Welcome to the ultimate guide on securing your Flowork OS Local Applications against unauthorized leaks and reseller abuse.
In traditional desktop applications, developers often struggle with piracy because "locking" mere files is futile; users can easily copy and paste the folder to another PC. Flowork OS solves this elegantly through a Hybrid OS-Level Locking Architecture.
In Flowork OS, we do not lock the individual application folder. Instead, we Lock the Engine Itself. Without a verified active subscription synced from Cloudflare, the Golang engine outright refuses to serve the UI assets or execute the Python logic for your premium apps.
---
1. Defining the Access Tier in `schema.json`
Every local application in Flowork relies on a `schema.json` contract to bind the JavaScript Frontend to the Python Backend. This is also where you declare the commercial value of your app.
To protect an application (for example, an AI TikTok Streamer), simply add the `"tier"` property in your app's `schema.json`:
```json { "name": "tiktok-live-ai", "type": "app", "tier": "pro", "description": "Auto Live Stream reading TikTok Live Chat.", "entry_point": "script.py" } ```
The Tier Hierarchy
Flowork OS strictly enforces a descending hierarchy: 1. Enterprise: Can access all apps (Enterprise, Pro, Free). 2. Pro: Can access Pro and Free apps. Cannot access Enterprise apps. 3. Free: Can only access Free apps.By setting `"tier": "pro"`, you are ensuring that only users who have actively purchased a Pro or Enterprise subscription can open this application.
---
2. Global Engine Enforcement (The Golang Wall)
Once the `schema.json` demands a specific tier, the local Flowork OS engine (Golang) takes over. When a user attempts to open the app via the `/local-apps/` routing namespace, the Engine parses the schema before ANY assets are sent to the browser frame.
If the user's current `UserTier` does not meet the hierarchy requirement, the engine halts the request and returns a raw `403 Forbidden` HTML page:
```html ⚠️ Akses Ditolak Aplikasi ini membutuhkan Lisensi PRO yang aktif. Silakan perpanjang langganan Flowork OS Anda. ```
Because this block happens at the HTTP transmission level inside `main.go`, it is impossible to bypass. Even if a malicious user modifies your UI's `index.html` to remove visual locks, the Golang Engine simply won't serve the file.
---
3. The Trust-but-Verify Cloudflare Heartbeat
How does the Offline Engine know if the user is a VIP? Every time the Desktop OS is launched, the Engine performs an invisible background heartbeat called `initLicense()`.
1. Local Verification: The Engine reads `FloworkData/license.json` to get the saved License Key / JWT Token.
2. Cloud Ping: It sends an HTTP `GET` request to your Cloudflare Web infrastructure (`https://floworkos.com/api/v1/license`) attaching the `Authorization: Bearer
---
4. UI Privileges & Ad-Blockers
Licensing in Flowork OS isn't just about blocking access; it's about providing a premium VIP User Experience.
Inside `renderer.js` (the core Web UI script), the system actively queries the Engine for the active tier. If the user is on the `free` tier, the OS may inject Promotional Tabs or Ads natively into the Chrome instances upon initialization.
However, if the user possesses a `pro` or `enterprise` license, the OS intelligently bypasses the `startup.json` barrage:
```javascript if (userTier === "free") { // Inject Ads & Promotions const response = await fetch("https://floworkos.com/startup.json"); // ... } else { console.log("[VIP] Akun berbayar terdeteksi. Melewati iklan startup!"); } ```
---
Conclusion
Securing applications in Flowork OS guarantees peace of mind for developers and resellers. By centralizing the authentication to the Core OS instead of individual scripts, you create a robust, leak-proof SaaS model entirely offline.
Now, go build your next multi-million dollar app engine!