From de896f895c80d670dac092b56307029af8866228 Mon Sep 17 00:00:00 2001
From: zhom <2717306+zhom@users.noreply.github.com>
Date: Wed, 18 Feb 2026 13:23:20 +0400
Subject: [PATCH] refactor: check subscription

---
 src-tauri/src/cloud_auth.rs      | 15 ++++++++++++++-
 src-tauri/src/profile/manager.rs | 26 ++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/src-tauri/src/cloud_auth.rs b/src-tauri/src/cloud_auth.rs
index 5fc5d10..cb6c380 100644
--- a/src-tauri/src/cloud_auth.rs
+++ b/src-tauri/src/cloud_auth.rs
@@ -602,11 +602,24 @@ impl CloudAuthManager {
   pub async fn has_active_paid_subscription(&self) -> bool {
     let state = self.state.lock().await;
     match &*state {
-      Some(auth) => auth.user.plan != "free" && auth.user.subscription_status == "active",
+      Some(auth) => {
+        auth.user.plan != "free"
+          && (auth.user.subscription_status == "active"
+            || auth.user.plan_period.as_deref() == Some("lifetime"))
+      }
       None => false,
     }
   }
 
+  pub async fn is_fingerprint_os_allowed(&self, fingerprint_os: Option<&str>) -> bool {
+    let host_os = crate::profile::types::get_host_os();
+    match fingerprint_os {
+      None => true,
+      Some(os) if os == host_os => true,
+      Some(_) => self.has_active_paid_subscription().await,
+    }
+  }
+
   pub async fn get_user(&self) -> Option<CloudAuthState> {
     let state = self.state.lock().await;
     state.clone()
diff --git a/src-tauri/src/profile/manager.rs b/src-tauri/src/profile/manager.rs
index cb2ba68..3051e33 100644
--- a/src-tauri/src/profile/manager.rs
+++ b/src-tauri/src/profile/manager.rs
@@ -1902,6 +1902,18 @@ pub async fn create_browser_profile_new(
   wayfern_config: Option<WayfernConfig>,
   group_id: Option<String>,
 ) -> Result<BrowserProfile, String> {
+  let fingerprint_os = camoufox_config
+    .as_ref()
+    .and_then(|c| c.os.as_deref())
+    .or_else(|| wayfern_config.as_ref().and_then(|c| c.os.as_deref()));
+
+  if !crate::cloud_auth::CLOUD_AUTH
+    .is_fingerprint_os_allowed(fingerprint_os)
+    .await
+  {
+    return Err("Fingerprint OS spoofing requires an active Pro subscription".to_string());
+  }
+
   let browser_type =
     BrowserType::from_str(&browser_str).map_err(|e| format!("Invalid browser type: {e}"))?;
   create_browser_profile_with_group(
@@ -1924,6 +1936,13 @@ pub async fn update_camoufox_config(
   profile_id: String,
   config: CamoufoxConfig,
 ) -> Result<(), String> {
+  if !crate::cloud_auth::CLOUD_AUTH
+    .is_fingerprint_os_allowed(config.os.as_deref())
+    .await
+  {
+    return Err("Fingerprint OS spoofing requires an active Pro subscription".to_string());
+  }
+
   let profile_manager = ProfileManager::instance();
   profile_manager
     .update_camoufox_config(app_handle, &profile_id, config)
@@ -1937,6 +1956,13 @@ pub async fn update_wayfern_config(
   profile_id: String,
   config: WayfernConfig,
 ) -> Result<(), String> {
+  if !crate::cloud_auth::CLOUD_AUTH
+    .is_fingerprint_os_allowed(config.os.as_deref())
+    .await
+  {
+    return Err("Fingerprint OS spoofing requires an active Pro subscription".to_string());
+  }
+
   let profile_manager = ProfileManager::instance();
   profile_manager
     .update_wayfern_config(app_handle, &profile_id, config)