try to cleanup readme

This commit is contained in:
creeper123123321 2021-07-21 21:43:12 -03:00 committed by GitHub
parent 399215aaa2
commit 24fb56d0dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -27,10 +27,10 @@ Offline mode tutorial: https://youtu.be/lPdELnrxmp0
and [ViaRewind](https://viaversion.com/rewind) translates the connections to backend server. and [ViaRewind](https://viaversion.com/rewind) translates the connections to backend server.
- VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on - VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on
your domain. your domain.
- Due to technical/security reasons, it requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as - It requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as
suspicious and reset/block your account password if the IP address seems suspect. suspicious and block your account password if the IP address seems suspect.
- Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy. - Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy.
- VIAaaS receives a the session hash from instance and then the browser validates it to Mojang. - The web page receives and validates a the session hash from VIAaaS instance.
## Setting up server instance ## Setting up server instance
@ -56,15 +56,13 @@ java -jar VIAaaS-all.jar
- Configure the hostname in the config - Configure the hostname in the config
- Open the Minecraft port (25565) - Open the Minecraft port (25565)
- The HTTPS page needs a certificate, you can use [Apache](https://httpd.apache.org/) (with - The HTTPS page needs a certificate, you can use [Apache](https://httpd.apache.org/) (with
a [Let's Encrypt](https://letsencrypt.org/) certificate) as a proxy. See apache_copypasta.txt file. a [Let's Encrypt](https://letsencrypt.org/) certificate) as a reverse proxy. See apache_copypasta.txt file.
## CORS Proxy ## CORS Proxy
- For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine. - For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine.
- Note the ending slash in cors-anywhere address - Note the ending slash in cors-anywhere address
- You can use my public instance - You can also try my public instance at https://crp123-cors.herokuapp.com/ ([source](https://github.com/creeper123123321/cors-anywhere/))
at https://crp123-cors.herokuapp.com/ ([source](https://github.com/creeper123123321/cors-anywhere/)) too, but proxies
have a bit more chance of being seen as suspect.
### Setting up [cors-anywhere](https://www.npmjs.com/package/cors-anywhere) on local machine: ### Setting up [cors-anywhere](https://www.npmjs.com/package/cors-anywhere) on local machine:
@ -85,19 +83,14 @@ node server.js
#### Online mode: #### Online mode:
- You can use two accounts (avoids Bad Login error), the same account for front-end and back-end connections, or - You can use the same username for front-end and back-end connection. It's also possible to use an
use ```_of``` offline mode connection on front-end (use ``_of``).
(offline mode in frontend. May be useful if you have a client which is incompatible with online mode).
- Go to VIAaaS auth webpage (default is https://localhost:25543/) - Go to VIAaaS auth webpage (default is https://localhost:25543/)
- Configure CORS proxy, see above in "CORS Proxy" section - Listen to the username A (you'll use it to connect to the VIAaaS instance).
- Listen to the username A you'll use to connect to the proxy. - Add the account B (you'll use it in backend server).
- Add the account B to VIAaaS page which you'll use in ```_u``` parameter below.
- Keep the page open - Keep the page open
- Connect to ```mc.example.com._u(B).via.localhost``` (```_u``` can be removed if you are using the same username) - Connect with your account A to ```mc.example.com._u(account B).via.localhost``` (```_u``` can be removed if username is the same)
- Approve the login in the webpage - Approve the login in the webpage
- If you use the same online mode account, your client may show Bad Login. You can use a mod like
[Auth Me](https://www.curseforge.com/minecraft/mc-mods/auth-me)
or [ReAuth](https://www.curseforge.com/minecraft/mc-mods/reauth).
### Address options ### Address options
@ -112,19 +105,18 @@ node server.js
- You can use ``(option)_(value)`` too, like ``p_25565``. - You can use ``(option)_(value)`` too, like ``p_25565``.
- ```server.example.net```: backend server address - ```server.example.net```: backend server address
- ```_p```: backend port - ```_p```: backend port
- ```_v```: backend version ([protocol id](https://wiki.vg/Protocol_version_numbers) or name with underline instead of - ```_v```: backend version ([protocol id](https://wiki.vg/Protocol_version_numbers) or name, replace ``.`` with ``_``). ```AUTO``` is default (1.8 fallback).
dots). ```AUTO``` is default and 1.8 is fallback if it fails. - ```_o```: ```t``` to force online mode in frontend, ```f``` to force offline mode in frontend. If not set, it will be
- ```_o```: ```t``` to force online mode in frontend, ```f``` to disable online mode in frontend. If not set, it will be
based on backend online mode. based on backend online mode.
- ```_u```: username to use in backend connection - ```_u```: username to use in backend connection
- ```via.example.com```: instance address (defined in config) - ```via.example.com```: instance address (defined in config)
## WARNING ## WARNING
- VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK - VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK.
- Take care of browser local storage. Check for XSS vulnerabilities on your domain. - Take care of browser local storage. Check for XSS vulnerabilities on your domain.
- Check the security of CORS proxy, it will intermediate Mojang API calls. - Check the security of CORS proxy, it will intermediate Mojang API calls.
- Mojang may lock your account when API is called from a suspect IP address - Mojang may lock your account when API is called from a suspect IP address.
## FAQ ## FAQ
@ -136,8 +128,8 @@ node server.js
#### Why a online webpage for online mode?: #### Why a online webpage for online mode?:
- It's easier to maintain in that way, because providing login via chat requires encoding and decoding more packets - It's easier to maintain in that way, because providing login via chat requires encoding and decoding more packets,
which change through versions. which reduces maintanability.
- It allows your account password and token to be kept with you. - It allows your account password and token to be kept with you.
#### How to use Microsoft Account?: #### How to use Microsoft Account?:
@ -150,8 +142,7 @@ node server.js
#### How to use IPv6?: #### How to use IPv6?:
- When listening to 0.0.0.0, it should listen on IPv6 too. - When listening to 0.0.0.0, it should listen on IPv6 too.
- To use IPv6 in backend address, you need to use a instance with IPv6 connectivity. The hostname parser currently - The hostname parser currently doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/
doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/
#### I'm getting a DNS error/"Unknown host" while connecting to (...).localhost #### I'm getting a DNS error/"Unknown host" while connecting to (...).localhost
@ -159,19 +150,19 @@ node server.js
#### How to use with Geyser? #### How to use with Geyser?
- Currently you need to set the parameters (at least the hostname) in Geyser's `address` field: - Set the parameters in Geyser's `address` field:
```yml ```yml
remote: remote:
# The IP address of the remote (Java Edition) server # The IP address of the remote (Java Edition) server
address: 2b2t.org._v1_12_2.via.localhost address: 2b2t.org._v1_12_2.via.localhost
``` ```
- If you are using a public GeyserConnect instance: connect to a publicly available VIAaaS instance, - If you are using a public GeyserConnect instance: connect to a publicly available VIAaaS instance,
like ```mc.example.com.via.example.net``` as a Java Edition server. like ```mc.example.com._v1_8.via.example.net``` as a Java Edition server.
#### Can I use it to connect to .onion Minecraft hidden servers? #### Can I use it to connect to .onion Minecraft hidden servers?
- You can use .onion addresses if the instance is proxying the backend connections to TOR. Note that VIAaaS may log your - You can use .onion addresses if the instance is proxying the backend connections to TOR. Note that VIAaaS may log your
requests. requests, and that your DNS queries may be unencrypted.
#### Can you support more versions / Is there some alternative? #### Can you support more versions / Is there some alternative?