LoanerLaserApp

← horaciovaldes.com

LoanerLaserApp Portfolio Overview

What This Project Is

LoanerLaserApp is a cross-platform desktop licensing client built with C#, .NET 8, and Avalonia UI using an MVVM architecture. It simulates the device-side workflow for pairing a licensed unit and applying payment authorization codes in an offline-first environment.

This project is designed as a realistic harness for a larger production ecosystem, where a controller system generates pairing data and payment codes, while the desktop app enforces local licensing state and validation rules.

Core Product Goal

The app demonstrates a complete offline licensing lifecycle:

1. Pair a device once using a compact phrase.
2. Persist local licensing state securely.
3. Validate one-time payment codes using HOTP counters.
4. Surface status, paid-through dates, and audit history in a clear operator UI.

The design emphasizes deterministic behavior, traceability, and clean platform abstraction.

Tech Stack

• Language: C#
• Runtime: .NET 8 (net8.0)
• UI Framework: Avalonia (Windows + macOS desktop)
• Pattern: MVVM
• Data Layer: SQLite (Microsoft.Data.Sqlite) with Dapper
• Crypto Strategy:
  • Windows: user-scoped DPAPI
  • macOS: AES-GCM with local key material managed in app-data

High-Level Architecture

The codebase is separated into focused layers:

• ViewModels/:
  • UI state orchestration
  • command handling (Pair, Apply Code, View Events, Unpair)
  • transition logic between “Not Paired” and “Paired” views
• Views/:
  • Avalonia XAML screens
  • clean bindings for pairing, status display, and payment input
• Services/:
  • pairing phrase parser/validator
  • licensing status calculations
  • user dialog abstraction
  • workflow service that coordinates repository + crypto + validation
• Services/Platform/:
  • OS-specific secret protection behind a shared interface
  • runtime factory for platform selection
• Repository/:
  • async persistence and event logging
  • single-state record storage model for the active paired device
• Models/:
  • state and snapshot contracts shared across layers

Functional Workflow

1) Pairing

The app accepts a compact controller-issued pairing phrase (LNR2-...) and validates structure + integrity.

On success, the app stores:

• serial number
• schedule metadata (ship date + interval + total payments)
• encrypted secret material
• payment counter initialized at zero

A pairing event is written to the audit trail.

Compatibility note:

• Older phrases without totalPayments are still accepted when possible.
• Legacy phrases map TotalPayments to a large sentinel value for compatibility.

2) Payment Code Validation

For each code submission, the app computes the expected HOTP counter based on local paid state and validates the entered code against the expected value.

Successful validation:

• increments paid counter
• updates last-accepted timestamp
• recomputes paid-through date
• logs acceptance event

Failed validation:

• preserves state
• logs rejection event
• returns user-friendly feedback

3) Status Computation

Status is derived from locally persisted values (no network dependency):

• paid-through date is computed from baseline schedule + successful payments
• active vs expired state is derived from current date comparison
• total payments metadata is preserved in state/snapshots for operator visibility

4) Unpair / Reset

The app supports a controlled reset flow:

• confirmation dialog
• deletion of current local license state
• audit event for unpair action

Security + Privacy Posture

This project intentionally avoids exposing operational secrets and sensitive identifiers.

Security-relevant behaviors included:

• no plaintext secret persistence
• platform-aware at-rest protection strategy
• strict parsing/validation before accepting pairing data
• append-only style event history for traceability

No sensitive production values are documented here.

Reliability and Engineering Practices

• asynchronous DB operations for responsive UI behavior
• service interfaces to keep platform/crypto logic out of viewmodels
• centralized status logic to avoid duplicated business rules
• explicit event taxonomy for support/debug workflows

Testing Notes

Decoder-focused tests live in LoanerLaserApp.Tests/Program.cs and include:

• round-trip parse with totalPayments
• CRC rejection for tampered phrases
• validation rejection for invalid totalPayments

Run locally:

dotnet run --project LoanerLaserApp.Tests/LoanerLaserApp.Tests.csproj

Why This Is Portfolio-Relevant

This project demonstrates practical desktop engineering skills across:

• cross-platform UI delivery
• local data modeling and persistence
• applied cryptography integration patterns
• protocol parsing/validation
• MVVM architecture and dependency boundaries
• production-style operator UX with auditability

It represents the kind of system integration work required when desktop clients participate in a broader licensing and entitlement platform.

Releases

• Windows x64 self-contained single-file EXE (2026-02-22): LoanerLaserApp-win-x64-selfcontained-2026-02-22.zip
• Latest Windows x64 alias: LoanerLaserApp-win-x64-selfcontained.zip

Operations Notes

• Migration: MIGRATION-2026-02-controller-secret-change.md