From 24fb56d0dc27f66766ae4184e99953813fbca804 Mon Sep 17 00:00:00 2001 From: creeper123123321 <7974274+creeper123123321@users.noreply.github.com> Date: Wed, 21 Jul 2021 21:43:12 -0300 Subject: [PATCH] try to cleanup readme --- README.md | 49 ++++++++++++++++++++----------------------------- 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 0dc9f0c..e67e9d5 100644 --- a/README.md +++ b/README.md @@ -27,10 +27,10 @@ Offline mode tutorial: https://youtu.be/lPdELnrxmp0 and [ViaRewind](https://viaversion.com/rewind) translates the connections to backend server. - VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on your domain. -- Due to technical/security reasons, it requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as - suspicious and reset/block your account password if the IP address seems suspect. +- It requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as + suspicious and block your account password if the IP address seems suspect. - Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy. -- VIAaaS receives a the session hash from instance and then the browser validates it to Mojang. +- The web page receives and validates a the session hash from VIAaaS instance. ## Setting up server instance @@ -56,15 +56,13 @@ java -jar VIAaaS-all.jar - Configure the hostname in the config - Open the Minecraft port (25565) - The HTTPS page needs a certificate, you can use [Apache](https://httpd.apache.org/) (with - a [Let's Encrypt](https://letsencrypt.org/) certificate) as a proxy. See apache_copypasta.txt file. + a [Let's Encrypt](https://letsencrypt.org/) certificate) as a reverse proxy. See apache_copypasta.txt file. ## CORS Proxy - For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine. - Note the ending slash in cors-anywhere address -- You can use my public instance - at https://crp123-cors.herokuapp.com/ ([source](https://github.com/creeper123123321/cors-anywhere/)) too, but proxies - have a bit more chance of being seen as suspect. +- You can also try my public instance at https://crp123-cors.herokuapp.com/ ([source](https://github.com/creeper123123321/cors-anywhere/)) ### Setting up [cors-anywhere](https://www.npmjs.com/package/cors-anywhere) on local machine: @@ -85,19 +83,14 @@ node server.js #### Online mode: -- You can use two accounts (avoids Bad Login error), the same account for front-end and back-end connections, or - use ```_of``` - (offline mode in frontend. May be useful if you have a client which is incompatible with online mode). +- You can use the same username for front-end and back-end connection. It's also possible to use an + offline mode connection on front-end (use ``_of``). - Go to VIAaaS auth webpage (default is https://localhost:25543/) -- Configure CORS proxy, see above in "CORS Proxy" section -- Listen to the username A you'll use to connect to the proxy. -- Add the account B to VIAaaS page which you'll use in ```_u``` parameter below. +- Listen to the username A (you'll use it to connect to the VIAaaS instance). +- Add the account B (you'll use it in backend server). - Keep the page open -- Connect to ```mc.example.com._u(B).via.localhost``` (```_u``` can be removed if you are using the same username) +- Connect with your account A to ```mc.example.com._u(account B).via.localhost``` (```_u``` can be removed if username is the same) - Approve the login in the webpage -- If you use the same online mode account, your client may show Bad Login. You can use a mod like - [Auth Me](https://www.curseforge.com/minecraft/mc-mods/auth-me) - or [ReAuth](https://www.curseforge.com/minecraft/mc-mods/reauth). ### Address options @@ -112,19 +105,18 @@ node server.js - You can use ``(option)_(value)`` too, like ``p_25565``. - ```server.example.net```: backend server address - ```_p```: backend port -- ```_v```: backend version ([protocol id](https://wiki.vg/Protocol_version_numbers) or name with underline instead of - dots). ```AUTO``` is default and 1.8 is fallback if it fails. -- ```_o```: ```t``` to force online mode in frontend, ```f``` to disable online mode in frontend. If not set, it will be +- ```_v```: backend version ([protocol id](https://wiki.vg/Protocol_version_numbers) or name, replace ``.`` with ``_``). ```AUTO``` is default (1.8 fallback). +- ```_o```: ```t``` to force online mode in frontend, ```f``` to force offline mode in frontend. If not set, it will be based on backend online mode. - ```_u```: username to use in backend connection - ```via.example.com```: instance address (defined in config) ## WARNING -- VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK +- VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK. - Take care of browser local storage. Check for XSS vulnerabilities on your domain. - Check the security of CORS proxy, it will intermediate Mojang API calls. -- Mojang may lock your account when API is called from a suspect IP address +- Mojang may lock your account when API is called from a suspect IP address. ## FAQ @@ -136,8 +128,8 @@ node server.js #### Why a online webpage for online mode?: -- It's easier to maintain in that way, because providing login via chat requires encoding and decoding more packets - which change through versions. +- It's easier to maintain in that way, because providing login via chat requires encoding and decoding more packets, + which reduces maintanability. - It allows your account password and token to be kept with you. #### How to use Microsoft Account?: @@ -150,8 +142,7 @@ node server.js #### How to use IPv6?: - When listening to 0.0.0.0, it should listen on IPv6 too. -- To use IPv6 in backend address, you need to use a instance with IPv6 connectivity. The hostname parser currently - doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/ +- The hostname parser currently doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/ #### I'm getting a DNS error/"Unknown host" while connecting to (...).localhost @@ -159,19 +150,19 @@ node server.js #### How to use with Geyser? -- Currently you need to set the parameters (at least the hostname) in Geyser's `address` field: +- Set the parameters in Geyser's `address` field: ```yml remote: # The IP address of the remote (Java Edition) server address: 2b2t.org._v1_12_2.via.localhost ``` - If you are using a public GeyserConnect instance: connect to a publicly available VIAaaS instance, - like ```mc.example.com.via.example.net``` as a Java Edition server. + like ```mc.example.com._v1_8.via.example.net``` as a Java Edition server. #### Can I use it to connect to .onion Minecraft hidden servers? - You can use .onion addresses if the instance is proxying the backend connections to TOR. Note that VIAaaS may log your - requests. + requests, and that your DNS queries may be unencrypted. #### Can you support more versions / Is there some alternative?