diff --git a/src/SponsorLink/Analyzer/Analyzer.csproj b/src/SponsorLink/Analyzer/Analyzer.csproj
new file mode 100644
index 0000000..2aeffdd
--- /dev/null
+++ b/src/SponsorLink/Analyzer/Analyzer.csproj
@@ -0,0 +1,33 @@
+
+
+
+ netstandard2.0
+ true
+ analyzers/dotnet/roslyn4.0
+ true
+ $(MSBuildThisFileDirectory)..\SponsorLink.targets
+ true
+ true
+ disable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/Analyzer/Properties/launchSettings.json b/src/SponsorLink/Analyzer/Properties/launchSettings.json
new file mode 100644
index 0000000..de45107
--- /dev/null
+++ b/src/SponsorLink/Analyzer/Properties/launchSettings.json
@@ -0,0 +1,11 @@
+{
+ "profiles": {
+ "SponsorableLib": {
+ "commandName": "DebugRoslynComponent",
+ "targetProject": "..\\Tests\\Tests.csproj",
+ "environmentVariables": {
+ "SPONSORLINK_TRACE": "true"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/SponsorLink/Analyzer/StatusReportingAnalyzer.cs b/src/SponsorLink/Analyzer/StatusReportingAnalyzer.cs
new file mode 100644
index 0000000..e21acb7
--- /dev/null
+++ b/src/SponsorLink/Analyzer/StatusReportingAnalyzer.cs
@@ -0,0 +1,26 @@
+using System.Collections.Immutable;
+using Devlooped.Sponsors;
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.Diagnostics;
+using static Devlooped.Sponsors.SponsorLink;
+using static ThisAssembly.Constants;
+
+namespace Analyzer;
+
+[DiagnosticAnalyzer(LanguageNames.CSharp)]
+public class StatusReportingAnalyzer : DiagnosticAnalyzer
+{
+ public override ImmutableArray SupportedDiagnostics => ImmutableArray.Empty;
+
+ public override void Initialize(AnalysisContext context)
+ {
+ context.EnableConcurrentExecution();
+ context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
+
+ context.RegisterCodeBlockAction(c =>
+ {
+ var status = Diagnostics.GetStatus(Funding.Product);
+ Tracing.Trace($"Status: {status}");
+ });
+ }
+}
\ No newline at end of file
diff --git a/src/SponsorLink/Analyzer/buildTransitive/SponsorableLib.targets b/src/SponsorLink/Analyzer/buildTransitive/SponsorableLib.targets
new file mode 100644
index 0000000..fd1e6e4
--- /dev/null
+++ b/src/SponsorLink/Analyzer/buildTransitive/SponsorableLib.targets
@@ -0,0 +1,3 @@
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/Directory.Build.props b/src/SponsorLink/Directory.Build.props
new file mode 100644
index 0000000..c0a3e42
--- /dev/null
+++ b/src/SponsorLink/Directory.Build.props
@@ -0,0 +1,43 @@
+
+
+
+ false
+ latest
+ true
+ annotations
+ true
+
+ false
+ $([System.IO.Path]::GetFullPath('$(MSBuildThisFileDirectory)bin'))
+
+ https://pkg.kzu.app/index.json;https://api.nuget.org/v3/index.json
+ $(PackageOutputPath);$(RestoreSources)
+
+
+ 42.42.$([System.Math]::Floor($([MSBuild]::Divide($([System.DateTime]::Now.TimeOfDay.TotalSeconds), 10))))
+
+ SponsorableLib
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/SponsorLink/Directory.Build.targets b/src/SponsorLink/Directory.Build.targets
new file mode 100644
index 0000000..4ce4c80
--- /dev/null
+++ b/src/SponsorLink/Directory.Build.targets
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/Library/Library.csproj b/src/SponsorLink/Library/Library.csproj
new file mode 100644
index 0000000..f351273
--- /dev/null
+++ b/src/SponsorLink/Library/Library.csproj
@@ -0,0 +1,31 @@
+
+
+
+ netstandard2.0
+ true
+ SponsorableLib
+ Sample library incorporating SponsorLink checks
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+ MSBuild:Compile
+ $(IntermediateOutputPath)\$([MSBuild]::ValueOrDefault('%(RelativeDir)', '').Replace('\', '.').Replace('/', '.'))%(Filename).g$(DefaultLanguageSourceExtension)
+ $(Language)
+ $(RootNamespace)
+ $(RootNamespace).$([MSBuild]::ValueOrDefault('%(RelativeDir)', '').Replace('\', '.').Replace('/', '.').TrimEnd('.'))
+ %(Filename)
+
+
+
+
diff --git a/src/SponsorLink/Library/MyClass.cs b/src/SponsorLink/Library/MyClass.cs
new file mode 100644
index 0000000..7b7f6f5
--- /dev/null
+++ b/src/SponsorLink/Library/MyClass.cs
@@ -0,0 +1,5 @@
+namespace SponsorableLib;
+
+public class MyClass
+{
+}
diff --git a/src/SponsorLink/Library/Resources.resx b/src/SponsorLink/Library/Resources.resx
new file mode 100644
index 0000000..636fedc
--- /dev/null
+++ b/src/SponsorLink/Library/Resources.resx
@@ -0,0 +1,123 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ Bar
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink.targets b/src/SponsorLink/SponsorLink.targets
new file mode 100644
index 0000000..e62c21c
--- /dev/null
+++ b/src/SponsorLink/SponsorLink.targets
@@ -0,0 +1,138 @@
+
+
+
+
+
+
+ true
+
+ true
+
+ $([System.IO.File]::ReadAllText('$(MSBuildThisFileDirectory)SponsorLink/devlooped.pub.jwk'))
+
+
+ $(Product)
+
+ $([System.Text.RegularExpressions.Regex]::Replace("$(FundingProduct)", "[^A-Z]", ""))
+
+ 21
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ SponsorLink\%(RecursiveDir)%(Filename)%(Extension)
+
+
+ SponsorLink\%(RecursiveDir)%(Filename)%(Extension)
+
+
+ SponsorLink\%(RecursiveDir)%(Filename)%(Extension)
+
+
+ SponsorLink\%(PackagePath)
+
+
+
+
+
+ false
+
+
+ false
+
+
+ false
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ $([System.IO.Path]::GetFullPath($([System.IO.Path]::Combine('$(MSBuildProjectDirectory)','$(AssemblyOriginatorKeyFile)'))))
+ /keyfile:"$(AbsoluteAssemblyOriginatorKeyFile)" /delaysign
+ $(ILRepackArgs) /internalize
+ $(ILRepackArgs) /union
+
+ $(ILRepackArgs) @(LibDir -> '/lib:"%(Identity)."', ' ')
+ $(ILRepackArgs) /out:"@(IntermediateAssembly -> '%(FullPath)')"
+ $(ILRepackArgs) "@(IntermediateAssembly -> '%(FullPath)')"
+ $(ILRepackArgs) @(MergedAssemblies -> '"%(FullPath)"', ' ')
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/AppDomainDictionary.cs b/src/SponsorLink/SponsorLink/AppDomainDictionary.cs
new file mode 100644
index 0000000..05cc949
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/AppDomainDictionary.cs
@@ -0,0 +1,36 @@
+//
+#nullable enable
+using System;
+
+namespace Devlooped.Sponsors;
+
+///
+/// A helper class to store and retrieve values from the current
+/// as typed named values.
+///
+///
+/// This allows tools that run within the same app domain to share state, such as
+/// MSBuild tasks or Roslyn analyzers.
+///
+static class AppDomainDictionary
+{
+ ///
+ /// Gets the value associated with the specified name, or creates a new one if it doesn't exist.
+ ///
+ public static TValue Get(string name) where TValue : notnull, new()
+ {
+ var data = AppDomain.CurrentDomain.GetData(name);
+ if (data is TValue firstTry)
+ return firstTry;
+
+ lock (AppDomain.CurrentDomain)
+ {
+ if (AppDomain.CurrentDomain.GetData(name) is TValue secondTry)
+ return secondTry;
+
+ var newValue = new TValue();
+ AppDomain.CurrentDomain.SetData(name, newValue);
+ return newValue;
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/DiagnosticKind.cs b/src/SponsorLink/SponsorLink/DiagnosticKind.cs
new file mode 100644
index 0000000..a199ce5
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/DiagnosticKind.cs
@@ -0,0 +1,25 @@
+//
+namespace Devlooped.Sponsors;
+
+///
+/// The kind of SponsorLink diagnostic being reported.
+///
+public enum DiagnosticKind
+{
+ ///
+ /// Sponsorship status is unknown.
+ ///
+ Unknown,
+ ///
+ /// The sponsors manifest is expired but within the grace period.
+ ///
+ Expiring,
+ ///
+ /// The sponsors manifest is expired and outside the grace period.
+ ///
+ Expired,
+ ///
+ /// The user is sponsoring.
+ ///
+ Sponsor,
+}
diff --git a/src/SponsorLink/SponsorLink/DiagnosticsManager.cs b/src/SponsorLink/SponsorLink/DiagnosticsManager.cs
new file mode 100644
index 0000000..6672c37
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/DiagnosticsManager.cs
@@ -0,0 +1,139 @@
+//
+#nullable enable
+using System;
+using System.Collections.Concurrent;
+using System.Diagnostics.CodeAnalysis;
+using Humanizer;
+using Microsoft.CodeAnalysis;
+
+namespace Devlooped.Sponsors;
+
+///
+/// Manages diagnostics for the SponsorLink analyzer so that there are no duplicates
+/// when multiple projects share the same product name (i.e. ThisAssembly).
+///
+class DiagnosticsManager
+{
+ ///
+ /// Acceses the diagnostics dictionary for the current .
+ ///
+ ConcurrentDictionary Diagnostics
+ {
+ get => AppDomainDictionary.Get>(nameof(Diagnostics));
+ }
+
+ ///
+ /// Creates a descriptor from well-known diagnostic kinds.
+ ///
+ /// The names of the sponsorable accounts that can be funded for the given product.
+ /// The product or project developed by the sponsorable(s).
+ /// Custom prefix to use for diagnostic IDs.
+ /// The kind of diagnostic to create.
+ /// The given .
+ /// The is not one of the known ones.
+ public DiagnosticDescriptor GetDescriptor(string[] sponsorable, string product, string prefix, DiagnosticKind kind) => kind switch
+ {
+ DiagnosticKind.Unknown => CreateUnknown(sponsorable, product, prefix),
+ DiagnosticKind.Sponsor => CreateSponsor(sponsorable, prefix),
+ DiagnosticKind.Expiring => CreateExpiring(sponsorable, prefix),
+ DiagnosticKind.Expired => CreateExpired(sponsorable, prefix),
+ _ => throw new NotImplementedException(),
+ };
+
+ ///
+ /// Pushes a diagnostic for the given product. If an existing one exists, it is replaced.
+ ///
+ /// The same diagnostic that was pushed, for chained invocations.
+ public Diagnostic Push(string product, Diagnostic diagnostic)
+ {
+ // Directly sets, since we only expect to get one warning per sponsorable+product
+ // combination.
+ Diagnostics[product] = diagnostic;
+ return diagnostic;
+ }
+
+ ///
+ /// Attemps to remove a diagnostic for the given product.
+ ///
+ /// The product diagnostic that might have been pushed previously.
+ /// The removed diagnostic, or if none was previously pushed.
+ public Diagnostic? Pop(string product)
+ {
+ Diagnostics.TryRemove(product, out var diagnostic);
+ return diagnostic;
+ }
+
+ ///
+ /// Gets the status of the given product based on a previously stored diagnostic.
+ ///
+ /// The product to check status for.
+ /// Optional that was reported, if any.
+ public DiagnosticKind? GetStatus(string product)
+ {
+ // NOTE: the SponsorLinkAnalyzer.SetStatus uses diagnostic properties to store the
+ // kind of diagnostic as a simple string instead of the enum. We do this so that
+ // multiple analyzers or versions even across multiple products, which all would
+ // have their own enum, can still share the same diagnostic kind.
+ if (Diagnostics.TryGetValue(product, out var diagnostic) &&
+ diagnostic.Properties.TryGetValue(nameof(DiagnosticKind), out var value))
+ {
+ // Switch on value matching DiagnosticKind names
+ return value switch
+ {
+ nameof(DiagnosticKind.Unknown) => DiagnosticKind.Unknown,
+ nameof(DiagnosticKind.Sponsor) => DiagnosticKind.Sponsor,
+ nameof(DiagnosticKind.Expiring) => DiagnosticKind.Expiring,
+ nameof(DiagnosticKind.Expired) => DiagnosticKind.Expired,
+ _ => null,
+ };
+ }
+
+ return null;
+ }
+
+ static DiagnosticDescriptor CreateSponsor(string[] sponsorable, string prefix) => new(
+ $"{prefix}100",
+ ThisAssembly.Strings.Sponsor.Title,
+ ThisAssembly.Strings.Sponsor.MessageFormat,
+ "SponsorLink",
+ DiagnosticSeverity.Info,
+ isEnabledByDefault: true,
+ description: ThisAssembly.Strings.Sponsor.Description,
+ helpLinkUri: ThisAssembly.Git.Url,
+ "DoesNotSupportF1Help");
+
+ static DiagnosticDescriptor CreateUnknown(string[] sponsorable, string product, string prefix) => new(
+ $"{prefix}101",
+ ThisAssembly.Strings.Unknown.Title,
+ ThisAssembly.Strings.Unknown.MessageFormat,
+ "SponsorLink",
+ DiagnosticSeverity.Warning,
+ isEnabledByDefault: true,
+ description: ThisAssembly.Strings.Unknown.Description(
+ sponsorable.Humanize(x => $"https://github.com/sponsors/{x}"),
+ string.Join(" ", sponsorable)),
+ helpLinkUri: "https://www.devlooped.com/SponsorLink/",
+ WellKnownDiagnosticTags.NotConfigurable);
+
+ static DiagnosticDescriptor CreateExpiring(string[] sponsorable, string prefix) => new(
+ $"{prefix}103",
+ ThisAssembly.Strings.Expiring.Title,
+ ThisAssembly.Strings.Expiring.MessageFormat,
+ "SponsorLink",
+ DiagnosticSeverity.Warning,
+ isEnabledByDefault: true,
+ description: ThisAssembly.Strings.Expiring.Description(string.Join(" ", sponsorable)),
+ helpLinkUri: "https://www.devlooped.com/SponsorLink/github.html#auto-sync",
+ "DoesNotSupportF1Help", WellKnownDiagnosticTags.NotConfigurable);
+
+ static DiagnosticDescriptor CreateExpired(string[] sponsorable, string prefix) => new(
+ $"{prefix}104",
+ ThisAssembly.Strings.Expired.Title,
+ ThisAssembly.Strings.Expired.MessageFormat,
+ "SponsorLink",
+ DiagnosticSeverity.Warning,
+ isEnabledByDefault: true,
+ description: ThisAssembly.Strings.Expired.Description(string.Join(" ", sponsorable)),
+ helpLinkUri: "https://www.devlooped.com/SponsorLink/github.html#auto-sync",
+ "DoesNotSupportF1Help", WellKnownDiagnosticTags.NotConfigurable);
+}
diff --git a/src/SponsorLink/SponsorLink/Manifest.cs b/src/SponsorLink/SponsorLink/Manifest.cs
new file mode 100644
index 0000000..2b6cf66
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/Manifest.cs
@@ -0,0 +1,178 @@
+//
+#nullable enable
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Devlooped.Sponsors;
+
+///
+/// Validates manifests in JWT format.
+///
+static partial class Manifest
+{
+ ///
+ /// The resulting status from validation.
+ ///
+ public enum Status
+ {
+ ///
+ /// The manifest couldn't be read at all.
+ ///
+ Unknown,
+ ///
+ /// The manifest was read and is valid (not expired and properly signed).
+ ///
+ Valid,
+ ///
+ /// The manifest was read but has expired.
+ ///
+ Expired,
+ ///
+ /// The manifest was read, but its signature is invalid.
+ ///
+ Invalid,
+ }
+
+ public record JsonTokenKey(string Token, SecurityKey Key)
+ {
+ public JsonTokenKey(string jwt, string jwk) : this(jwt, JsonWebKey.Create(jwk)) { }
+ public static implicit operator JsonTokenKey((string token, SecurityKey key) value) => new(value.token, value.key);
+ }
+
+ ///
+ /// Gets the expiration date from the principal, if any.
+ ///
+ ///
+ /// Whichever "exp" claim is the latest, or if none found.
+ ///
+ public static DateTime? GetExpiration(this ClaimsPrincipal principal)
+ // get all "exp" claims, parse them and return the latest one or null if none found
+ => principal.FindAll("exp")
+ .Select(c => c.Value)
+ .Select(long.Parse)
+ .Select(DateTimeOffset.FromUnixTimeSeconds)
+ .Max().DateTime is var exp && exp == DateTime.MinValue ? null : exp;
+
+ ///
+ /// Reads all manifests, validating their signatures.
+ ///
+ /// The combined principal with all identities (and their claims) from each provided and valid JWT
+ /// The tokens to read and their corresponding JWK for signature verification.
+ /// if at least one manifest can be successfully read and is valid.
+ /// otherwise.
+ public static bool TryRead([NotNullWhen(true)] out ClaimsPrincipal? principal, IEnumerable<(string jwt, string jwk)> values)
+ => TryRead(out principal, values.Select(value => new JsonTokenKey(value.jwt, value.jwk)));
+
+ ///
+ /// Reads all manifests, validating their signatures.
+ ///
+ /// The combined principal with all identities (and their claims) from each provided and valid JWT
+ /// The tokens to read and their corresponding security key for signature verification.
+ /// if at least one manifest can be successfully read and is valid.
+ /// otherwise.
+ public static bool TryRead([NotNullWhen(true)] out ClaimsPrincipal? principal, IEnumerable values)
+ {
+ principal = null;
+
+ foreach (var value in values)
+ {
+ if (string.IsNullOrWhiteSpace(value.Token))
+ continue;
+
+ if (Validate(value.Token, value.Key, out var token, out var claims, false) == Status.Valid && claims != null)
+ {
+ if (principal == null)
+ principal = claims;
+ else
+ principal.AddIdentities(claims.Identities);
+ }
+ }
+
+ return principal != null;
+ }
+
+ ///
+ /// Reads all manifests, validating their signatures.
+ ///
+ /// The combined principal with all identities (and their claims) from each provided and valid JWT
+ /// The tokens to read and their corresponding security key for signature verification.
+ /// if at least one manifest can be successfully read and is valid.
+ /// otherwise.
+ public static bool TryRead([NotNullWhen(true)] out ClaimsPrincipal? principal, params JsonTokenKey[] values)
+ => TryRead(out principal, values);
+
+ ///
+ /// Validates the manifest signature and optional expiration.
+ ///
+ /// The JWT to validate.
+ /// The key to validate the manifest signature with.
+ /// Except when returning , returns the security token read from the JWT, even if signature check failed.
+ /// The associated claims, only when return value is not .
+ /// Whether to check for expiration.
+ /// The status of the validation.
+ public static Status Validate(string jwt, string key, out SecurityToken? token, out ClaimsPrincipal? principal, bool validateExpiration)
+ => Validate(jwt, JsonWebKey.Create(key), out token, out principal, validateExpiration);
+
+ ///
+ /// Validates the manifest signature and optional expiration.
+ ///
+ /// The JWT to validate.
+ /// The key to validate the manifest signature with.
+ /// Except when returning , returns the security token read from the JWT, even if signature check failed.
+ /// The associated claims, only when return value is not .
+ /// Whether to check for expiration.
+ /// The status of the validation.
+ public static Status Validate(string jwt, SecurityKey key, out SecurityToken? token, out ClaimsPrincipal? principal, bool validateExpiration)
+ {
+ token = default;
+ principal = default;
+ var handler = new JwtSecurityTokenHandler { MapInboundClaims = false };
+
+ if (!handler.CanReadToken(jwt))
+ return Status.Unknown;
+
+ var validation = new TokenValidationParameters
+ {
+ RequireExpirationTime = false,
+ ValidateLifetime = false,
+ ValidateAudience = false,
+ ValidateIssuer = false,
+ ValidateIssuerSigningKey = true,
+ IssuerSigningKey = key,
+ RoleClaimType = "roles",
+ NameClaimType = "sub",
+ };
+
+ try
+ {
+ principal = handler.ValidateToken(jwt, validation, out token);
+ if (validateExpiration && token.ValidTo == DateTime.MinValue)
+ return Status.Invalid;
+
+ // The sponsorable manifest does not have an expiration time.
+ if (validateExpiration && token.ValidTo < DateTimeOffset.UtcNow)
+ return Status.Expired;
+
+ return Status.Valid;
+ }
+ catch (SecurityTokenInvalidSignatureException)
+ {
+ var jwtToken = handler.ReadJwtToken(jwt);
+ token = jwtToken;
+ principal = new ClaimsPrincipal(new ClaimsIdentity(jwtToken.Claims));
+ return Status.Invalid;
+ }
+ catch (SecurityTokenException)
+ {
+ var jwtToken = handler.ReadJwtToken(jwt);
+ token = jwtToken;
+ principal = new ClaimsPrincipal(new ClaimsIdentity(jwtToken.Claims));
+ return Status.Invalid;
+ }
+ }
+}
diff --git a/src/SponsorLink/SponsorLink/SponsorLink.cs b/src/SponsorLink/SponsorLink/SponsorLink.cs
new file mode 100644
index 0000000..6b0c4ec
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/SponsorLink.cs
@@ -0,0 +1,43 @@
+//
+#nullable enable
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
+
+namespace Devlooped.Sponsors;
+
+partial class SponsorLink
+{
+ public static Dictionary Sponsorables { get; } = typeof(SponsorLink).Assembly
+ .GetCustomAttributes()
+ .Where(x => x.Key.StartsWith("Funding.GitHub."))
+ .Select(x => new { Key = x.Key[15..], x.Value })
+ .ToDictionary(x => x.Key, x => x.Value);
+
+ ///
+ /// Whether the current process is running in an IDE, either
+ /// or .
+ ///
+ public static bool IsEditor => IsVisualStudio || IsRider;
+
+ ///
+ /// Whether the current process is running as part of an active Visual Studio instance.
+ ///
+ public static bool IsVisualStudio =>
+ Environment.GetEnvironmentVariable("ServiceHubLogSessionKey") != null ||
+ Environment.GetEnvironmentVariable("VSAPPIDNAME") != null;
+
+ ///
+ /// Whether the current process is running as part of an active Rider instance.
+ ///
+ public static bool IsRider =>
+ Environment.GetEnvironmentVariable("RESHARPER_FUS_SESSION") != null ||
+ Environment.GetEnvironmentVariable("IDEA_INITIAL_DIRECTORY") != null;
+
+ ///
+ /// Manages the sharing and reporting of diagnostics across the source generator
+ /// and the diagnostic analyzer, to avoid doing the online check more than once.
+ ///
+ public static DiagnosticsManager Diagnostics { get; } = new();
+}
diff --git a/src/SponsorLink/SponsorLink/SponsorLink.csproj b/src/SponsorLink/SponsorLink/SponsorLink.csproj
new file mode 100644
index 0000000..4b00feb
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/SponsorLink.csproj
@@ -0,0 +1,46 @@
+
+
+
+ netstandard2.0
+ SponsorLink
+ disable
+ false
+
+
+
+ $([System.IO.File]::ReadAllText('$(MSBuildThisFileDirectory)devlooped.pub.jwk'))
+
+ $(Product)
+
+ $([System.Text.RegularExpressions.Regex]::Replace("$(FundingProduct)", "[^A-Z]", ""))
+
+ 21
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/SponsorLink/SponsorLink/SponsorLink.es.resx b/src/SponsorLink/SponsorLink/SponsorLink.es.resx
new file mode 100644
index 0000000..d8794ca
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/SponsorLink.es.resx
@@ -0,0 +1,163 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ Patrocinar los proyectos en que dependes asegura que se mantengan activos, y que recibas el apoyo que necesitas. También es muy económico y está disponible en todo el mundo!
+Por favor considera apoyar el proyecto patrocinando en {links} y ejecutando posteriormente 'gh sponsors sync {spaced}'.
+
+
+ No se pudo determinar el estado de su patrocinio. Funcionalidades exclusivas para patrocinadores pueden no estar disponibles.
+
+
+ Estado de patrocinio desconocido
+
+
+ Funcionalidades exclusivas para patrocinadores pueden no estar disponibles. Ejecuta 'gh sponsors sync {spaced}' y, opcionalmente, habilita la sincronización automática.
+
+
+ El estado de patrocino ha expirado y la sincronización automática no está habilitada.
+
+
+ El estado de patrocino ha expirado
+
+
+ Eres un verdadero héroe. Tu patrocinio ayuda a mantener el proyecto vivo y próspero 🙏.
+
+
+ Gracias por apoyar a {0} con tu patrocinio de {1} 💟!
+
+
+ Eres un patrocinador del proyecto, eres lo máximo 💟!
+
+
+ El estado de patrocino ha expirado y estás en un período de gracia. Ejecuta 'gh sponsors sync {spaced}' y, opcionalmente, habilita la sincronización automática.
+
+
+ El estado de patrocino necesita actualización periódica y la sincronización automática no está habilitada.
+
+
+ El estado de patrocino ha expirado y el período de gracia terminará pronto
+
+
+ y
+
+
+ o
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/SponsorLink.resx b/src/SponsorLink/SponsorLink/SponsorLink.resx
new file mode 100644
index 0000000..b8cdd5e
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/SponsorLink.resx
@@ -0,0 +1,164 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ Sponsoring projects you depend on ensures they remain active, and that you get the support you need. It's also super affordable and available worldwide!
+Please consider supporting the project by sponsoring at {links} and running 'gh sponsors sync {spaced}' afterwards.
+ Unknown sponsor description
+
+
+ Please consider supporting {0} by sponsoring {1} 🙏
+
+
+ Unknown sponsor status
+
+
+ Sponsor-only features may be disabled. Please run 'gh sponsors sync {spaced}' and optionally enable automatic sync.
+
+
+ Sponsor status has expired and automatic sync has not been enabled.
+
+
+ Sponsor status expired
+
+
+ You are a true hero. Your sponsorship helps keep the project alive and thriving 🙏.
+
+
+ Thank you for supporting {0} with your sponsorship 💟!
+
+
+ You are a sponsor of the project, you rock 💟!
+
+
+ Sponsor status has expired and you are in the grace period. Please run 'gh sponsors sync {spaced}' and optionally enable automatic sync.
+
+
+ Sponsor status needs periodic updating and automatic sync has not been enabled.
+
+
+ Sponsor status expired, grace period ending soon
+
+
+ and
+
+
+ or
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/SponsorLinkAnalyzer.cs b/src/SponsorLink/SponsorLink/SponsorLinkAnalyzer.cs
new file mode 100644
index 0000000..355e90c
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/SponsorLinkAnalyzer.cs
@@ -0,0 +1,124 @@
+using System;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using Humanizer;
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.Diagnostics;
+using static Devlooped.Sponsors.SponsorLink;
+using static ThisAssembly.Constants;
+
+namespace Devlooped.Sponsors;
+
+///
+/// Links the sponsor status for the current compilation.
+///
+[DiagnosticAnalyzer(LanguageNames.CSharp, LanguageNames.VisualBasic)]
+public class SponsorLinkAnalyzer : DiagnosticAnalyzer
+{
+ static readonly int graceDays = int.Parse(Funding.Grace);
+ static readonly Dictionary descriptors = new()
+ {
+ // Requires:
+ //
+ //
+ { DiagnosticKind.Unknown, Diagnostics.GetDescriptor([.. Sponsorables.Keys], Funding.Product, Funding.Prefix, DiagnosticKind.Unknown) },
+ { DiagnosticKind.Sponsor, Diagnostics.GetDescriptor([.. Sponsorables.Keys], Funding.Product, Funding.Prefix, DiagnosticKind.Sponsor) },
+ { DiagnosticKind.Expiring, Diagnostics.GetDescriptor([.. Sponsorables.Keys], Funding.Product, Funding.Prefix, DiagnosticKind.Expiring) },
+ { DiagnosticKind.Expired, Diagnostics.GetDescriptor([.. Sponsorables.Keys], Funding.Product, Funding.Prefix, DiagnosticKind.Expired) },
+ };
+
+ public override ImmutableArray SupportedDiagnostics { get; } = descriptors.Values.ToImmutableArray();
+
+#pragma warning disable RS1026 // Enable concurrent execution
+ public override void Initialize(AnalysisContext context)
+#pragma warning restore RS1026 // Enable concurrent execution
+ {
+#if !DEBUG
+ // Only enable concurrent execution in release builds, otherwise debugging is quite annoying.
+ context.EnableConcurrentExecution();
+#endif
+ context.ConfigureGeneratedCodeAnalysis(GeneratedCodeAnalysisFlags.None);
+
+#pragma warning disable RS1013 // Start action has no registered non-end actions
+ // We do this so that the status is set at compilation start so we can use it
+ // across all other analyzers. We report only on finish because multiple
+ // analyzers can report the same diagnostic and we want to avoid duplicates.
+ context.RegisterCompilationStartAction(ctx =>
+ {
+ var manifests = ctx.Options.AdditionalFiles
+ .Where(x =>
+ ctx.Options.AnalyzerConfigOptionsProvider.GetOptions(x).TryGetValue("build_metadata.AdditionalFiles.SourceItemType", out var itemType) &&
+ itemType == "SponsorManifest" &&
+ Sponsorables.ContainsKey(Path.GetFileNameWithoutExtension(x.Path)))
+ .ToImmutableArray();
+
+ // Setting the status early allows other analyzers to potentially check for it.
+ var status = SetStatus(manifests);
+ // Never report any diagnostic unless we're in an editor.
+ if (IsEditor)
+ {
+ // NOTE: even if we don't report the diagnostic, we still set the status so other analyzers can use it.
+ ctx.RegisterCompilationEndAction(ctx =>
+ {
+ if (Diagnostics.Pop(Funding.Product) is Diagnostic diagnostic)
+ {
+ ctx.ReportDiagnostic(diagnostic);
+ }
+ else
+ {
+ // This should never happen and would be a bug.
+ Debug.Assert(true, "We should have provided a diagnostic of some kind for " + Funding.Product);
+ // We'll report it as unknown as a fallback for now.
+ ctx.ReportDiagnostic(Diagnostic.Create(descriptors[DiagnosticKind.Unknown], null,
+ properties: ImmutableDictionary.Create().Add(nameof(DiagnosticKind), nameof(DiagnosticKind.Unknown)),
+ Funding.Product, Sponsorables.Keys.Humanize(ThisAssembly.Strings.Or)));
+ }
+ });
+ }
+ });
+#pragma warning restore RS1013 // Start action has no registered non-end actions
+ }
+
+ DiagnosticKind SetStatus(ImmutableArray manifests)
+ {
+ if (!Manifest.TryRead(out var claims, manifests.Select(text =>
+ (text.GetText()?.ToString() ?? "", Sponsorables[Path.GetFileNameWithoutExtension(text.Path)]))) ||
+ claims.GetExpiration() is not DateTime exp)
+ {
+ // report unknown, either unparsed manifest or one with no expiration (which we never emit).
+ Diagnostics.Push(Funding.Product, Diagnostic.Create(descriptors[DiagnosticKind.Unknown], null,
+ properties: ImmutableDictionary.Create().Add(nameof(DiagnosticKind), nameof(DiagnosticKind.Unknown)),
+ Funding.Product, Sponsorables.Keys.Humanize(ThisAssembly.Strings.Or)));
+ return DiagnosticKind.Unknown;
+ }
+ else if (exp < DateTime.Now)
+ {
+ // report expired or expiring soon if still within the configured days of grace period
+ if (exp.AddDays(graceDays) < DateTime.Now)
+ {
+ // report expiring soon
+ Diagnostics.Push(Funding.Product, Diagnostic.Create(descriptors[DiagnosticKind.Expiring], null,
+ properties: ImmutableDictionary.Create().Add(nameof(DiagnosticKind), nameof(DiagnosticKind.Expiring))));
+ return DiagnosticKind.Expiring;
+ }
+ else
+ {
+ // report expired
+ Diagnostics.Push(Funding.Product, Diagnostic.Create(descriptors[DiagnosticKind.Expired], null,
+ properties: ImmutableDictionary.Create().Add(nameof(DiagnosticKind), nameof(DiagnosticKind.Expired))));
+ return DiagnosticKind.Expired;
+ }
+ }
+ else
+ {
+ // report sponsor
+ Diagnostics.Push(Funding.Product, Diagnostic.Create(descriptors[DiagnosticKind.Sponsor], null,
+ properties: ImmutableDictionary.Create().Add(nameof(DiagnosticKind), nameof(DiagnosticKind.Sponsor)),
+ Funding.Product));
+ return DiagnosticKind.Sponsor;
+ }
+ }
+}
diff --git a/src/SponsorLink/SponsorLink/SponsorableLib.targets b/src/SponsorLink/SponsorLink/SponsorableLib.targets
new file mode 100644
index 0000000..8311ca6
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/SponsorableLib.targets
@@ -0,0 +1,60 @@
+
+
+
+
+ $([System.IO.Path]::GetFullPath($(MSBuildThisFileDirectory)sponsorable.md))
+
+
+
+
+
+
+
+
+
+ $(WarningsNotAsErrors);LIB001;LIB002;LIB003;LIB004;LIB005
+
+ $(BaseIntermediateOutputPath)autosync.stamp
+
+ $(HOME)
+ $(USERPROFILE)
+
+ true
+ $([System.IO.Path]::GetFullPath('$(UserProfileHome)/.sponsorlink'))
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ %(GitRoot.FullPath)
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/ThisAssembly.cs b/src/SponsorLink/SponsorLink/ThisAssembly.cs
new file mode 100644
index 0000000..65401f1
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/ThisAssembly.cs
@@ -0,0 +1,30 @@
+partial class ThisAssembly
+{
+ partial class Strings
+ {
+ partial class Unknown
+ {
+ public static string MessageFormat => GetResourceManager("Devlooped.SponsorLink").GetString("Unknown_Message");
+ }
+
+ partial class Expiring
+ {
+ public static string MessageFormat => GetResourceManager("Devlooped.SponsorLink").GetString("Expiring_Message");
+ }
+
+ partial class Expired
+ {
+ public static string MessageFormat => GetResourceManager("Devlooped.SponsorLink").GetString("Expired_Message");
+ }
+
+ partial class Grace
+ {
+ public static string MessageFormat => GetResourceManager("Devlooped.SponsorLink").GetString("Grace_Message");
+ }
+
+ partial class Sponsor
+ {
+ public static string MessageFormat => GetResourceManager("Devlooped.SponsorLink").GetString("Sponsor_Message");
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/Tracing.cs b/src/SponsorLink/SponsorLink/Tracing.cs
new file mode 100644
index 0000000..9201796
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/Tracing.cs
@@ -0,0 +1,53 @@
+//
+#nullable enable
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.CompilerServices;
+using System.Text;
+
+namespace Devlooped.Sponsors;
+
+static class Tracing
+{
+ public static void Trace(string message, object? value, [CallerArgumentExpression("value")] string? expression = null, [CallerFilePath] string? filePath = null, [CallerLineNumber] int lineNumber = 0)
+ => Trace($"{message}: {value} ({expression})", filePath, lineNumber);
+
+ public static void Trace(object? value, [CallerArgumentExpression("value")] string? expression = null, [CallerFilePath] string? filePath = null, [CallerLineNumber] int lineNumber = 0)
+ => Trace($"{value} ({expression})", filePath, lineNumber);
+
+ public static void Trace([CallerMemberName] string? message = null, [CallerFilePath] string? filePath = null, [CallerLineNumber] int lineNumber = 0)
+ {
+ var trace = !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("SPONSORLINK_TRACE"));
+#if DEBUG
+ trace = true;
+#endif
+
+ if (!trace)
+ return;
+
+ var line = new StringBuilder()
+ .Append($"[{DateTime.Now:O}]")
+ .Append($"[{Process.GetCurrentProcess().ProcessName}:{Process.GetCurrentProcess().Id}]")
+ .Append($" {message} ")
+ .AppendLine($" -> {filePath}({lineNumber})")
+ .ToString();
+
+ var dir = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData, Environment.SpecialFolderOption.Create);
+ var tries = 0;
+ // Best-effort only
+ while (tries < 10)
+ {
+ try
+ {
+ File.AppendAllText(Path.Combine(dir, "SponsorLink.log"), line);
+ Debugger.Log(0, "SponsorLink", line);
+ return;
+ }
+ catch (IOException)
+ {
+ tries++;
+ }
+ }
+ }
+}
diff --git a/src/SponsorLink/SponsorLink/buildTransitive/Devlooped.Sponsors.targets b/src/SponsorLink/SponsorLink/buildTransitive/Devlooped.Sponsors.targets
new file mode 100644
index 0000000..471f37f
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/buildTransitive/Devlooped.Sponsors.targets
@@ -0,0 +1,99 @@
+
+
+
+
+ $([System.DateTime]::Now.ToString("yyyy-MM-yy"))
+
+ $(BaseIntermediateOutputPath)autosync-$(Today).stamp
+
+ $(BaseIntermediateOutputPath)autosync.stamp
+
+ $(HOME)
+ $(USERPROFILE)
+
+ $([System.IO.Path]::GetFullPath('$(UserProfileHome)/.sponsorlink'))
+
+ $([System.IO.Path]::Combine('$(SponsorLinkHome)', '.netconfig'))
+
+
+
+
+
+
+
+
+
+
+
+
+ SL_CollectDependencies
+ $(SLDependsOn);SL_CheckAutoSync;SL_ReadAutoSyncEnabled;SL_SyncSponsors
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ %(SLConfigAutoSync.Identity)
+ true
+ false
+
+
+
+
+
+
+
+ $([System.IO.File]::ReadAllText($(AutoSyncStampFile)).Trim())
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/devlooped.pub.jwk b/src/SponsorLink/SponsorLink/devlooped.pub.jwk
new file mode 100644
index 0000000..cdf45c2
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/devlooped.pub.jwk
@@ -0,0 +1,5 @@
+{
+ "e": "AQAB",
+ "kty": "RSA",
+ "n": "5inhv8QymaDBOihNi1eY-6-hcIB5qSONFZxbxxXAyOtxAdjFCPM-94gIZqM9CDrX3pyg1lTJfml_a_FZSU9dB1ii5mSX_mNHBFXn1_l_gi1ErdbkIF5YbW6oxWFxf3G5mwVXwnPfxHTyQdmWQ3YJR-A3EB4kaFwLqA6Ha5lb2ObGpMTQJNakD4oTAGDhqHMGhu6PupGq5ie4qZcQ7N8ANw8xH7nicTkbqEhQABHWOTmLBWq5f5F6RYGF8P7cl0IWl_w4YcIZkGm2vX2fi26F9F60cU1v13GZEVDTXpJ9kzvYeM9sYk6fWaoyY2jhE51qbv0B0u6hScZiLREtm3n7ClJbIGXhkUppFS2JlNaX3rgQ6t-4LK8gUTyLt3zDs2H8OZyCwlCpfmGmdsUMkm1xX6t2r-95U3zywynxoWZfjBCJf41leM9OMKYwNWZ6LQMyo83HWw1PBIrX4ZLClFwqBcSYsXDyT8_ZLd1cdYmPfmtllIXxZhLClwT5qbCWv73V"
+}
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLink/sponsorable.md b/src/SponsorLink/SponsorLink/sponsorable.md
new file mode 100644
index 0000000..c023c25
--- /dev/null
+++ b/src/SponsorLink/SponsorLink/sponsorable.md
@@ -0,0 +1,5 @@
+# Why Sponsor
+
+Well, why not? It's super cheap :)
+
+This could even be partially auto-generated from FUNDING.yml and what-not.
\ No newline at end of file
diff --git a/src/SponsorLink/SponsorLinkAnalyzer.sln b/src/SponsorLink/SponsorLinkAnalyzer.sln
new file mode 100644
index 0000000..be206b1
--- /dev/null
+++ b/src/SponsorLink/SponsorLinkAnalyzer.sln
@@ -0,0 +1,43 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.10.34928.147
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Analyzer", "Analyzer\Analyzer.csproj", "{584984D6-926B-423D-9416-519613423BAE}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Library", "Library\Library.csproj", "{598CD398-A172-492C-8367-827D43276029}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Tests", "Tests\Tests.csproj", "{EA02494C-6ED4-47A0-8D43-20F50BE8554F}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SponsorLink", "SponsorLink\SponsorLink.csproj", "{B91C7E99-3D2E-4FDF-B017-9123E810197F}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {584984D6-926B-423D-9416-519613423BAE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {584984D6-926B-423D-9416-519613423BAE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {584984D6-926B-423D-9416-519613423BAE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {584984D6-926B-423D-9416-519613423BAE}.Release|Any CPU.Build.0 = Release|Any CPU
+ {598CD398-A172-492C-8367-827D43276029}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {598CD398-A172-492C-8367-827D43276029}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {598CD398-A172-492C-8367-827D43276029}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {598CD398-A172-492C-8367-827D43276029}.Release|Any CPU.Build.0 = Release|Any CPU
+ {EA02494C-6ED4-47A0-8D43-20F50BE8554F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {EA02494C-6ED4-47A0-8D43-20F50BE8554F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {EA02494C-6ED4-47A0-8D43-20F50BE8554F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {EA02494C-6ED4-47A0-8D43-20F50BE8554F}.Release|Any CPU.Build.0 = Release|Any CPU
+ {B91C7E99-3D2E-4FDF-B017-9123E810197F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {B91C7E99-3D2E-4FDF-B017-9123E810197F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {B91C7E99-3D2E-4FDF-B017-9123E810197F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {B91C7E99-3D2E-4FDF-B017-9123E810197F}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {1DDA0EFF-BEF6-49BB-8AA8-D71FE1CD3E6F}
+ EndGlobalSection
+EndGlobal
diff --git a/src/SponsorLink/Tests/.netconfig b/src/SponsorLink/Tests/.netconfig
new file mode 100644
index 0000000..3b3bd0d
--- /dev/null
+++ b/src/SponsorLink/Tests/.netconfig
@@ -0,0 +1,15 @@
+[file "SponsorableManifest.cs"]
+ url = https://github.com/devlooped/SponsorLink/blob/main/src/Core/SponsorableManifest.cs
+ sha = 976ecefc44d87217e04933d9cd7f6b950468410b
+ etag = e0c95e7fc6c0499dbc8c5cd28aa9a6a5a49c9d0ad41fe028a5a085aca7e00eaf
+ weak
+[file "JsonOptions.cs"]
+ url = https://github.com/devlooped/SponsorLink/blob/main/src/Core/JsonOptions.cs
+ sha = 79dc56ce45fc36df49e1c4f8875e93c297edc383
+ etag = 6e9a1b12757a97491441b9534ced4e5dac6d9d6334008fa0cd20575650bbd935
+ weak
+[file "Extensions.cs"]
+ url = https://github.com/devlooped/SponsorLink/blob/main/src/Core/Extensions.cs
+ sha = d204b667eace818934c49e09b5b08ea82aef87fa
+ etag = f68e11894103f8748ce290c29927bf1e4f749e743ae33d5350e72ed22c15d245
+ weak
diff --git a/src/SponsorLink/Tests/Attributes.cs b/src/SponsorLink/Tests/Attributes.cs
new file mode 100644
index 0000000..aa5f48d
--- /dev/null
+++ b/src/SponsorLink/Tests/Attributes.cs
@@ -0,0 +1,59 @@
+using Microsoft.Extensions.Configuration;
+using Xunit;
+
+public class SecretsFactAttribute : FactAttribute
+{
+ public SecretsFactAttribute(params string[] secrets)
+ {
+ var configuration = new ConfigurationBuilder()
+ .AddUserSecrets()
+ .Build();
+
+ var missing = new HashSet();
+
+ foreach (var secret in secrets)
+ {
+ if (string.IsNullOrEmpty(configuration[secret]))
+ missing.Add(secret);
+ }
+
+ if (missing.Count > 0)
+ Skip = "Missing user secrets: " + string.Join(',', missing);
+ }
+}
+
+public class LocalFactAttribute : SecretsFactAttribute
+{
+ public LocalFactAttribute(params string[] secrets) : base(secrets)
+ {
+ if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("CI")))
+ Skip = "Non-CI test";
+ }
+}
+
+public class CIFactAttribute : FactAttribute
+{
+ public CIFactAttribute()
+ {
+ if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("CI")))
+ Skip = "CI-only test";
+ }
+}
+
+public class LocalTheoryAttribute : TheoryAttribute
+{
+ public LocalTheoryAttribute()
+ {
+ if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("CI")))
+ Skip = "Non-CI test";
+ }
+}
+
+public class CITheoryAttribute : TheoryAttribute
+{
+ public CITheoryAttribute()
+ {
+ if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("CI")))
+ Skip = "CI-only test";
+ }
+}
\ No newline at end of file
diff --git a/src/SponsorLink/Tests/Extensions.cs b/src/SponsorLink/Tests/Extensions.cs
new file mode 100644
index 0000000..75a78b4
--- /dev/null
+++ b/src/SponsorLink/Tests/Extensions.cs
@@ -0,0 +1,43 @@
+using System.Diagnostics.CodeAnalysis;
+using System.Runtime.CompilerServices;
+using Microsoft.Extensions.Logging;
+
+namespace Devlooped.Sponsors;
+
+static class Extensions
+{
+ public static HashCode Add(this HashCode hash, params object[] items)
+ {
+ foreach (var item in items)
+ hash.Add(item);
+
+ return hash;
+ }
+
+
+ public static HashCode AddRange(this HashCode hash, IEnumerable items)
+ {
+ foreach (var item in items)
+ hash.Add(item);
+
+ return hash;
+ }
+
+ public static Array Cast(this Array array, Type elementType)
+ {
+ //Convert the object list to the destination array type.
+ var result = Array.CreateInstance(elementType, array.Length);
+ Array.Copy(array, result, array.Length);
+ return result;
+ }
+
+ public static void Assert(this ILogger logger, [DoesNotReturnIf(false)] bool condition, [CallerArgumentExpression(nameof(condition))] string? message = default, params object?[] args)
+ {
+ if (!condition)
+ {
+ //Debug.Assert(condition, message);
+ logger.LogError(message, args);
+ throw new InvalidOperationException(message);
+ }
+ }
+}
diff --git a/src/SponsorLink/Tests/JsonOptions.cs b/src/SponsorLink/Tests/JsonOptions.cs
new file mode 100644
index 0000000..c816eba
--- /dev/null
+++ b/src/SponsorLink/Tests/JsonOptions.cs
@@ -0,0 +1,72 @@
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using System.Text.Json.Serialization.Metadata;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Devlooped.Sponsors;
+
+static partial class JsonOptions
+{
+ public static JsonSerializerOptions Default { get; } =
+#if NET6_0_OR_GREATER
+ new(JsonSerializerDefaults.Web)
+#else
+ new()
+#endif
+ {
+ AllowTrailingCommas = true,
+ PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+ ReadCommentHandling = JsonCommentHandling.Skip,
+#if NET6_0_OR_GREATER
+ DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingDefault | JsonIgnoreCondition.WhenWritingNull,
+#endif
+ WriteIndented = true,
+ Converters =
+ {
+ new JsonStringEnumConverter(allowIntegerValues: false),
+#if NET6_0_OR_GREATER
+ new DateOnlyJsonConverter()
+#endif
+ }
+ };
+
+ public static JsonSerializerOptions JsonWebKey { get; } = new(JsonSerializerOptions.Default)
+ {
+ WriteIndented = true,
+ DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingDefault | JsonIgnoreCondition.WhenWritingNull,
+ TypeInfoResolver = new DefaultJsonTypeInfoResolver
+ {
+ Modifiers =
+ {
+ info =>
+ {
+ if (info.Type != typeof(JsonWebKey))
+ return;
+
+ foreach (var prop in info.Properties)
+ {
+ // Don't serialize empty lists, makes for more concise JWKs
+ prop.ShouldSerialize = (obj, value) =>
+ value is not null &&
+ (value is not IList list || list.Count > 0);
+ }
+ }
+ }
+ }
+ };
+
+
+#if NET6_0_OR_GREATER
+ public class DateOnlyJsonConverter : JsonConverter
+ {
+ public override DateOnly Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+ => DateOnly.Parse(reader.GetString()?[..10] ?? "", CultureInfo.InvariantCulture);
+
+ public override void Write(Utf8JsonWriter writer, DateOnly value, JsonSerializerOptions options)
+ => writer.WriteStringValue(value.ToString("O", CultureInfo.InvariantCulture));
+ }
+#endif
+}
diff --git a/src/SponsorLink/Tests/ManifestTests.cs b/src/SponsorLink/Tests/ManifestTests.cs
new file mode 100644
index 0000000..3d14cad
--- /dev/null
+++ b/src/SponsorLink/Tests/ManifestTests.cs
@@ -0,0 +1,136 @@
+extern alias Analyzer;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Analyzer::Devlooped.Sponsors;
+using Devlooped.Sponsors;
+using Microsoft.IdentityModel.Tokens;
+using Xunit;
+
+namespace Devlooped.Tests;
+
+public class ManifestTests
+{
+ // We need to convert to jwk string since the analyzer project has merged the JWT assembly and types.
+ public static string ToJwk(SecurityKey key)
+ => JsonSerializer.Serialize(
+ JsonWebKeyConverter.ConvertFromSecurityKey(key),
+ JsonOptions.JsonWebKey);
+
+ [Fact]
+ public void ValidateSponsorable()
+ {
+ var manifest = SponsorableManifest.Create(new Uri("https://foo.com"), [new Uri("https://github.com/sponsors/bar")], "ASDF1234");
+ var jwt = manifest.ToJwt();
+ var jwk = ToJwk(manifest.SecurityKey);
+
+ // NOTE: sponsorable manifest doesn't have expiration date.
+ var status = Manifest.Validate(jwt, jwk, out var token, out var principal, false);
+
+ Assert.Equal(Manifest.Status.Valid, status);
+ }
+
+ [Fact]
+ public void ValidateWrongKey()
+ {
+ var manifest = SponsorableManifest.Create(new Uri("https://foo.com"), [new Uri("https://github.com/sponsors/bar")], "ASDF1234");
+ var jwt = manifest.ToJwt();
+ var jwk = ToJwk(new RsaSecurityKey(RSA.Create()));
+
+ var status = Manifest.Validate(jwt, jwk, out var token, out var principal, false);
+
+ Assert.Equal(Manifest.Status.Invalid, status);
+
+ // We should still be a able to read the data, knowing it may have been tampered with.
+ Assert.NotNull(principal);
+ Assert.NotNull(token);
+ }
+
+ [Fact]
+ public void ValidateExpiredSponsor()
+ {
+ var manifest = SponsorableManifest.Create(new Uri("https://foo.com"), [new Uri("https://github.com/sponsors/bar")], "ASDF1234");
+ var jwk = ToJwk(manifest.SecurityKey);
+ var sponsor = manifest.Sign([], expiration: TimeSpan.Zero);
+
+ // Will be expired after this.
+ Thread.Sleep(1000);
+
+ var status = Manifest.Validate(sponsor, jwk, out var token, out var principal, true);
+
+ Assert.Equal(Manifest.Status.Expired, status);
+
+ // We should still be a able to read the data, even if expired (but not tampered with).
+ Assert.NotNull(principal);
+ Assert.NotNull(token);
+ }
+
+ [Fact]
+ public void ValidateUnknownFormat()
+ {
+ var manifest = SponsorableManifest.Create(new Uri("https://foo.com"), [new Uri("https://github.com/sponsors/bar")], "ASDF1234");
+ var jwk = ToJwk(manifest.SecurityKey);
+
+ var status = Manifest.Validate("asdfasdf", jwk, out var token, out var principal, false);
+
+ Assert.Equal(Manifest.Status.Unknown, status);
+
+ // Nothing could be read at all.
+ Assert.Null(principal);
+ Assert.Null(token);
+ }
+
+ [Fact]
+ public void TryRead()
+ {
+ var fooSponsorable = SponsorableManifest.Create(new Uri("https://foo.com"), [new Uri("https://github.com/sponsors/foo")], "ASDF1234");
+ var barSponsorable = SponsorableManifest.Create(new Uri("https://bar.com"), [new Uri("https://github.com/sponsors/bar")], "GHJK5678");
+
+ // Org sponsor and member of team
+ var fooSponsor = fooSponsorable.Sign([new("sub", "kzu"), new("email", "me@foo.com"), new("roles", "org"), new("roles", "team")], expiration: TimeSpan.FromDays(30));
+ // Org + personal sponsor
+ var barSponsor = barSponsorable.Sign([new("sub", "kzu"), new("email", "me@bar.com"), new("roles", "org"), new("roles", "user")], expiration: TimeSpan.FromDays(30));
+
+ Assert.True(Manifest.TryRead(out var principal,
+ [(fooSponsor, ToJwk(fooSponsorable.SecurityKey)),
+ (barSponsor, ToJwk(barSponsorable.SecurityKey))]));
+
+ // Can check role across both JWTs
+ Assert.True(principal.IsInRole("org"));
+ Assert.True(principal.IsInRole("team"));
+ Assert.True(principal.IsInRole("user"));
+
+ Assert.True(principal.HasClaim("sub", "kzu"));
+ Assert.True(principal.HasClaim("email", "me@foo.com"));
+ Assert.True(principal.HasClaim("email", "me@bar.com"));
+ }
+
+ [LocalFact]
+ public void ValidateCachedManifest()
+ {
+ var path = Environment.ExpandEnvironmentVariables("%userprofile%\\.sponsorlink\\github\\devlooped.jwt");
+ if (!File.Exists(path))
+ return;
+
+ var jwt = File.ReadAllText(path);
+
+ var status = Manifest.Validate(jwt,
+ """
+ {
+ "e": "AQAB",
+ "kty": "RSA",
+ "n": "5inhv8QymaDBOihNi1eY-6-hcIB5qSONFZxbxxXAyOtxAdjFCPM-94gIZqM9CDrX3pyg1lTJfml_a_FZSU9dB1ii5mSX_mNHBFXn1_l_gi1ErdbkIF5YbW6oxWFxf3G5mwVXwnPfxHTyQdmWQ3YJR-A3EB4kaFwLqA6Ha5lb2ObGpMTQJNakD4oTAGDhqHMGhu6PupGq5ie4qZcQ7N8ANw8xH7nicTkbqEhQABHWOTmLBWq5f5F6RYGF8P7cl0IWl_w4YcIZkGm2vX2fi26F9F60cU1v13GZEVDTXpJ9kzvYeM9sYk6fWaoyY2jhE51qbv0B0u6hScZiLREtm3n7ClJbIGXhkUppFS2JlNaX3rgQ6t-4LK8gUTyLt3zDs2H8OZyCwlCpfmGmdsUMkm1xX6t2r-95U3zywynxoWZfjBCJf41leM9OMKYwNWZ6LQMyo83HWw1PBIrX4ZLClFwqBcSYsXDyT8_ZLd1cdYmPfmtllIXxZhLClwT5qbCWv73V"
+ }
+ """
+ , out var token, out var principal, false);
+
+ Assert.Equal(Manifest.Status.Valid, status);
+ }
+}
diff --git a/src/SponsorLink/Tests/Sample.cs b/src/SponsorLink/Tests/Sample.cs
new file mode 100644
index 0000000..30f9a9c
--- /dev/null
+++ b/src/SponsorLink/Tests/Sample.cs
@@ -0,0 +1,59 @@
+extern alias Analyzer;
+using System;
+using System.Globalization;
+using System.Runtime.CompilerServices;
+using System.Security.Cryptography;
+using Analyzer::Devlooped.Sponsors;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Tests;
+
+public class Sample(ITestOutputHelper output)
+{
+ [Theory]
+ [InlineData("es-AR", DiagnosticKind.Unknown)]
+ [InlineData("es-AR", DiagnosticKind.Expiring)]
+ [InlineData("es-AR", DiagnosticKind.Expired)]
+ [InlineData("es-AR", DiagnosticKind.Sponsor)]
+ [InlineData("en", DiagnosticKind.Unknown)]
+ [InlineData("en", DiagnosticKind.Expiring)]
+ [InlineData("en", DiagnosticKind.Expired)]
+ [InlineData("en", DiagnosticKind.Sponsor)]
+ [InlineData("", DiagnosticKind.Unknown)]
+ [InlineData("", DiagnosticKind.Expiring)]
+ [InlineData("", DiagnosticKind.Expired)]
+ [InlineData("", DiagnosticKind.Sponsor)]
+ public void Test(string culture, DiagnosticKind kind)
+ {
+ Thread.CurrentThread.CurrentCulture = Thread.CurrentThread.CurrentUICulture =
+ culture == "" ? CultureInfo.InvariantCulture : CultureInfo.GetCultureInfo(culture);
+
+ var diag = new DiagnosticsManager().GetDescriptor(["foo"], "bar", "FB", kind);
+
+ output.WriteLine(diag.Title.ToString());
+ output.WriteLine(diag.MessageFormat.ToString());
+ output.WriteLine(diag.Description.ToString());
+ }
+
+ [Fact]
+ public void RenderSponsorables()
+ {
+ Assert.NotEmpty(SponsorLink.Sponsorables);
+
+ foreach (var pair in SponsorLink.Sponsorables)
+ {
+ output.WriteLine($"{pair.Key} = {pair.Value}");
+ // Read the JWK
+ var jsonWebKey = Microsoft.IdentityModel.Tokens.JsonWebKey.Create(pair.Value);
+
+ Assert.NotNull(jsonWebKey);
+
+ using var key = RSA.Create(new RSAParameters
+ {
+ Modulus = Microsoft.IdentityModel.Tokens.Base64UrlEncoder.DecodeBytes(jsonWebKey.N),
+ Exponent = Microsoft.IdentityModel.Tokens.Base64UrlEncoder.DecodeBytes(jsonWebKey.E),
+ });
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/SponsorLink/Tests/SponsorableManifest.cs b/src/SponsorLink/Tests/SponsorableManifest.cs
new file mode 100644
index 0000000..5ae6e3f
--- /dev/null
+++ b/src/SponsorLink/Tests/SponsorableManifest.cs
@@ -0,0 +1,309 @@
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text.Json;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Devlooped.Sponsors;
+
+///
+/// The serializable manifest of a sponsorable user, as persisted
+/// in the .github/sponsorlink.jwt file.
+///
+public class SponsorableManifest
+{
+ ///
+ /// Overall manifest status.
+ ///
+ public enum Status
+ {
+ ///
+ /// SponsorLink manifest is invalid.
+ ///
+ Invalid,
+ ///
+ /// The manifest has an audience that doesn't match the sponsorable account.
+ ///
+ AccountMismatch,
+ ///
+ /// SponsorLink manifest not found for the given account, so it's not supported.
+ ///
+ NotFound,
+ ///
+ /// Manifest was successfully fetched and validated.
+ ///
+ OK,
+ }
+
+ ///
+ /// Creates a new manifest with a new RSA key pair.
+ ///
+ public static SponsorableManifest Create(Uri issuer, Uri[] audience, string clientId)
+ {
+ var rsa = RSA.Create(3072);
+ var pub = Convert.ToBase64String(rsa.ExportRSAPublicKey());
+
+ return new SponsorableManifest(issuer, audience, clientId, new RsaSecurityKey(rsa), pub);
+ }
+
+ public static async Task<(Status, SponsorableManifest?)> FetchAsync(string sponsorable, string? branch, HttpClient? http = default)
+ {
+ // Try to detect sponsorlink manifest in the sponsorable .github repo
+ var url = $"https://github.com/{sponsorable}/.github/raw/{branch ?? "main"}/sponsorlink.jwt";
+
+ // Manifest should be public, so no need for any special HTTP client.
+ using (http ??= new HttpClient())
+ {
+ var response = await http.GetAsync(url);
+ if (!response.IsSuccessStatusCode)
+ return (Status.NotFound, default);
+
+ var jwt = await response.Content.ReadAsStringAsync();
+ if (!TryRead(jwt, out var manifest, out var missingClaim))
+ return (Status.Invalid, default);
+
+ // Manifest audience should match the sponsorable account to avoid weird issues?
+ if (sponsorable != manifest.Sponsorable)
+ return (Status.AccountMismatch, default);
+
+ return (Status.OK, manifest);
+ }
+ }
+
+ ///
+ /// Parses a JWT into a .
+ ///
+ /// The JWT containing the sponsorable information.
+ /// The parsed manifest, if not required claims are missing.
+ /// The missing required claim, if any.
+ /// A validated manifest.
+ public static bool TryRead(string jwt, [NotNullWhen(true)] out SponsorableManifest? manifest, out string? missingClaim)
+ {
+ var handler = new JwtSecurityTokenHandler { MapInboundClaims = false };
+ missingClaim = null;
+ manifest = default;
+
+ if (!handler.CanReadToken(jwt))
+ return false;
+
+ var token = handler.ReadJwtToken(jwt);
+ var issuer = token.Issuer;
+
+ if (token.Audiences.FirstOrDefault(x => x.StartsWith("https://github.com/")) is null)
+ {
+ missingClaim = "aud";
+ return false;
+ }
+
+ if (token.Claims.FirstOrDefault(c => c.Type == "client_id")?.Value is not string clientId)
+ {
+ missingClaim = "client_id";
+ return false;
+ }
+
+ if (token.Claims.FirstOrDefault(c => c.Type == "pub")?.Value is not string pub)
+ {
+ missingClaim = "pub";
+ return false;
+ }
+
+ if (token.Claims.FirstOrDefault(c => c.Type == "sub_jwk")?.Value is not string jwk)
+ {
+ missingClaim = "sub_jwk";
+ return false;
+ }
+
+ var key = new JsonWebKeySet { Keys = { JsonWebKey.Create(jwk) } }.GetSigningKeys().First();
+ manifest = new SponsorableManifest(new Uri(issuer), token.Audiences.Select(x => new Uri(x)).ToArray(), clientId, key, pub);
+
+ return true;
+ }
+
+ public SponsorableManifest(Uri issuer, Uri[] audience, string clientId, SecurityKey publicKey, string publicRsaKey)
+ {
+ Issuer = issuer.AbsoluteUri;
+ Audience = audience.Select(a => a.AbsoluteUri.TrimEnd('/')).ToArray();
+ ClientId = clientId;
+ SecurityKey = publicKey;
+ PublicKey = publicRsaKey;
+ Sponsorable = audience.Where(x => x.Host == "github.com").Select(x => x.Segments.LastOrDefault()?.TrimEnd('/')).FirstOrDefault() ??
+ throw new ArgumentException("At least one of the intended audience must be a GitHub sponsors URL.");
+ }
+
+ ///
+ /// Converts (and optionally signs) the manifest into a JWT. Never exports the private key.
+ ///
+ /// Optional credentials when signing the resulting manifest. Defaults to the if it has a private key.
+ /// The JWT manifest.
+ public string ToJwt(SigningCredentials? signing = default)
+ {
+ var jwk = JsonWebKeyConverter.ConvertFromSecurityKey(SecurityKey);
+
+ // Automatically sign if the manifest was created with a private key
+ if (SecurityKey is RsaSecurityKey rsa && rsa.PrivateKeyStatus == PrivateKeyStatus.Exists)
+ {
+ signing ??= new SigningCredentials(rsa, SecurityAlgorithms.RsaSha256);
+
+ // Ensure we never serialize the private key
+ jwk = JsonWebKeyConverter.ConvertFromRSASecurityKey(new RsaSecurityKey(rsa.Rsa.ExportParameters(false)));
+ }
+
+ var token = new JwtSecurityToken(
+ claims:
+ new[] { new Claim(JwtRegisteredClaimNames.Iss, Issuer) }
+ .Concat(Audience.Select(x => new Claim(JwtRegisteredClaimNames.Aud, x)))
+ .Concat(
+ [
+ // See https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6
+ new(JwtRegisteredClaimNames.Iat, Math.Truncate((DateTime.UtcNow - DateTime.UnixEpoch).TotalSeconds).ToString()),
+ new("client_id", ClientId),
+ // non-standard claim containing the base64-encoded public key
+ new("pub", PublicKey),
+ // standard claim, serialized as a JSON string, not an encoded JSON object
+ new("sub_jwk", JsonSerializer.Serialize(jwk, JsonOptions.JsonWebKey), JsonClaimValueTypes.Json),
+ ]),
+ signingCredentials: signing);
+
+ return new JwtSecurityTokenHandler().WriteToken(token);
+ }
+
+ ///
+ /// Sign the JWT claims with the provided RSA key.
+ ///
+ public string Sign(IEnumerable claims, RSA rsa, TimeSpan? expiration = default)
+ => Sign(claims, new RsaSecurityKey(rsa), expiration);
+
+ public string Sign(IEnumerable claims, RsaSecurityKey? key = default, TimeSpan? expiration = default)
+ {
+ var rsa = key ?? SecurityKey as RsaSecurityKey;
+ if (rsa?.PrivateKeyStatus != PrivateKeyStatus.Exists)
+ throw new NotSupportedException("No private key found to sign the manifest.");
+
+ var signing = new SigningCredentials(rsa, SecurityAlgorithms.RsaSha256);
+
+ var expirationDate = expiration != null ?
+ DateTime.UtcNow.Add(expiration.Value) :
+ // Expire the first day of the next month
+ new DateTime(
+ DateTime.UtcNow.AddMonths(1).Year,
+ DateTime.UtcNow.AddMonths(1).Month, 1,
+ // Use current time so they don't expire all at the same time
+ DateTime.UtcNow.Hour,
+ DateTime.UtcNow.Minute,
+ DateTime.UtcNow.Second,
+ DateTime.UtcNow.Millisecond,
+ DateTimeKind.Utc);
+
+ var tokenClaims = claims.Where(x => x.Type != JwtRegisteredClaimNames.Iat && x.Type != JwtRegisteredClaimNames.Exp).ToList();
+
+ // See https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6
+ tokenClaims.Add(new(JwtRegisteredClaimNames.Iat, Math.Truncate((DateTime.UtcNow - DateTime.UnixEpoch).TotalSeconds).ToString()));
+
+ if (tokenClaims.Find(c => c.Type == JwtRegisteredClaimNames.Iss) is { } issuer)
+ {
+ if (issuer.Value != Issuer)
+ throw new ArgumentException($"The received claims contain an incompatible 'iss' claim. If present, the claim must contain the value '{Issuer}' but was '{issuer.Value}'.");
+ }
+ else
+ {
+ tokenClaims.Insert(0, new(JwtRegisteredClaimNames.Iss, Issuer));
+ }
+
+ if (tokenClaims.Find(c => c.Type == "client_id") is { } clientId)
+ {
+ if (clientId.Value != ClientId)
+ throw new ArgumentException($"The received claims contain an incompatible 'client_id' claim. If present, the claim must contain the value '{ClientId}' but was '{clientId.Value}'.");
+ }
+ else
+ {
+ tokenClaims.Add(new("client_id", ClientId));
+ }
+
+ // Avoid duplicating audience claims
+ foreach (var audience in Audience)
+ {
+ // Always compare ignoring trailing /
+ if (tokenClaims.Find(c => c.Type == JwtRegisteredClaimNames.Aud && c.Value.TrimEnd('/') == audience.TrimEnd('/')) == null)
+ tokenClaims.Insert(1, new(JwtRegisteredClaimNames.Aud, audience));
+ }
+
+ // The other claims (client_id, pub, sub_jwk) claims are mostly for the SL manifest itself,
+ // not for the user, so for now we don't add them.
+
+ // Don't allow mismatches of public manifest key and the one used to sign, to avoid
+ // weird run-time errors verifiying manifests that were signed with a different key.
+ var pubKey = Convert.ToBase64String(rsa.Rsa.ExportRSAPublicKey());
+ if (pubKey != PublicKey)
+ throw new ArgumentException($"Cannot sign with a private key that does not match the manifest public key.");
+
+ var jwt = new JwtSecurityTokenHandler().WriteToken(new JwtSecurityToken(
+ claims: tokenClaims,
+ expires: expirationDate,
+ signingCredentials: signing
+ ));
+
+ return jwt;
+ }
+
+ public ClaimsPrincipal Validate(string jwt, out SecurityToken? token) => new JwtSecurityTokenHandler().ValidateToken(jwt, new TokenValidationParameters
+ {
+ RequireExpirationTime = true,
+ // NOTE: setting this to false allows checking sponsorships even when the manifest is expired.
+ // This might be useful if package authors want to extend the manifest lifetime beyond the default
+ // 30 days and issue a warning on expiration, rather than an error and a forced sync.
+ // If this is not set (or true), a SecurityTokenExpiredException exception will be thrown.
+ ValidateLifetime = false,
+ RequireAudience = true,
+ // At least one of the audiences must match the manifest audiences
+ AudienceValidator = (audiences, _, _) => Audience.Intersect(audiences.Select(x => x.TrimEnd('/'))).Any(),
+ ValidIssuer = Issuer,
+ IssuerSigningKey = SecurityKey,
+ }, out token);
+
+ ///
+ /// Gets the GitHub sponsorable account.
+ ///
+ public string Sponsorable { get; }
+
+ ///
+ /// The web endpoint that issues signed JWT to authenticated users.
+ ///
+ ///
+ /// See https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.1
+ ///
+ public string Issuer { get; }
+
+ ///
+ /// The audience for the JWT, which includes the sponsorable account and potentially other sponsoring platforms.
+ ///
+ ///
+ /// See https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.3
+ ///
+ public string[] Audience { get; }
+
+ ///
+ /// The OAuth client ID (i.e. GitHub OAuth App ID) that is used to
+ /// authenticate the user.
+ ///
+ ///
+ /// See https://www.rfc-editor.org/rfc/rfc8693.html#name-client_id-client-identifier
+ ///
+ public string ClientId { get; internal set; }
+
+ ///
+ /// Public key that can be used to verify JWT signatures.
+ ///
+ public string PublicKey { get; }
+
+ ///
+ /// Public key in a format that can be used to verify JWT signatures.
+ ///
+ public SecurityKey SecurityKey { get; }
+
+ ///
+ public override int GetHashCode() => new HashCode().Add(Issuer, ClientId, PublicKey).AddRange(Audience).ToHashCode();
+
+ ///
+ public override bool Equals(object? obj) => obj is SponsorableManifest other && GetHashCode() == other.GetHashCode();
+}
diff --git a/src/SponsorLink/Tests/Tests.csproj b/src/SponsorLink/Tests/Tests.csproj
new file mode 100644
index 0000000..f753aad
--- /dev/null
+++ b/src/SponsorLink/Tests/Tests.csproj
@@ -0,0 +1,42 @@
+
+
+
+ net8.0
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ %(GitRoot.FullPath)
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/SponsorLink/readme.md b/src/SponsorLink/readme.md
new file mode 100644
index 0000000..765bd9d
--- /dev/null
+++ b/src/SponsorLink/readme.md
@@ -0,0 +1,25 @@
+# .NET Sample
+
+This sample contains an absolute minimal package that can be built and published to NuGet.org,
+which contains just an analyzer assembly that consumes the SponsorLink package for nuget authors.
+
+It can be installed to a project by running the following dotnet command from the target
+project directory:
+
+```
+dotnet add package SponsorableLib --version 42.42.42-main.* -s https://pkg.kzu.io/index.json
+```
+
+This will run the SponsorLink check with `https://github.com/sponsors/devlooped` for your
+locally configured git email on IDE/Editor full builds.
+
+The sample contains two analyzers, one with simple SponsorLink settings and an advanced one,
+so you will get both running the sample check.
+
+The Analyzer folder contains the analyzer project, and the Tests project is set up to consume
+it and allow for easy debugging by just running the Analyzer as the startup project from
+Visual Studio (for example).
+
+> NOTE: after initial restore, it might be necessary to restart the IDE for the analyzer
+> assemblies to be properly resolved and loaded for debugging.
+