From 03a83dd6dad178be368a7b79aa756be07e4d2b0b Mon Sep 17 00:00:00 2001 From: creeper123123321 <7974274+creeper123123321@users.noreply.github.com> Date: Sat, 4 Jun 2022 16:58:54 -0300 Subject: [PATCH] fix token refresh, update README, update deps --- README.md | 70 +++++++++++++++---------------- build.gradle.kts | 4 +- src/main/resources/web/index.html | 3 +- src/main/resources/web/js/page.js | 8 ++-- 4 files changed, 43 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 2338c9f..57364a1 100644 --- a/README.md +++ b/README.md @@ -27,12 +27,10 @@ Offline mode tutorial: https://youtu.be/lPdELnrxmp0 - [ViaVersion](https://viaversion.com), [ViaBackwards](https://viaversion.com/backwards) and [ViaRewind](https://viaversion.com/rewind) translates the connections to backend server. -- VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on - your domain. -- It requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as suspicious and block your account - password if the IP address seems suspect. -- Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy. -- The web page receives and validates the session hash from VIAaaS instance. +- VIAaaS auth page stores account credentials in the player's browser local storage. +- It requires a CORS Proxy for calling Mojang APIs. +- Account credentials aren't sent to VIAaaS instance, though it's proxied by CORS Proxy. +- The web page receives and validates the joinGame's session hash from VIAaaS instance. ## Setting up server instance @@ -53,33 +51,25 @@ java -jar VIAaaS-all.jar ### How to create a public server -- You need a domain wildcarding to VIAaaS instance, like ``*.example.com -> 192.168.123.123``. You can +- You need a DNS wildcard pointing to VIAaaS instance, like ``*.example.com -> 192.168.123.123``. You can use [DuckDNS](https://duckdns.org/) DDNS service. - Configure the hostname in the config - Open the Minecraft port (25565) -- The HTTPS page needs a certificate, you can use [Apache](https://httpd.apache.org/) (with +- The HTTPS page needs a valid SSL certificate, you can use [Apache](https://httpd.apache.org/) (with a [Let's Encrypt](https://letsencrypt.org/) certificate) as a reverse proxy. See apache_copypasta.txt file. ## CORS Proxy +- Due to Mojang API not allowing CORS request, we need to use a CORS proxy - For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine. - Note the ending slash in cors-anywhere address -- You can also try my public instance - at https://crp123-cors.herokuapp.com/ ([source](https://github.com/creeper123123321/cors-anywhere/)) - -### Setting up [cors-anywhere](https://www.npmjs.com/package/cors-anywhere) on local machine: - -```sh -git clone https://github.com/Rob--W/cors-anywhere -cd cors-anywhere -npm install -node server.js -``` - -- It will be available at ```http://localhost:8080/``` +- The default CORS Proxy is hosted at https://crp123-cors.herokuapp.com/ + ([source](https://github.com/creeper123123321/cors-anywhere/)) ## Usage for players +You can also connect to ```via.localhost`` and set the address parameters via web page. + #### Offline mode: - Connect to ```mc.example.net.via.localhost``` @@ -88,19 +78,22 @@ node server.js Web login: -- You can use the same username for front-end and back-end connection. It's also possible to use an offline mode - connection on front-end (use ``_of``). - Go to VIAaaS auth webpage (default is https://localhost:25543/) - Listen to the username A (you'll use it to connect to the VIAaaS instance). - Add the account B (you'll use it in backend server). - Keep the page open -- Connect with your account A to ```mc.example.com._u(account B).via.localhost``` (```_u``` can be removed if username - is the same) +- Connect with your account A to ```mc.example.com._u(account B).via.localhost``` - Approve the login in the webpage +Web login via token caching: + +- Open the web page and save your account in your browser +- Send your access token to the instance +- Connect with ```mc.example.com.via.localhost``` + Fabric/Forge client: -- Install [OpenAuthMod](https://github.com/RaphiMC/OpenAuthMod) in your Fabric or Forge client. +- Install [OpenAuthMod](https://github.com/RaphiMC/OpenAuthMod) in your client. - Join the server: ```mc.example.net.via.localhost``` - Approve the login @@ -118,18 +111,19 @@ Fabric/Forge client: - ```server.example.net```: backend server address - ```_p```: backend port - ```_v```: backend version ([protocol id](https://wiki.vg/Protocol_version_numbers) or name, replace ``.`` with ``_``) - . ```AUTO``` is default (1.8 fallback). -- ```_o```: ```t``` to force online mode in frontend, ```f``` to force offline mode in frontend. If not set, it will be - based on backend online mode. -- ```_u```: username to use in backend connection + . ```AUTO``` is default (with 1.8 as fallback). +- ```_o```: ```true``` to force online mode in frontend, ```false``` to force offline mode in frontend. If not set, it + will be based on backend online mode. +- ```_u```: username to use in backend connection (default is front-end username) - ```via.example.com```: instance address (defined in config) ## WARNING - VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK. - Take care of browser local storage. Check for XSS vulnerabilities on your domain. -- Check the security of CORS proxy, it will be used for calls to Mojang API. -- Mojang may lock your account when API is called from a suspect IP address. +- Check the security of CORS proxy, it will be used for calling to Mojang API. +- Mojang may [lock](https://wiki.geysermc.org/geyser/common-issues/#mojang-resetting-account-credentials) your account + when API is called from a suspect IP address. ## FAQ @@ -145,6 +139,9 @@ Fabric/Forge client: - If you are using a public VIAaaS instance, use this page https://viaversion.github.io/VIAaaS/ and configure the WebSocket address. +- If you're an administrator of the instance, edit ```config/web/js/config.js``` (default is in the jar) and + configure your [Azure Client ID](https://wiki.vg/Microsoft_Authentication_Scheme#Microsoft_OAuth_Flow) and your domain + whitelist. ### Connection @@ -153,9 +150,9 @@ Fabric/Forge client: - When listening to 0.0.0.0, it should listen on IPv6 too. - The hostname parser currently doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/ -#### I'm getting a DNS error/"Unknown host" while connecting to (...).localhost +#### I'm getting a DNS error/"Unknown host" while connecting to via.localhost -- Try configuring via.localho.st as hostname suffix +- Try configuring ```via.localho.st``` as hostname suffix instead #### How to use with Geyser? @@ -175,8 +172,9 @@ Fabric/Forge client: #### Can you support more versions / Is there some alternative? -- See [DirtMultiVersion](https://github.com/DirtPowered/DirtMultiversion) and RK_01's ViaProxy server (viaproxy.raphimc.net) +- See [DirtMultiVersion](https://github.com/DirtPowered/DirtMultiversion) and RK_01's ViaProxy server ( + viaproxy.raphimc.net) #### Can I customize the files of HTTP server? -- Add files to ``config/web/`` directory +- Add files to ``config/web/`` directory \ No newline at end of file diff --git a/build.gradle.kts b/build.gradle.kts index 073c831..d3a0449 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -57,7 +57,7 @@ dependencies { implementation(kotlin("stdlib-jdk8")) implementation(kotlin("reflect")) - val vvVer = "4.3.0-1.19-pre3-SNAPSHOT" + val vvVer = "4.3.0-1.19-rc2-SNAPSHOT" val vbVer = "4.3.0-1.19-pre2-SNAPSHOT" val vrVer = "d189537" implementation("com.viaversion:viaversion:$vvVer") { isTransitive = false } @@ -66,7 +66,7 @@ dependencies { implementation("io.netty:netty-all:4.1.77.Final") implementation("io.netty:netty-tcnative-boringssl-static:2.0.52.Final") - implementation("io.netty.incubator:netty-incubator-transport-native-io_uring:0.0.13.Final:linux-x86_64") + implementation("io.netty.incubator:netty-incubator-transport-native-io_uring:0.0.14.Final:linux-x86_64") implementation("com.google.guava:guava:31.1-jre") implementation("com.velocitypowered:velocity-native:3.1.0") diff --git a/src/main/resources/web/index.html b/src/main/resources/web/index.html index 552dd3e..adf7352 100644 --- a/src/main/resources/web/index.html +++ b/src/main/resources/web/index.html @@ -118,7 +118,8 @@ frame-src 'self' https://login.microsoftonline.com/ https://login.live.com/" + aria-label="Backend Username" list="backend_user_list"> +

You can also use the address generator to specify the server

diff --git a/src/main/resources/web/js/page.js b/src/main/resources/web/js/page.js index 2e9ee4e..e15a3c9 100644 --- a/src/main/resources/web/js/page.js +++ b/src/main/resources/web/js/page.js @@ -105,20 +105,22 @@ function addMcAccountToList(account) { $(accounts).append(line); } -function addListSendToken(username) { +function addUsernameList(username) { let line = $(""); line.text(username); $("#send_token_user").append(line); + $("#backend_user_list").append(line.clone()); } function refreshAccountList() { accounts.innerHTML = ""; $("#send_token_user .mc_username").remove(); + $("#backend_user_list .mc_username").remove(); getActiveAccounts() .sort((a, b) => a.name.localeCompare(b.name)) .forEach(it => { addMcAccountToList(it) - addListSendToken(it.name) + addUsernameList(it.name) }); } @@ -420,7 +422,7 @@ class McAccount { acquireActiveToken() { return this.checkActive().then(success => { if (!success) { - return this.refresh(); + return this.refresh().then(() => this); } return this; }).catch(e => addToast("Failed to refresh token!", e));