Upstream
/
VIAaaS
mirror of https://github.com/ViaVersion/VIAaaS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ViaVersion as a Service - standalone ViaVersion proxy
225 Commits 3 Branches 11 Tags 2 MiB
Kotlin 48.7%
Java 22.5%
JavaScript 11.1%
TypeScript 9.9%
HTML 7.8%
Go to file
creeper123123321 02fb103fca
AGPL 		2021-03-24 08:02:38 -03:00
.github/workflows all ci branches, update gradle, downgrade via 2021-02-24 08:37:55 -03:00
.well-known Create microsoft-identity-association.json 2021-01-31 13:19:47 -03:00
gradle/wrapper all ci branches, update gradle, downgrade via 2021-02-24 08:37:55 -03:00
src/main color on dc msg 2021-03-23 06:56:24 -03:00
.gitignore fix gitignore 2021-02-10 10:43:41 -03:00
LICENSE AGPL 2021-03-24 08:02:38 -03:00
README.md DirtMultiversion 2021-03-18 11:05:07 -03:00
apache_copypasta.txt Update apache_copypasta.txt 2021-03-06 18:58:50 -03:00
build.gradle.kts query ipinfo.io for notification msg 2021-03-21 19:50:44 -03:00
gradlew update gradle, use fetch 2021-01-19 14:36:45 -03:00
gradlew.bat update gradle, use fetch 2021-01-19 14:36:45 -03:00
index.html redirect page 2020-11-15 11:48:09 -03:00
jitpack.yml jitpack openjdk 11 2021-02-19 08:40:30 -03:00

README.md

VIAaaS

VIAaaS - ViaVersion acetylsalicylic acid as a Service - Standalone ViaVersion proxy

How does it work?

  • ViaVersion, ViaBackwards and ViaRewind translates the connections to backend server.
  • VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on your domain.
  • Due to technical/security reasons, it requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as suspicious and reset/block your account password if the IP address seems suspect.
  • Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy.
  • VIAaaS receives a session hash from instance and then authenticates the session hash with Mojang.

Setting up server instance

Download: GitHub Actions (needs to be logged into GitHub) or JitPack

How to start VIAaaS server:

java -jar VIAaaS-all.jar
  • Requires Java 11
  • Default Minecraft: viaaas.localhost with port 25565
  • Default WS URL: wss://localhost:25543/ws

CORS Proxy

  • For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine.
  • Note the ending slash in cors-anywhere address

Setting up cors-anywhere on local machine:

git clone https://github.com/Rob--W/cors-anywhere
cd cors-anywhere
npm install
node server.js
  • It will be available at http://localhost:8080/

My cors-anywhere instance:

Usage for players

Usage for offline mode:

  • Connect to mc.example.com.viaaas.localhost

Usage for online mode:

  • You can use two accounts (avoids Bad Login error), the same account for front-end and back-end connections, or use _of (offline mode in frontend, unencrypted and with no username verification).
  • Go to VIAaaS auth webpage
  • Configure CORS proxy, see above in "CORS Proxy" section
  • Listen to the username A you'll use to connect to the proxy.
  • Add the account B to VIAaaS page which you'll use in _u(account B) parameter below.
  • Connect to mc.example.com._u(account B).viaaas.localhost (_u parameter can be removed if you are using the same username)
  • Approve the login in auth webpage
  • If you use the same online mode account, your client may show Bad Login. You can use a mod like Auth Me or ReAuth for reauthenticating the client.

Example address: server.example.com._p25565._v1_12_2._of._uBACKUSERNAME.viaaas.example.com (similar to Tor2web proxies)

Address parts:

  • server.example.com: backend server address
  • _p: backend port
  • _v: backend version (protocol id or name with underline instead of dots). AUTO is default and 1.8 is fallback if it fails.
  • _o: t to force online mode in frontend, f to disable online mode in frontend. If not set, it will be based on backend online mode.
  • _u: username to use in backend connection
  • viaaas.example.com: hostname suffix (defined in config)

WARNING

  • VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK
  • VIAaaS server instance may have security vulnerabilities, make sure to block the ports in firewall
  • Take care of browser local storage. Check for XSS vulnerabilities on your domain.
  • Check the security of CORS proxy, it will intermediate Mojang API calls.
  • Mojang may lock your account when API is called from a suspect IP address

FAQ

VIAaaS is stuck when connecting with online mode:

My Microsoft account <18 years old is not able to log in, it's giving XSTS error:

Why a online webpage for online mode?:

  • It's easier to maintain in that way, because providing a chat with login requires encoding and decoding more packets which change through versions.
  • It allows your account password and token to be kept with you

How to use IPv6?:

  • When listening to 0.0.0.0, it should listen on IPv6 too.
  • To use IPv6 in backend address, you need to use a instance with IPv6 connectivity. The hostname parser currently doesn't support direct IPv6, but you can use a DNS name.

How to use with Geyser?

  • Currently you need to set the parameters (at least the hostname) in Geyser's address field: 
    remote:
  # The IP address of the remote (Java Edition) server
  address: 2b2t.org._v1_12_2.viaaas.localhost
  • If you are using a public GeyserConnect instance: connect to a publicly available VIAaaS instance, like mc.example.com.viaaas.example.net as a Java Edition server.

How to connect to 1.7.10 and lower servers with a newer client?