VIAaaS

mirror of https://github.com/ViaVersion/VIAaaS.git synced 2024-11-02 09:09:35 +01:00

ViaVersion as a Service - standalone ViaVersion proxy

Go to file

creeper123123321 994d7d7188 fixed ws message rate limiting		2021-04-10 19:43:24 -03:00
.github	Create FUNDING.yml	2021-03-26 10:06:20 -03:00
.well-known	Create microsoft-identity-association.json	2021-01-31 13:19:47 -03:00
gradle/wrapper	update gradle	2021-04-10 07:46:06 -03:00
src/main	fixed ws message rate limiting	2021-04-10 19:43:24 -03:00
.gitignore	fix gitignore	2021-02-10 10:43:41 -03:00
apache_copypasta.txt	Update apache_copypasta.txt	2021-03-06 18:58:50 -03:00
build.gradle.kts	close #124 , jwt with symemtric secret, close #125	2021-04-09 21:04:48 -03:00
gradlew	update gradle, use fetch	2021-01-19 14:36:45 -03:00
gradlew.bat	update gradle, use fetch	2021-01-19 14:36:45 -03:00
index.html	redirect page	2020-11-15 11:48:09 -03:00
jitpack.yml	jitpack openjdk 11	2021-02-19 08:40:30 -03:00
LICENSE	AGPL	2021-03-24 08:02:38 -03:00
README.md	Update README.md	2021-04-08 07:01:09 -03:00
systemd-copypasta.txt	Update and rename systemd-copypasta to systemd-copypasta.txt	2021-03-28 19:40:41 -03:00

VIAaaS - ViaVersion ~~acetylsalicylic acid~~ as a Service - Standalone ViaVersion proxy

Version translation:

How does it work?

ViaVersion, ViaBackwards and ViaRewind translates the connections to backend server.
VIAaaS auth page stores account credentials in the player's browser local storage. Check for XSS vulnerabilities on your domain.
Due to technical/security reasons, it requires a CORS Proxy for calling Mojang APIs, which may make Mojang see that as suspicious and reset/block your account password if the IP address seems suspect.
Account credentials aren't sent to VIAaaS instance, though it's intermediated by CORS Proxy.
VIAaaS receives a session hash from instance and then authenticates the session hash with Mojang.

Download: GitHub Actions (needs to be logged into GitHub) or JitPack

How to start VIAaaS server:

java -jar VIAaaS-all.jar

For less chance of Mojang seeing the login as suspect, you (the player) should set up a CORS proxy on your machine.
Note the ending slash in cors-anywhere address
You can use my public instance at https://crp123-cors.herokuapp.com/ (source) too, but proxies have a bit more chance of being seen as suspect.

Setting up cors-anywhere on local machine:

git clone https://github.com/Rob--W/cors-anywhere
cd cors-anywhere
npm install
node server.js

Usage for offline mode:

Usage for online mode:

You can use two accounts (avoids Bad Login error), the same account for front-end and back-end connections, or use _of (offline mode in frontend, unencrypted and with no username verification. May be useful if you have a client which is incompatible with online mode).
Go to VIAaaS auth webpage
Configure CORS proxy, see above in "CORS Proxy" section
Listen to the username A you'll use to connect to the proxy.
Keep the page open
Add the account B to VIAaaS page which you'll use in _u(account B) parameter below.
Connect to mc.example.com._u(account B).viaaas.localhost (_u parameter can be removed if you are using the same username)
Approve the login in auth webpage
If you use the same online mode account, your client may show Bad Login. You can use a mod like Auth Me or ReAuth for reauthenticating the client.

Example address: server.example.com._p25565._v1_12_2._of._uBACKUSERNAME.viaaas.example.com (similar to Tor2web proxies)

Address parts:

server.example.com: backend server address
_p: backend port
_v: backend version (protocol id or name with underline instead of dots). AUTO is default and 1.8 is fallback if it fails.
_o: t to force online mode in frontend, f to disable online mode in frontend. If not set, it will be based on backend online mode.
_u: username to use in backend connection
viaaas.example.com: hostname suffix (defined in config)

VIAaaS may trigger anti-cheats, due to block, item, movement and other differences between versions. USE AT OWN RISK
VIAaaS server instance may have security vulnerabilities, make sure to block the ports in firewall
Take care of browser local storage. Check for XSS vulnerabilities on your domain.
Check the security of CORS proxy, it will intermediate Mojang API calls.
Mojang may lock your account when API is called from a suspect IP address

My Microsoft account <18 years old is not able to log in, it's giving XSTS error:

Why a online webpage for online mode?:

It's easier to maintain in that way, because providing a chat with login requires encoding and decoding more packets which change through versions.
It allows your account password and token to be kept with you

How to use IPv6?:

When listening to 0.0.0.0, it should listen on IPv6 too.
To use IPv6 in backend address, you need to use a instance with IPv6 connectivity. The hostname parser currently doesn't support direct IPv6, but you can use a DNS name with https://sslip.io/

I'm getting a DNS error/"Unknown host" while connecting to (...).localhost

How to use with Geyser?

Currently you need to set the parameters (at least the hostname) in Geyser's address field:

remote:
  # The IP address of the remote (Java Edition) server
  address: 2b2t.org._v1_12_2.viaaas.localhost

If you are using a public GeyserConnect instance: connect to a publicly available VIAaaS instance, like mc.example.com.viaaas.example.net as a Java Edition server.

How to connect to 1.7.10 and lower servers with a newer client?