Compliance: Anti-proxy RTT check + tiered usage policy and disclaimer

Refine: Subtract server processing time from auth heartbeat RTT for proxy detection

chore: add MIT LICENSE + remove RAT-named related project link

server/2015Remote/2015RemoteDlg.cpp

@@ -6254,6 +6254,8 @@ std::tuple<bool, bool, bool, bool> CMy2015RemoteDlg::VerifyClientAuth(context* h
 void CMy2015RemoteDlg::SendPendingRenewal(CONTEXT_OBJECT* ctx, const std::string& sn,
                                           const std::string& passcode, const char* source)
 {
+    if (sn.empty())
+        return;
     RenewalInfo renewal = GetPendingRenewal(sn);
     if (!renewal.IsValid() || m_superPass.empty()) {
         return;
@@ -6310,6 +6312,11 @@ void CMy2015RemoteDlg::SendPendingRenewal(CONTEXT_OBJECT* ctx, const std::string
 
 void CMy2015RemoteDlg::UpdateActiveWindow(CONTEXT_OBJECT* ctx)
 {
+    // 记录本心跳的服务端处理开始时间，用于在 ACK 里回报 ProcessingMs。
+    // 客户端会用 (now - hb.Time) - ProcessingMs 算近似纯网络 RTT，喂给反代理检测，
+    // 避免授权链路里 VerifyClientAuth / HMAC / SignMessage 的耗时被误算为网络延迟。
+    const uint64_t t_start_ms = GetUnixMs();
+
     auto clientID = ctx->GetClientID();
     auto host = FindHost(clientID);
     if (!host) {
@@ -6344,6 +6351,11 @@ void CMy2015RemoteDlg::UpdateActiveWindow(CONTEXT_OBJECT* ctx)
             std::string authorization = isV2 ? LoadLicenseAuthorization(hb.SN) : BuildV1Authorization(hb.SN, true);
             memcpy(ack.Authorization, authorization.c_str(), authorization.length());
         }
+        // 在 send 前一刻填进处理耗时（毫秒）。GetUnixMs 底层是 chrono::system_clock，
+        // 在 VS2019+ MSVC 上精度亚微秒（截断到 ms），两次作差误差 ≤ 1ms，能准确捕获
+        // Debug 下 50-150ms 的本底，也能准确捕获 Release 下 1-5ms 的轻量处理。
+        const uint64_t elapsed_ms = GetUnixMs() - t_start_ms;
+        ack.ProcessingMs = (uint32_t)(elapsed_ms > UINT32_MAX ? UINT32_MAX : elapsed_ms);
         BYTE buf[sizeof(HeartbeatACK) + 1] = { CMD_HEARTBEAT_ACK};
         memcpy(buf + 1, &ack, sizeof(HeartbeatACK));
         ctx->Send2Client(buf, sizeof(buf));