Upstream/VIAaaS
1
0
Fork 0
mirror of https://github.com/ViaVersion/VIAaaS.git synced 2024-10-01 05:08:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

some html/js cleanup

Browse Source
This commit is contained in:
creeper123123321 2021-02-25 12:47:41 -03:00
parent 571be95378
commit 579f3f52e3
3 changed files with 92 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
src/main/resources/web/auth.js
View File

@ -7,7 +7,7 @@ if (urlParams.get("mcauth_success") == "false") {
alert("Couldn't authenticate with Minecraft.ID: " + urlParams.get("mcauth_msg"));
}
// WS
// WS url
function defaultWs() {
let url = new URL("ws", new URL(location));
url.protocol = "wss";
@ -32,6 +32,14 @@ var listenVisible = false;
isMojang = it => !!it.clientToken;
isNotMojang = it => !it.clientToken;
isSuccess = status => status >= 200 && status < 300;
checkFetchSuccess = msg => r => {
if (!isSuccess(r.status)) throw r.status + " " + msg;
return r;
};
function icanhazip(cors) {
return fetch((cors ? getCorsProxy() : "") + "https://ipv4.icanhazip.com").then(checkFetchSuccess("code"))
.then(r => r.text()).then(it => it.trim());
}
// Proxy
function defaultCors() {
@ -101,14 +109,12 @@ function loginMc(user, pass) {
clientToken: clientToken,
}),
headers: {"content-type": "application/json"}
}).then((data) => {
if (!isSuccess(data.status)) throw "not success " + data.status;
return data.json();
}).then((data) => {
}).then(checkFetchSuccess("code"))
.then(r => r.json())
.then(data => {
storeMcAccount(data.accessToken, data.clientToken, data.selectedProfile.name, data.selectedProfile.id);
}).catch((e) => alert("Failed to login: " + e));
$("#email").val("");
$("#password").val("");
}).catch(e => alert("Failed to login: " + e));
$("#form_add_mc input").val("");
}
function logoutMojang(id) {
getMcAccounts().filter(isMojang).filter(it => it.id == id).forEach(it => {
@ -117,11 +123,11 @@ function logoutMojang(id) {
accessToken: it.accessToken,
clientToken: it.clientToken
}),
headers: {"content-type": "application/json"},
}).then((data) => {
if (!isSuccess(data.status)) throw "not success logout " + data.status;
removeMcAccount(id);
}).catch((e) => {
headers: {"content-type": "application/json"}
})
.then(checkFetchSuccess("not success logout"))
.then(data => removeMcAccount(id))
.catch(e => {
if (confirm("failed to invalidate token! error: " + e + " remove account?")) {
removeMcAccount(id);
}
@ -137,10 +143,9 @@ function refreshMojangAccount(it) {
clientToken: it.clientToken
}),
headers: {"content-type": "application/json"},
}).then(data => {
if (!isSuccess(data.status)) throw "not success " + data.status;
return data.json();
}).then(json => {
}).then(checkFetchSuccess("code"))
.then(r => r.json())
.then(json => {
console.log("refreshed " + json.selectedProfile.id);
removeMcAccount(json.selectedProfile.id);
return storeMcAccount(json.accessToken, json.clientToken, json.selectedProfile.name, json.selectedProfile.id);
@ -149,7 +154,7 @@ function refreshMojangAccount(it) {
// Minecraft api
function getMcUserToken(account) {
return validateToken(account).then((data) => {
return validateToken(account).then(data => {
if (!isSuccess(data.status)) {
if (isMojang(account)) {
return refreshMojangAccount(account);
@ -158,9 +163,7 @@ function getMcUserToken(account) {
}
}
return account;
}).catch((e) => {
alert("failed to refresh token! " + e);
});
}).catch(e => alert("failed to refresh token! " + e));
}
function validateToken(account) {
return fetch(getCorsProxy() + "https://authserver.mojang.com/validate", {method: "post",
@ -183,28 +186,13 @@ function joinGame(token, id, hash) {
});
}
// Proxy status
// html
function refreshCorsStatus() {
corsStatus.innerText = "...";
icanhazip(true)
.then(ip => {
return icanhazip(false).then(ip2 => {
corsStatus.innerText = "OK " + ip + (ip != ip2 ? " (different IP)" : "");
});
})
.catch(e => {
corsStatus.innerText = "error: " + e;
});
icanhazip(true).then(ip => {
return icanhazip(false).then(ip2 => corsStatus.innerText = "OK " + ip + (ip != ip2 ? " (different IP)" : ""));
}).catch(e => corsStatus.innerText = "error: " + e);
}
function icanhazip(cors) {
return fetch((cors ? getCorsProxy() : "") + "https://ipv4.icanhazip.com")
.then(it => {
if (!isSuccess(it.status)) throw "not success " + it.status
return it.text();
}).then(it => it.trim());
}
// HTML
function addMcAccountToList(id, name, msUser = null) {
let p = document.createElement("p");
let head = document.createElement("img");
@ -212,7 +200,7 @@ function addMcAccountToList(id, name, msUser = null) {
let remove = document.createElement("a");
n.innerText = " " + name + " " + (msUser == null ? "" : "(" + msUser + ") ");
remove.innerText = "Logout";
remove.href = "#";
remove.href = "javascript:";
remove.onclick = () => {
if (msUser == null) {
logoutMojang(id);
@ -267,7 +255,7 @@ function addAction(text, onClick) {
let link = document.createElement("a");
p.appendChild(link);
link.innerText = text;
link.href = "#";
link.href = "javascript:";
link.onclick = onClick;
actions.appendChild(p);
}
@ -290,18 +278,15 @@ function confirmJoin(hash) {
socket.send(JSON.stringify({action: "session_hash_response", session_hash: hash}));
}
function handleJoinRequest(parsed) {
if (confirm("Allow auth impersonation from VIAaaS instance?\nUsername: " + parsed.user + "?\nSession Hash: " + parsed.session_hash + "\nServer Message: '" + parsed.message + "'")) {
if (confirm("Allow auth impersonation from VIAaaS instance?\nUsername: " + parsed.user + "\nSession Hash: " + parsed.session_hash + "\nServer Message: '" + parsed.message + "'")) {
let account = findAccountByMcName(parsed.user);
if (account) {
getMcUserToken(account).then(data => {
return joinGame(data.accessToken, data.id, parsed.session_hash);
}).then(data => {
if (!isSuccess(data.status)) throw "not success join " + data.status;
}).finally(() => confirmJoin(parsed.session_hash))
.catch((e) => {
confirmJoin(parsed.session_hash);
alert("Couldn't contact session server for " + parsed.user + " account in browser. error: " + e);
});
})
.then(checkFetchSuccess("code"))
.finally(() => confirmJoin(parsed.session_hash))
.catch((e) => alert("Couldn't contact session server for " + parsed.user + " account in browser. error: " + e));
} else {
alert("Couldn't find " + parsed.user + " account in browser.");
confirmJoin(parsed.session_hash);
@ -369,8 +354,13 @@ $(() => {
location.reload();
});
$("#ws-url").val(getWsUrl());
$("#login_submit_mc").on("click", () => loginMc($("#email").val(), $("#password").val()));
$("#login_submit_ms").on("click", loginMs);
$("form").on("submit", e => e.preventDefault());
$("#form_add_mc").on("submit", e => {
loginMc($("#email").val(), $("#password").val());
});
$("#form_add_ms").on("submit", e => {
loginMs();
});
refreshAccountList();
// Heroku sleeps in 30 minutes, let's call it every 10 minutes to keep the same address, so Mojang see it as less suspect

33
src/main/resources/web/auth_ms.js
View File

@ -39,25 +39,22 @@ function refreshTokenMs(username) {
return fetch("https://user.auth.xboxlive.com/user/authenticate", {method: "post",
body: JSON.stringify({Properties: {AuthMethod: "RPS", SiteName: "user.auth.xboxlive.com",
RpsTicket: "d=" + response.accessToken}, RelyingParty: "http://auth.xboxlive.com", TokenType: "JWT"}),
headers: {"content-type": "application/json"}});
}).then(xboxResponse => {
if (!isSuccess(xboxResponse.status)) throw "xbox response not success";
return xboxResponse.json();
headers: {"content-type": "application/json"}})
.then(checkFetchSuccess("xbox response not success"))
.then(r => r.json());
}).then(json => {
return fetch("https://xsts.auth.xboxlive.com/xsts/authorize", {method: "post",
body: JSON.stringify({Properties: {SandboxId: "RETAIL", UserTokens: [json.Token]},
RelyingParty: "rp://api.minecraftservices.com/", TokenType: "JWT"}),
headers: {"content-type": "application/json"}});
}).then(xstsResponse => {
if (!isSuccess(xstsResponse.status)) throw "xsts response not success";
return xstsResponse.json();
headers: {"content-type": "application/json"}})
.then(checkFetchSuccess("xsts response not success"))
.then(r => r.json());
}).then(json => {
return fetch(getCorsProxy() + "https://api.minecraftservices.com/authentication/login_with_xbox", {method: "post",
body: JSON.stringify({identityToken: "XBL3.0 x=" + json.DisplayClaims.xui[0].uhs + ";" + json.Token}),
headers: {"content-type": "application/json"}});
}).then(mcResponse => {
if (!isSuccess(mcResponse.status)) throw "mc response not success";
return mcResponse.json();
body: JSON.stringify({identityToken: "XBL3.0 x=" + json.DisplayClaims.xui[0].uhs + ";" + json.Token}),
headers: {"content-type": "application/json"}})
.then(checkFetchSuccess("mc response not success"))
.then(r => r.json());
}).then(json => {
return fetch(getCorsProxy() + "https://api.minecraftservices.com/minecraft/profile", {
method: "get", headers: {"content-type": "application/json", "authorization": "Bearer " + json.access_token}}).then(profile => {
@ -78,16 +75,10 @@ function getTokenPopup(username, request) {
*/
request.account = myMSALObj.getAccountByUsername(username);
return myMSALObj.acquireTokenSilent(request).catch(error => {
console.warn("silent token acquisition fails. acquiring token using redirect");
console.warn("silent token acquisition fails.");
if (error instanceof msal.InteractionRequiredAuthError) {
// fallback to interaction when silent call fails
return myMSALObj.acquireTokenPopup(request).then(tokenResponse => {
console.log(tokenResponse);
return tokenResponse;
}).catch(error => {
console.error(error);
});
return myMSALObj.acquireTokenPopup(request).catch(error => console.error(error));
} else {
console.warn(error);
}

63
src/main/resources/web/index.html
View File

@ -3,39 +3,41 @@
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>VIAaaS</title>
<meta name="application-name" content="VIAaaS">
<meta property="og:site_name" content="VIAaaS">
<meta name="description" content="VIAaaS - ViaVersion as a Service - ViaVersion standalone proxy">
<meta property="og:title" content="VIAaaS">
<meta property="og:description" content="VIAaaS - ViaVersion as a Service - ViaVersion standalone proxy">
<meta property="og:image" content="https://raw.githubusercontent.com/ViaVersion/ViaVersion/a13c417352298c2269aed8736a76205f0040b705/fabric/src/main/resources/assets/viaversion/textures/squarelogo.png">
<meta property="og:type" content="game">
<meta property="og:image" content="https://raw.githubusercontent.com/ViaVersion/ViaVersion/a13c417352298c2269aed8736a76205f0040b705/fabric/src/main/resources/assets/viaversion/textures/squarelogo.png">
<link rel="icon" href="https://raw.githubusercontent.com/ViaVersion/ViaVersion/a13c417352298c2269aed8736a76205f0040b705/fabric/src/main/resources/assets/viaversion/textures/squarelogo.png">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://alcdn.msauth.net/; img-src data: https://*; connect-src 'self' http://localhost:*/ https: wss:">
<meta http-equiv="Content-Security-Policy" content="default-src 'self';
style-src https://cdnjs.cloudflare.com/ 'self';
img-src data: https://*;
connect-src 'self' http://localhost:*/ https: wss:;
script-src 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'self' https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://alcdn.msauth.net/">
<meta name="referrer" content="no-referrer">
<!-- only accept http from localhost -->
<meta name="robots" content="noindex">
<title>VIAaaS</title>
<meta name="theme-color" content="#0468a1">
<link href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.0.0-beta1/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-giJF6kkoqNQ00vy+HMDP7azOuL0xtbfIcaT9wjKHr8RbDVddVHyTfAAsrekwKmP1" crossorigin="anonymous">
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.0.0-beta1/js/bootstrap.bundle.min.js" integrity="sha512-q2vREMvON/xrz1KuOj5QKWmdvcHtM4XNbNer+Qbf4TOj+RMDnul0Fg3VmmYprdf3fnL1gZgzKhZszsp62r5Ugg==" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.slim.js" integrity="sha512-1lagjLfnC1I0iqH9plHYIUq3vDMfjhZsLy9elfK89RBcpcRcx4l+kRJBSnHh2Mh6kLxRHoObD1M5UTUbgFy6nA==" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/uuid/8.3.2/uuid.min.js" integrity="sha512-UNM1njAgOFUa74Z0bADwAq8gbTcqZC8Ej4xPSzpnh0l6KMevwvkBvbldF9uR++qKeJ+MOZHRjV1HZjoRvjDfNQ==" crossorigin="anonymous"></script>
<script src="https://alcdn.msauth.net/browser/2.7.0/js/msal-browser.js" integrity="sha384-5Fqyq1ncNYhL2mXCdWAFXkf2wWtKeA0mXYp++ryAX1lowD0ctAHFdity37L/ULXh" crossorigin="anonymous"></script>
<script src="auth_ms.js"></script>
<link href="style.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container-fluid">
<a class="navbar-brand" href="#">VIAaaS</a>
<a class="navbar-brand" href="javascript:">VIAaaS</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav nav" role="tablist">
<li class="nav-item" role="presentation">
<a class="nav-link active" id="home-tab" data-bs-toggle="tab" href="#home" role="tab" aria-controls="home" aria-selected="true">Home</a>
<a class="nav-link active" id="home-tab" data-bs-toggle="tab" href="#home" role="tab" aria-controls="home" aria-selected="true">Status</a>
</li>
<li class="nav-item" role="presentation">
<a class="nav-link" id="accounts-tab" data-bs-toggle="tab" href="#accounts" role="tab" aria-controls="accounts" aria-selected="false">Accounts</a>
@ -65,40 +67,51 @@
</div>
<div id="settings" class="tab-pane fade" role="tabpanel" aria-labelledby="settings-tab">
<p>See <a href="https://github.com/ViaVersion/VIAaaS#cors-proxy">VIAaaS README</a>
for setting up one. Calling Mojang APIs are called through this proxy, and a remote IP address may block your account. It will receive
sensitive data like email, passwords and tokens. HTTPS is required for non-localhost addresses.
</p>
<div class="mb-3">
<label for="cors-proxy" class="form-label">CORS Proxy URL Prefix</label>
<p>See <a href="https://github.com/ViaVersion/VIAaaS#cors-proxy">README</a>
for setting up one. Mojang APIs are called through this proxy, and a remote IP address may look suspicious and block your account.
It will receive sensitive data like email, passwords and tokens. HTTPS is required for non-localhost addresses.</p>
<input type="url" class="form-control" id="cors-proxy" placeholder="http://localhost:8080/">
</div>
<p>VIAaaS instance websocket URL. It exchanges sensitive data like minecraft.id tokens, server hashes and usernames. WSS is required.</p>
<div class="mb-3">
<label for="ws-url" class="form-label">WebSocket URL</label>
<p>It exchanges sensitive data like minecraft.id tokens, server session hashes and usernames. WSS is required.</p>
<input type="url" class="form-control" id="ws-url" placeholder="wss://viaaas.example.com/ws">
</div>
</div>
<div id="accounts" class="tab-pane fade" role="tabpanel" aria-labelledby="accounts-tab">
<p>Browser Minecraft accounts:</p>
<div id="accounts-list"></div>
<hr>
<div>
<p>Browser Minecraft accounts:</p>
<div id="accounts-list"></div>
<hr>
</div>
<div id="add-account">
<button id="login_submit_ms" type="submit" class="btn btn-primary mb-3">Login with Microsoft</button>
<hr>
<div class="mb-3">
<label for="email" class="form-label">Email/Username</label>
<input type="text" id="email" name="email" class="form-control" placeholder="example@example.com">
</div>
<div class="mb-3">
<label for="password" class="form-label">Password:</label>
<label for="form_add_ms" class="mb-3">Add Microsoft account:</label>
<form id="form_add_ms" class="row">
<div class="col-auto">
<button id="login_submit_ms" type="submit" class="btn btn-primary mb-3">Login with Microsoft</button>
</div>
</form>
<label for="form_add_mc" class="mb-3">Add Mojang account:</label>
<form id="form_add_mc" class="row g-3">
<div class="col-auto">
<label for="email" class="visually-hidden">Username/Email</label>
<input type="text" id="email" name="email" class="form-control" placeholder="mc@example.com">
</div>
<div class="col-auto">
<label for="password" class="visually-hidden">Password</label>
<input type="password" id="password" name="password" class="form-control" placeholder="password">
</div>
<button id="login_submit_mc" type="submit" class="btn btn-primary mb-3">Login with Minecraft</button>
</div>
<div class="col-auto">
<button id="login_submit_mc" type="submit" class="btn btn-primary mb-3">Login with Minecraft</button>
</div>
</form>
</div>
</div>
</div>
<script src="auth_ms.js"></script>
<script src="auth.js"></script>
</body>
</html>