""" Periodic cloud check-in. Runs every 5 minutes as an asyncio background task. Grace period: 72 hours (3 days) before marking unlicensed on connectivity failure. Lock behaviour: - cloud sets locked=true → set lock_pending=true in state - lock_pending is enforced at workday-close time (see business_day router) - while a workday is open, the site keeps running; lock applies once it closes License expiry behaviour: - 5 days before expiry → warning only (days_until_expiry in state) - on expiry → 5-day grace period begins (grace_expires_at in state) - after grace + no open workday → licensed=False enforced by business_day router """ import asyncio import json import logging import socket from datetime import datetime, timedelta, timezone from pathlib import Path import httpx from config import settings from middleware.license_check import license_state logger = logging.getLogger(__name__) SYNC_INTERVAL_SECONDS = 5 * 60 # 5 minutes GRACE_HOURS = 72 # 3 days offline grace EXPIRY_GRACE_DAYS = 5 # days after expiry before blocking EXPIRY_WARNING_DAYS = 5 # days before expiry to show warning STATE_FILE = Path(__file__).parent.parent / "license_state.json" def _load_persisted_state(): if STATE_FILE.exists(): try: data = json.loads(STATE_FILE.read_text()) license_state.update(data) logger.info("Loaded persisted license state: %s", data) except Exception as e: logger.warning("Could not load license state file: %s", e) def _persist_state(): try: STATE_FILE.write_text(json.dumps(license_state)) except Exception as e: logger.warning("Could not persist license state: %s", e) def _compute_expiry_fields(expires_at_str: str | None) -> dict: """Return days_until_expiry and grace_expires_at derived from expires_at.""" if not expires_at_str: return {"days_until_expiry": None, "grace_expires_at": None} try: expires_at = datetime.fromisoformat(expires_at_str) if expires_at.tzinfo is None: expires_at = expires_at.replace(tzinfo=timezone.utc) except ValueError: return {"days_until_expiry": None, "grace_expires_at": None} now = datetime.now(timezone.utc) days_until = (expires_at - now).days # negative once expired grace_expires_at = None if days_until < 0: grace_expires_at = (expires_at + timedelta(days=EXPIRY_GRACE_DAYS)).isoformat() return { "days_until_expiry": days_until, "grace_expires_at": grace_expires_at, } def _get_local_ip() -> str | None: """Best-effort detection of the host machine's LAN IP address. When running inside Docker the socket trick returns the container/bridge IP, so we honour HOST_IP if it is explicitly provided via the environment.""" import os if host_ip := os.environ.get("HOST_IP", "").strip(): return host_ip try: with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s: s.connect(("8.8.8.8", 80)) return s.getsockname()[0] except Exception: return None async def _sync_once(): if not settings.SITE_ID or not settings.CLOUD_URL: logger.debug("No SITE_ID/CLOUD_URL configured — skipping cloud sync") return try: local_ip = _get_local_ip() async with httpx.AsyncClient(timeout=10) as client: resp = await client.post( f"{settings.CLOUD_URL}/api/heartbeat/", headers={ "X-Site-ID": settings.SITE_ID, "X-Site-Key": settings.SITE_KEY, }, json={"version": settings.VERSION, "uptime_seconds": 0, "local_ip": local_ip}, ) resp.raise_for_status() data = resp.json() licensed = data.get("licensed", True) cloud_locked = data.get("locked", False) expires_at = data.get("expires_at") expiry_fields = _compute_expiry_fields(expires_at) # If cloud says locked, check whether a workday is currently open. # No open workday → lock immediately. # Open workday → defer to workday close (business_day router enforces it). if cloud_locked: from database import SessionLocal from models.business_day import BusinessDay db = SessionLocal() try: open_day = db.query(BusinessDay).filter(BusinessDay.status == "open").first() finally: db.close() if open_day: if not license_state.get("lock_pending"): license_state["lock_pending"] = True logger.info("Cloud requested lock — workday open, deferring to workday close") else: license_state["lock_pending"] = False license_state["locked"] = True logger.info("Cloud requested lock — no open workday, locking immediately") # If cloud lifts the lock, clear pending too if not cloud_locked: license_state["lock_pending"] = False license_state["locked"] = False license_state.update({ "licensed": licensed, "expires_at": expires_at, "latest_version": data.get("latest_version"), "waiter_domain": data.get("waiter_domain"), "last_sync": datetime.now(timezone.utc).isoformat(), "sync_failed": False, **expiry_fields, }) _persist_state() logger.info("Cloud sync OK: licensed=%s locked=%s expires_at=%s", licensed, cloud_locked, expires_at) except Exception as e: logger.warning("Cloud sync failed: %s", e) license_state["sync_failed"] = True last_sync_str = license_state.get("last_sync") if last_sync_str: try: last_sync = datetime.fromisoformat(last_sync_str) grace_expires = last_sync + timedelta(hours=GRACE_HOURS) if datetime.now(timezone.utc) > grace_expires: logger.error("72-hour offline grace period expired — marking unlicensed") license_state["licensed"] = False except ValueError: pass # Recompute expiry fields from cached expires_at even when offline expiry_fields = _compute_expiry_fields(license_state.get("expires_at")) license_state.update(expiry_fields) async def _sync_loop(): _load_persisted_state() while True: await _sync_once() await asyncio.sleep(SYNC_INTERVAL_SECONDS) async def start_cloud_sync() -> asyncio.Task: task = asyncio.create_task(_sync_loop()) return task