fix token refresh, update README, update deps

README.md

@@ -27,12 +27,10 @@ Offline mode tutorial: https://youtu.be/lPdELnrxmp0
 
 - [ViaVersion](https://viaversion.com), [ViaBackwards](https://viaversion.com/backwards)
   and [ViaRewind](https://viaversion.com/rewind) translates the connections to backend server.
-- VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on
+- VIAaaS auth page stores account credentials in the player's browser local storage.
-  your domain.
+- It requires a CORS Proxy for calling Mojang APIs.
-- It requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as suspicious and block your account
+- Account credentials aren't sent to VIAaaS instance, though it's proxied by CORS Proxy.
-  password if the IP address seems suspect.
+- The web page receives and validates the joinGame's session hash from VIAaaS instance.
-- Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy.
-- The web page receives and validates the session hash from VIAaaS instance.
 
 ## Setting up server instance
 
@@ -53,33 +51,25 @@ java -jar VIAaaS-all.jar
 
 ### How to create a public server
 
-- You need a domain wildcarding to VIAaaS instance, like ``*.example.com -> 192.168.123.123``. You can
+- You need a DNS wildcard pointing to VIAaaS instance, like ``*.example.com -> 192.168.123.123``. You can
   use [DuckDNS](https://duckdns.org/) DDNS service.
 - Configure the hostname in the config
 - Open the Minecraft port (25565)
-- The HTTPS page needs a certificate, you can use [Apache](https://httpd.apache.org/) (with
+- The HTTPS page needs a valid SSL certificate, you can use [Apache](https://httpd.apache.org/) (with
   a [Let's Encrypt](https://letsencrypt.org/) certificate) as a reverse proxy. See apache_copypasta.txt file.
 
 ## CORS Proxy
 
+- Due to Mojang API not allowing CORS request, we need to use a CORS proxy
 - For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine.
 - Note the ending slash in cors-anywhere address
-- You can also try my public instance
+- The default CORS Proxy is hosted at https://crp123-cors.herokuapp.com/
-  at https://crp123-cors.herokuapp.com/ ([source](https://github.com/creeper123123321/cors-anywhere/))
+  ([source](https://github.com/creeper123123321/cors-anywhere/))
-
-### Setting up [cors-anywhere](https://www.npmjs.com/package/cors-anywhere) on local machine:
-
-```sh
-git clone https://github.com/Rob--W/cors-anywhere
-cd cors-anywhere
-npm install
-node server.js
-```
-
-- It will be available at ```http://localhost:8080/```
 
 ## Usage for players
 
+You can also connect to ```via.localhost`` and set the address parameters via web page.
+
 #### Offline mode:
 
 - Connect to ```mc.example.net.via.localhost```
@@ -88,19 +78,22 @@ node server.js
 
 Web login:
 
-- You can use the same username for front-end and back-end connection. It's also possible to use an offline mode
-  connection on front-end (use ``_of``).
 - Go to VIAaaS auth webpage (default is https://localhost:25543/)
 - Listen to the username A (you'll use it to connect to the VIAaaS instance).
 - Add the account B (you'll use it in backend server).
 - Keep the page open
-- Connect with your account A to ```mc.example.com._u(account B).via.localhost``` (```_u``` can be removed if username
+- Connect with your account A to ```mc.example.com._u(account B).via.localhost```
-  is the same)
 - Approve the login in the webpage
 
+Web login via token caching:
+
+- Open the web page and save your account in your browser
+- Send your access token to the instance
+- Connect with ```mc.example.com.via.localhost```
+
 Fabric/Forge client:
 
-- Install [OpenAuthMod](https://github.com/RaphiMC/OpenAuthMod) in your Fabric or Forge client.
+- Install [OpenAuthMod](https://github.com/RaphiMC/OpenAuthMod) in your client.
 - Join the server: ```mc.example.net.via.localhost```
 - Approve the login
 
@@ -118,18 +111,19 @@ Fabric/Forge client:
 - ```server.example.net```: backend server address
 - ```_p```: backend port
 - ```_v```: backend version ([protocol id](https://wiki.vg/Protocol_version_numbers) or name, replace ``.`` with ``_``)
-  . ```AUTO``` is default (1.8 fallback).
+  . ```AUTO``` is default (with 1.8 as fallback).
-- ```_o```: ```t``` to force online mode in frontend, ```f``` to force offline mode in frontend. If not set, it will be
+- ```_o```: ```true``` to force online mode in frontend, ```false``` to force offline mode in frontend. If not set, it
-  based on backend online mode.
+  will be based on backend online mode.
-- ```_u```: username to use in backend connection
+- ```_u```: username to use in backend connection (default is front-end username)
 - ```via.example.com```: instance address (defined in config)
 
 ## WARNING
 
 - VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK.
 - Take care of browser local storage. Check for XSS vulnerabilities on your domain.
-- Check the security of CORS proxy, it will be used for calls to Mojang API.
+- Check the security of CORS proxy, it will be used for calling to Mojang API.
-- Mojang may lock your account when API is called from a suspect IP address.
+- Mojang may [lock](https://wiki.geysermc.org/geyser/common-issues/#mojang-resetting-account-credentials) your account
+  when API is called from a suspect IP address.
 
 ## FAQ
 
@@ -145,6 +139,9 @@ Fabric/Forge client:
 
 - If you are using a public VIAaaS instance, use this page https://viaversion.github.io/VIAaaS/ and configure the
   WebSocket address.
+- If you're an administrator of the instance, edit ```config/web/js/config.js``` (default is in the jar) and
+  configure your [Azure Client ID](https://wiki.vg/Microsoft_Authentication_Scheme#Microsoft_OAuth_Flow) and your domain
+  whitelist.
 
 ### Connection
 
@@ -153,9 +150,9 @@ Fabric/Forge client:
 - When listening to 0.0.0.0, it should listen on IPv6 too.
 - The hostname parser currently doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/
 
-#### I'm getting a DNS error/"Unknown host" while connecting to (...).localhost
+#### I'm getting a DNS error/"Unknown host" while connecting to via.localhost
 
-- Try configuring via.localho.st as hostname suffix
+- Try configuring ```via.localho.st``` as hostname suffix instead
 
 #### How to use with Geyser?
 
@@ -175,8 +172,9 @@ Fabric/Forge client:
 
 #### Can you support more versions / Is there some alternative?
 
-- See [DirtMultiVersion](https://github.com/DirtPowered/DirtMultiversion) and RK_01's ViaProxy server (viaproxy.raphimc.net)
+- See [DirtMultiVersion](https://github.com/DirtPowered/DirtMultiversion) and RK_01's ViaProxy server (
+  viaproxy.raphimc.net)
 
 #### Can I customize the files of HTTP server?
 
-- Add files to ``config/web/`` directory
+- Add files to ``config/web/`` directory

build.gradle.kts

@@ -57,7 +57,7 @@ dependencies {
     implementation(kotlin("stdlib-jdk8"))
     implementation(kotlin("reflect"))
 
-    val vvVer = "4.3.0-1.19-pre3-SNAPSHOT"
+    val vvVer = "4.3.0-1.19-rc2-SNAPSHOT"
     val vbVer = "4.3.0-1.19-pre2-SNAPSHOT"
     val vrVer = "d189537"
     implementation("com.viaversion:viaversion:$vvVer") { isTransitive = false }
@@ -66,7 +66,7 @@ dependencies {
 
     implementation("io.netty:netty-all:4.1.77.Final")
     implementation("io.netty:netty-tcnative-boringssl-static:2.0.52.Final")
-    implementation("io.netty.incubator:netty-incubator-transport-native-io_uring:0.0.13.Final:linux-x86_64")
+    implementation("io.netty.incubator:netty-incubator-transport-native-io_uring:0.0.14.Final:linux-x86_64")
 
     implementation("com.google.guava:guava:31.1-jre")
     implementation("com.velocitypowered:velocity-native:3.1.0")

src/main/resources/web/index.html

@@ -118,7 +118,8 @@ frame-src 'self' https://login.microsoftonline.com/ https://login.live.com/"
                     <option value="false">Force offline (recommended for Geyser)</option>
                 </select>
                 <input id="connect_user" type="text" class="form-control" placeholder="Back Username"
-                       aria-label="Backend Username">
+                       aria-label="Backend Username" list="backend_user_list">
+                <datalist id="backend_user_list"></datalist>
             </form>
             <p>You can also use <a href="https://jo0001.github.io/ViaSetup/aspirin" id="viasetup_address">the address
                 generator</a> to specify the server</p>

src/main/resources/web/js/page.js

@@ -105,20 +105,22 @@ function addMcAccountToList(account) {
     $(accounts).append(line);
 }
 
-function addListSendToken(username) {
+function addUsernameList(username) {
     let line = $("<option class='mc_username'></option>");
     line.text(username);
     $("#send_token_user").append(line);
+    $("#backend_user_list").append(line.clone());
 }
 
 function refreshAccountList() {
     accounts.innerHTML = "";
     $("#send_token_user .mc_username").remove();
+    $("#backend_user_list .mc_username").remove();
     getActiveAccounts()
         .sort((a, b) => a.name.localeCompare(b.name))
         .forEach(it => {
             addMcAccountToList(it)
-            addListSendToken(it.name)
+            addUsernameList(it.name)
         });
 }
 
@@ -420,7 +422,7 @@ class McAccount {
     acquireActiveToken() {
         return this.checkActive().then(success => {
             if (!success) {
-                return this.refresh();
+                return this.refresh().then(() => this);
             }
             return this;
         }).catch(e => addToast("Failed to refresh token!", e));