← horaciovaldes.com
LoanerLaserApp Portfolio Overview
What This Project Is
LoanerLaserApp is a cross-platform desktop licensing client built with C#, .NET 8, and Avalonia UI using an MVVM architecture. It simulates the device-side workflow for pairing a licensed unit and applying payment authorization codes in an offline-first environment.
This project is designed as a realistic harness for a larger production ecosystem, where a controller system generates pairing data and payment codes, while the desktop app enforces local licensing state and validation rules.
Core Product Goal
The app demonstrates a complete offline licensing lifecycle:
- Pair a device once using a compact phrase.
- Persist local licensing state securely.
- Validate one-time payment codes using HOTP counters.
- Surface status, paid-through dates, and audit history in a clear operator UI.
The design emphasizes deterministic behavior, traceability, and clean platform abstraction.
Tech Stack
- Language: C#
- Runtime: .NET 8 (
net8.0)
- UI Framework: Avalonia (Windows + macOS desktop)
- Pattern: MVVM
- Data Layer: SQLite (
Microsoft.Data.Sqlite) with Dapper
- Crypto Strategy:
- Windows: user-scoped DPAPI
- macOS: AES-GCM with local key material managed in app-data
High-Level Architecture
The codebase is separated into focused layers:
ViewModels/:
- UI state orchestration
- command handling (
Pair, Apply Code, View Events, Unpair)
- transition logic between “Not Paired” and “Paired” views
Views/:
- Avalonia XAML screens
- clean bindings for pairing, status display, and payment input
Services/:
- pairing phrase parser/validator
- licensing status calculations
- user dialog abstraction
- workflow service that coordinates repository + crypto + validation
Services/Platform/:
- OS-specific secret protection behind a shared interface
- runtime factory for platform selection
Repository/:
- async persistence and event logging
- single-state record storage model for the active paired device
Models/:
- state and snapshot contracts shared across layers
Functional Workflow
1) Pairing
The app accepts a compact controller-issued pairing phrase (LNR2-...) and validates structure + integrity.
On success, the app stores:
- serial number
- schedule metadata (ship date + interval + total payments)
- encrypted secret material
- payment counter initialized at zero
A pairing event is written to the audit trail.
Compatibility note:
- Older phrases without
totalPayments are still accepted when possible.
- Legacy phrases map
TotalPayments to a large sentinel value for compatibility.
2) Payment Code Validation
For each code submission, the app computes the expected HOTP counter based on local paid state and validates the entered code against the expected value.
Successful validation:
- increments paid counter
- updates last-accepted timestamp
- recomputes paid-through date
- logs acceptance event
Failed validation:
- preserves state
- logs rejection event
- returns user-friendly feedback
3) Status Computation
Status is derived from locally persisted values (no network dependency):
- paid-through date is computed from baseline schedule + successful payments
- active vs expired state is derived from current date comparison
- total payments metadata is preserved in state/snapshots for operator visibility
4) Unpair / Reset
The app supports a controlled reset flow:
- confirmation dialog
- deletion of current local license state
- audit event for unpair action
Security + Privacy Posture
This project intentionally avoids exposing operational secrets and sensitive identifiers.
Security-relevant behaviors included:
- no plaintext secret persistence
- platform-aware at-rest protection strategy
- strict parsing/validation before accepting pairing data
- append-only style event history for traceability
No sensitive production values are documented here.
Reliability and Engineering Practices
- asynchronous DB operations for responsive UI behavior
- service interfaces to keep platform/crypto logic out of viewmodels
- centralized status logic to avoid duplicated business rules
- explicit event taxonomy for support/debug workflows
Testing Notes
Decoder-focused tests live in LoanerLaserApp.Tests/Program.cs and include:
- round-trip parse with
totalPayments
- CRC rejection for tampered phrases
- validation rejection for invalid
totalPayments
Run locally:
dotnet run --project LoanerLaserApp.Tests/LoanerLaserApp.Tests.csproj
Why This Is Portfolio-Relevant
This project demonstrates practical desktop engineering skills across:
- cross-platform UI delivery
- local data modeling and persistence
- applied cryptography integration patterns
- protocol parsing/validation
- MVVM architecture and dependency boundaries
- production-style operator UX with auditability
It represents the kind of system integration work required when desktop clients participate in a broader licensing and entitlement platform.
Releases
Operations Notes