. This is a one-way function. The owner of a premium license has a unique ether address which they input in their node to unlock premium features.

I want to use ether addresses because I can imagine a future where the device users own does not even house their data, but rather it is a storj node and their data is hosted entirely on the tardigrade public cloud. In this model, each node will earn a share of STORJ tokens deposited to the ether address which is their premium key.

In this way we can easily calculate the earning from a particular node and use those earnings to allocate space for that node on the public cloud. This model allows users with good internet to potentially earn their data/storage usage rather than pay for it.

Even if we don't take it that far, using eth addresses should be easy and simple enough for this purpose.

[WillHHippo]

When you get a chance, let's break this down. This should be it's own project.

[nullcount]

The main Premium features are:

• Automatic Updates - new versions of the software can be installed with one click. Otherwise, you'll have to download and flash the newest IMG, or build the update yourself by pulling and installing it in command line.
• Public Cloud Backups - back up your entire HDD. Data is client-side encrypted, split into shards, and stored on PCs all over the world using the Tardigrade public cloud.
• Connect your node to one of our VPNs

Backups and VPN will have recurring costs. I don't think its sustainable to charge a 1-time fee for a license and provide unlimited access. Perhaps keys expire after a year or it's a month-to-month subscription.

I think a yearly license is easier to do, so for that we'll need an authentication server API that:

• Validates payment received
• Creates a new key with some expiration date
• Emails that key to the buyer
• Extends the expiration date of the key when new payment received
• Generates access tokens for tardigrade See #11 - the node will send a request for a new token passing their key as a param. With a valid, non-expired key, the endpoint returns a access token
• Generates access tokens for using the premium VPN service
• Revokes access tokens when the license expires
• Reinstates or generates new tokens when an expired license is renewed

Not sure if we can strictly enforce automatic updates to premium users only. Since any user can auto update with command line, they can just as easily write a script to update automatically for them or edit the code to enable the 1-cick update in the GUI.

It would be easy to bypass, but for normal users, a simple backend check if the license is valid before rendering the update button would work. So the API should also:

• Validate if a license is valid and how long until it expires

[nullcount]

This server can also host our drop-cloud.com (or whatever) webpage. The marketing site where they learn about the product and download the image.

[nullcount]

Generating addresses is pretty easy. We can create an Ether wallet then export the xpub to use on the auth server. Using the xpub, we can generate unlimited addresses: https://ethereum.stackexchange.com/questions/61969/how-to-generate-address-from-xpub-in-js

The addresses will be the license keys. This way, the private key can be stored in cold storage to protect funds. The xpub will be stored on the server and needs to be protected since anyone with the xpub can generate license keys. Each premium node can use their license an address to send us money. This gives us options for creative funding models in the future AND gives us a pretty solid key generation scheme today.

[nullcount]

Moving this to the auth repo. Closing.