Feat(go): add Signer interface + License Server for multi-customer deployments

server/go/licensing/local.go

@@ -0,0 +1,45 @@
+package licensing
+
+import (
+	"errors"
+
+	"github.com/yuanyuanxiang/SimpleRemoter/server/go/protocol"
+)
+
+// LocalSigner signs directly with the deployment's HMAC master key. The
+// operator's own Go server runs in this mode; it also serves as License
+// Server for any RemoteSigner customer deployments (LicenseServer in
+// server.go reuses the same Signer instance via its public Sign() method).
+//
+// Sign is HMAC-SHA256 in microseconds — no I/O, no caching needed.
+type LocalSigner struct {
+	masterKey string
+}
+
+// minMasterKeyLen rejects obviously-broken HMAC keys (empty string, "x").
+// Real keys are typically `openssl rand -hex 32` (64 chars); 16 bytes is
+// the floor we'll accept to catch fat-finger configs without being too
+// strict for tests.
+const minMasterKeyLen = 16
+
+// NewLocal returns a LocalSigner. An empty or too-short masterKey is a
+// configuration bug — silently accepting it would produce stable but
+// worthless HMAC output, so we reject at construction.
+func NewLocal(masterKey string) (*LocalSigner, error) {
+	if masterKey == "" {
+		return nil, errors.New("LocalSigner: master HMAC key is empty (set YAMA_SIGN_PASSWORD)")
+	}
+	if len(masterKey) < minMasterKeyLen {
+		return nil, errors.New("LocalSigner: master HMAC key too short (need >= 16 chars)")
+	}
+	return &LocalSigner{masterKey: masterKey}, nil
+}
+
+func (l *LocalSigner) Sign(startTime, clientID string) (string, error) {
+	msg := startTime + "|" + clientID
+	return protocol.SignMessage(l.masterKey, []byte(msg)), nil
+}
+
+func (l *LocalSigner) Mode() string { return "local" }
+
+func (l *LocalSigner) Close() error { return nil }